diff --git a/docs/about_releases.md b/docs/about_releases.md
index bda99e87b0..120379e989 100644
--- a/docs/about_releases.md
+++ b/docs/about_releases.md
@@ -35,7 +35,7 @@ However, issues resolved in `4.3.12`, which was released on 3/12/2021 are not ad
 
 | Version | Initial GA Version | First Release Shipping Date | Latest GA Version | End of Engineering support | End of Support |
 | -- | -- | -- | -- | -- | -- |
-| Release 7.1 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | November 25, 2025 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | September 4, 2026 | March 4, 2027 |
+| Release 7.1 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | December 4, 2025 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | September 4, 2026 | March 4, 2027 |
 | Release 7.0 | [7.0.1](release_notes_128t_7.0.md#release-701-1r1) | October 14, 2025 | [7.0.1](release_notes_128t_7.0.md#release-701-1r1) | July 14, 2026 | January 14, 2027 |
 | Release 6.3 | [6.3.0](release_notes_128t_6.3.md#release-630-107r1) | September 30, 2024 | [6.3.7-6-sts](release_notes_128t_6.3.md#release-637-6-sts) | May 6, 2026 | November 6, 2026 |
 | Release 6.2 | [6.2.0](release_notes_128t_6.2.md#release-620-39r1) | November 16, 2023 | [6.2.10-lts](release_notes_128t_6.2.md#release-6210-10-lts) | September 6, 2026 | March 6, 2027 |
diff --git a/docs/cli_reference.md b/docs/cli_reference.md
index 2f0bbba3c3..2c88b35666 100755
--- a/docs/cli_reference.md
+++ b/docs/cli_reference.md
@@ -691,6 +691,7 @@ create certificate request <type> [<name>]
 | [`delete certificate webserver`](#delete-certificate-webserver) | Delete the webserver certificate. |
 | [`import certificate`](#import-certificate) | Import a certificate. |
 | [`show certificate webserver`](#show-certificate-webserver) | Display the webserver certificate |
+| [`show certificate-revocation`](#show-certificate-revocation) | Shows the config revocations on a given system. |
 
 #### Description
 
@@ -716,6 +717,7 @@ create certificate self-signed webserver
 | [`delete certificate webserver`](#delete-certificate-webserver) | Delete the webserver certificate. |
 | [`import certificate`](#import-certificate) | Import a certificate. |
 | [`show certificate webserver`](#show-certificate-webserver) | Display the webserver certificate |
+| [`show certificate-revocation`](#show-certificate-revocation) | Shows the config revocations on a given system. |
 
 #### Description
 
@@ -774,6 +776,70 @@ Force re-generation of all automatically generated configuration items. Both int
 
 Configuration generation is done automatically as part of a `commit`. This command serves only to aid in debugging.
 
+## `create secure-conductor-onboarding`
+
+Parent command group for Secure Conductor Onboarding commands.
+
+#### Usage
+
+```
+create secure-conductor-onboarding [{router <router> | resource-group <resource-group>}] [force] [node <node>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node |
+| resource-group | The name of the resource group |
+| router | The name of the router (default: &lt;current router&gt;) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`token`](#create-secure-conductor-onboarding-token) | Create a Secure Conductor Onboarding (SCO) token for router onboarding. |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show secure-conductor-onboarding`](#show-secure-conductor-onboarding) | Show Secure Conductor Onboarding (SCO) state of all assets. |
+
+#### Description
+
+Usage:     create secure-conductor-onboarding token ...
+
+## `create secure-conductor-onboarding token`
+
+Create a Secure Conductor Onboarding (SCO) token for router onboarding.
+
+#### Usage
+
+```
+create secure-conductor-onboarding token [{router <router> | resource-group <resource-group>}] [expiration-timeout <expiration-timeout>] [force] [node <node>] router-name <router-name>
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| expiration-timeout | Optional expiration (default: 1d). Supports durations such as 1h, 2d, 1w, 1M, 2y. (default: 1d) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node |
+| resource-group | The name of the resource group |
+| router | The name of the router (default: &lt;current router&gt;) |
+| router-name | Router for which to generate the onboarding token. |
+
+#### Description
+
+Example:     create secure-conductor-onboarding token router-name RTR_EAST_COMBO     [expiration-timeout 1h]
+
+:::note
+This command can only be run on a Conductor.
+:::
+
 ## `create session-capture`
 
 Creates a session capture at the specified node and service.
@@ -1056,7 +1122,8 @@ delete certificate webserver [force]
 | [`create certificate request`](#create-certificate-request) | Create a certificate signing request. |
 | [`create certificate self-signed webserver`](#create-certificate-self-signed-webserver) | Create a self-signed certificate. |
 | [`import certificate`](#import-certificate) | Import a certificate. |
-| [`show certificate webserver`](#show-certificate-webserver) | Display the webserver certificate |
+| [`show certificate webserver`](#show-certificate-webserver) | Display webserver certificates |
+| [`show certificate-revocation`](#show-certificate-revocation) | Shows the config revocations on a given system. |
 
 #### Description
 
@@ -1837,7 +1904,7 @@ import certificate <type> [<name>]
 | [`create certificate self-signed webserver`](#create-certificate-self-signed-webserver) | Create a self-signed certificate. |
 | [`delete certificate webserver`](#delete-certificate-webserver) | Delete the webserver certificate. |
 | [`show certificate webserver`](#show-certificate-webserver) | Display the webserver certificate |
-#### Description
+| [`show certificate-revocation`](#show-certificate-revocation) | Shows the config revocations on a given system. |
 
 This command allows administrators to load certificates into their SSR by pasting them into their active PCLI session. By issuing the `import certificate` command, the PCLI prompts the user for the name of the certificate they plan to import, then asks whether it is a CA (certificate authority) certificate or not. Once these questions are answered, administrators can paste the certificate, and is reminded to press CTRL-D once the pasting is complete. Pressing CTRL-D causes the SSR to validate the configuration to ensure it is a valid X.509 certificate before loading it into persistent storage. If the X.509 validation fails, the user is informed as follows:
 
@@ -2005,7 +2072,7 @@ Initializes the current device as a conductor-managed router.
 #### Usage
 
 ```
-initialize conductor-managed [password-hash <password-hash>] [management-proxy <management-proxy>] router-name <router-name> conductor-ip <address> [<address>]
+initialize conductor-managed [password-hash <password-hash>] [management-proxy <management-proxy>] [onboarding-token <onboarding-token>] router-name <router-name> conductor-ip <address> [<address>]
 ```
 
 ##### Keyword Arguments
@@ -2014,6 +2081,7 @@ initialize conductor-managed [password-hash <password-hash>] [management-proxy <
 | ---- | ----------- |
 | conductor-ip | The address(es) of the conductor node(s) |
 | management-proxy | A proxy server(s) including port (x.x.x.x:port). |
+| onboarding-token | Onboarding token provided by the conductor. This will force the device to use Secure Conductor Onboarding. |
 | password-hash | A salted SHA-512 hash of the password to set for the &#x27;admin&#x27;, &#x27;t128&#x27; and &#x27;root&#x27; users. |
 | router-name | Assign a name to the router |
 
@@ -2325,6 +2393,29 @@ release dhcp lease [force] [node <node>] {router <router> | resource-group <reso
 | [`show dhcp v4`](#show-dhcp-v4) | Display dhcp lease info for network-interfaces. |
 | [`show dhcp v6`](#show-dhcp-v6) | Display dhcp lease info for network-interfaces. |
 
+## `reload local certificates`
+
+Message to highway to reload local certificates for SVRv2 enhanced-security-key-management.
+
+#### Usage
+
+```
+reload local certificates [force] [node <node>] {router <router> | resource-group <resource-group>}
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The node on which to reload local certificates (default: all) |
+| resource-group | The name of the resource group |
+| router | The router on which to reload local certificates |
+
+#### Description
+
+Signal to highway that the local certificate contents have been updated and we should reload them from disk.
+
 ## `repeat`
 
 Repeat any command multiple times.
@@ -2568,7 +2659,7 @@ Download a new version of the SSR.
 #### Usage
 
 ```
-request system software download [{router <router> | resource-group <resource-group>}] [cohort-id <cohort-id>] [force] [node <node>] version <version>
+request system software download [{router <router> | resource-group <resource-group>}] [cohort-id <cohort-id>] [sequenced] [force] [node <node>] version <version>
 ```
 
 ##### Keyword Arguments
@@ -2580,8 +2671,15 @@ request system software download [{router <router> | resource-group <resource-gr
 | node | The node on which to download SSR software |
 | resource-group | The name of the resource group |
 | router | The router on which to download SSR software (default: &lt;current router&gt;) |
+| sequenced | Download software on only one node of an HA router at a time to allow the second node to download the software from the first to minimize bandwidth usage. Only valid when targeting a router. |
 | version | The version to download. |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`pause`](#request-system-software-download-pause) | Pause the software download. |
+
 ##### See Also
 
 | command | description |
@@ -2601,6 +2699,30 @@ request system software download [{router <router> | resource-group <resource-gr
 | [`show system software upgrade`](#show-system-software-upgrade) | Display in-progress and completed upgrades to higher SSR versions. |
 | [`show system version`](#show-system-version) | Show system version information. |
 
+## `request system software download pause`
+
+Pause the software download.
+
+#### Usage
+
+```
+request system software download pause [{router <router> | resource-group <resource-group>}] [force] [node <node>] version <version>
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt |
+| node | The node on which to pause the software download |
+| resource-group | The name of the resource group |
+| router | The router on which to pause the software download (default: &lt;current router&gt;) |
+| version | The version to pause the software download |
+
+#### Description
+
+Pause an SSR download on a router or node. When targeting a router, both nodes will issue the download pause request at the same time. The command can also be addressed to all routers or a particular resource-group.
+
 ## `request system software health-check`
 
 Perform a health check of an SSR.
@@ -5533,175 +5655,585 @@ show bgp path-based-policy [force] {router <router> | resource-group <resource-g
 
 #### Description
 
-The _show bgp path-based-policy_ gives administrators a summary table of the current state of path based BGP.
-
-The _show bgp path-based-policy detail_ gives the additional information of all peers.
+The _show bgp path-based-policy_ gives administrators a summary table of the current state of path based BGP.
+
+The _show bgp path-based-policy detail_ gives the additional information of all peers.
+
+## `show bgp summary`
+
+Show the current BGP summary from the routing manager.
+
+#### Usage
+
+```
+show bgp summary [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<family>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| resource-group | The name of the resource group |
+| router | The name of the router for which to display the BGP summary |
+| rows | The number of bgp entries to display at once [type: int or &#x27;all&#x27;] (default: 50) |
+| vrf | VRF name |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| family | ipv4 \| ipv6 \| ipv4-vpn \| ipv6-vpn \| all |
+
+#### Description
+
+The _show bgp summary_ gives administrators a high-level summary table of the state of all of the SSR&#x27;s BGP peers.
+
+It includes information on each BGP neighbor, including the version (V) of BGP that they are using (generally v4), the Autonomous System number (AS), the number of BGP messages sent and received (MsgSent, MsgRcvd), the table version (TblVer), etc.
+
+#### Example
+
+```
+admin@labsystem1.fiedler# show bgp summary
+BGP router identifier 128.128.128.128, local AS number 4200000128
+RIB entries 7, using 784 bytes of memory
+Peers 3, using 13 KiB of memory
+
+Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  State/PfxRcd
+172.18.1.2      4 4200000001      62      73        0    0    0 00:29:07             1
+172.18.2.2      4 4200000002      62      73        0    0    0 00:29:10             1
+172.18.3.2      4 4200000003      88      84        0    0    0 00:09:53             1
+
+Total number of neighbors 3
+```
+
+#### Version History
+
+| Release | Modification                |
+| ------- | ----------------------------|
+| 1.0.0   | This feature was introduced |
+| 5.1.0 | Added VFR support |
+
+## `show capacity`
+
+Shows current fib/flow/arp/action usage and capacities at the specified node.
+
+#### Usage
+
+```
+show capacity [force] [node <node>] {router <router> | resource-group <resource-group>}
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The node from which to retrieve capacities |
+| resource-group | The name of the resource group |
+| router | The router from which to retrieve capacities |
+
+#### Example
+
+```
+admin@gouda.novigrad# show capacity
+Wed 2020-04-22 15:17:55 UTC
+
+Node: gouda
+
+===================== ========= ========== =======
+ Resource              Entries   Capacity   Usage
+===================== ========= ========== =======
+ access-policy-table        17       5402   0.3%
+ action-pool              2274     301210   0.8%
+ arp-table                  23      65535   0.0%
+ fib-table                 176      19051   0.9%
+ flow-table               1882     131554   1.4%
+ source-tenant-table        54       2736   2.0%
+
+Completed in 0.09 seconds
+```
+
+## `show capture-filters`
+
+Show active capture-filters.
+
+#### Usage
+
+```
+show capture-filters [{router <router> | resource-group <resource-group>}] [device-interface <device-interface>] [force] [node <node>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| device-interface | Device interface on which to show capture-filters (default: all) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The node on which to show capture-filters |
+| resource-group | The name of the resource group |
+| router | The router on which to show capture-filters (default: all) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`create capture-filter`](#create-capture-filter) | Creates a capture-filter using BPF syntax (as used in wireshark) on the target interface. |
+| [`delete capture-filter`](#delete-capture-filter) | Deletes a capture-filter created using create capture-filter. (It will not delete filters committed as part of the configuration.) |
+| [`show stats packet-capture`](cli_stats_reference.md#show-stats-packet-capture) | Stats pertaining to captured packets |
+
+#### Description
+
+Shows all configured capture-filters, including static capture-filters that exist as part of the configuration as well as dynamic capture-filters (i.e., those created using the create capture-filter command).
+
+#### Example
+
+```
+admin@tp-colo-primary.tp-colo# show capture-filters device-interface blended-5
+Thu 2020-04-23 20:28:05 UTC
+
+========= ================= ================ =================
+ Router    Node              Interface Name   Capture Filters
+========= ================= ================ =================
+ tp-colo   tp-colo-primary   blended-5        host 172.18.5.4
+
+Completed in 0.01 seconds
+```
+
+#### Version History
+
+| Release | Modification                |
+| ------- | ----------------------------|
+| 4.4.0   | This feature was introduced |
+## `show certificate ca`
+
+Display certificate authority certificate data
+
+#### Usage
+
+```
+show certificate ca [name <name>] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| name | An identifier for a certificate |
+| node | The node for which to display certificates |
+| router | The router for which to display certificates (default: &lt;current router&gt;) |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary (default: summary) |
+
+## `show certificate webserver`
+
+Display the webserver certificate
+
+#### Usage
+
+```
+show certificate webserver
+```
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`create certificate request`](#create-certificate-request) | Create a certificate signing request. |
+| [`create certificate self-signed webserver`](#create-certificate-self-signed-webserver) | Create a self-signed certificate. |
+| [`delete certificate webserver`](#delete-certificate-webserver) | Delete the webserver certificate. |
+| [`import certificate`](#import-certificate) | Import a certificate. |
+| [`show certificate-revocation`](#show-certificate-revocation) | Shows the config revocations on a given system. |
+
+## `show certificate-revocation`
+
+Shows the config revocations on a given system.
+
+#### Usage
+
+```
+show certificate-revocation [{router <router> | resource-group <resource-group>}] [force] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node |
+| resource-group | The name of the resource group |
+| router | The name of the router (default: &lt;current router&gt;) |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary (default: summary) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`create certificate request`](#create-certificate-request) | Create a certificate signing request. |
+| [`create certificate self-signed webserver`](#create-certificate-self-signed-webserver) | Create a self-signed certificate. |
+| [`delete certificate webserver`](#delete-certificate-webserver) | Delete the webserver certificate. |
+| [`import certificate`](#import-certificate) | Import a certificate. |
+| [`show certificate webserver`](#show-certificate-webserver) | Display webserver certificates |
+
+## `show chassis`
+
+Display information about the chassis
+
+#### Usage
+
+```
+show chassis [router <router>] [node <node>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| node | The name of the node |
+| router | The name of the router (default: &lt;current router&gt;) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`firmware`](#show-chassis-firmware) | Show information about the chassis firmware |
+| [`hardware`](#show-chassis-hardware) | Show information about the chassis hardware |
+| [`led`](#show-chassis-led) | Show the status of the chassis LEDs |
+| [`power`](#show-chassis-power) | Show chassis power |
+| [`temperature`](#show-chassis-temperature) | Show chassis temperature sensor readings |
+| [`temperature-thresholds`](#show-chassis-temperature-thresholds) | Show chassis temperature thresholds |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show chassis firmware`](#show-chassis-firmware) | Show information about the chassis firmware |
+| [`show chassis hardware`](#show-chassis-hardware) | Show information about the chassis hardware |
+| [`show chassis led`](#show-chassis-led) | Show the status of the chassis LEDs |
+| [`show chassis led phy`](#show-chassis-led-phy) | Show the status of the port LEDs |
+| [`show chassis led system`](#show-chassis-led-system) | Show the status of the System LED |
+| [`show chassis power`](#show-chassis-power) | Show chassis power |
+| [`show chassis temperature`](#show-chassis-temperature) | Show chassis temperature sensor readings |
+| [`show chassis temperature-thresholds`](#show-chassis-temperature-thresholds) | Show chassis temperature thresholds |
+
+#### Description
+
+:::note
+This command can only be run on an SSR400/SSR440.
+:::
+
+## `show chassis firmware`
+
+Show information about the chassis firmware
+
+#### Usage
+
+```
+show chassis firmware [router <router>] [node <node>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| node | The node to show firmware information for |
+| router | The router to show firmware information for (default: &lt;current router&gt;) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show chassis`](#show-chassis) | Display information about the chassis |
+| [`show chassis hardware`](#show-chassis-hardware) | Show information about the chassis hardware |
+| [`show chassis led`](#show-chassis-led) | Show the status of the chassis LEDs |
+| [`show chassis led phy`](#show-chassis-led-phy) | Show the status of the port LEDs |
+| [`show chassis led system`](#show-chassis-led-system) | Show the status of the System LED |
+| [`show chassis power`](#show-chassis-power) | Show chassis power |
+| [`show chassis temperature`](#show-chassis-temperature) | Show chassis temperature sensor readings |
+| [`show chassis temperature-thresholds`](#show-chassis-temperature-thresholds) | Show chassis temperature thresholds |
+
+#### Description
+
+:::note
+This command can only be run on an SSR400/SSR440.
+:::
+
+## `show chassis hardware`
+
+Show information about the chassis hardware
+
+#### Usage
+
+```
+show chassis hardware [router <router>] [node <node>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| node | The name of the node |
+| router | The name of the router (default: &lt;current router&gt;) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show chassis`](#show-chassis) | Display information about the chassis |
+| [`show chassis firmware`](#show-chassis-firmware) | Show information about the chassis firmware |
+| [`show chassis led`](#show-chassis-led) | Show the status of the chassis LEDs |
+| [`show chassis led phy`](#show-chassis-led-phy) | Show the status of the port LEDs |
+| [`show chassis led system`](#show-chassis-led-system) | Show the status of the System LED |
+| [`show chassis power`](#show-chassis-power) | Show chassis power |
+| [`show chassis temperature`](#show-chassis-temperature) | Show chassis temperature sensor readings |
+| [`show chassis temperature-thresholds`](#show-chassis-temperature-thresholds) | Show chassis temperature thresholds |
+
+#### Description
+
+:::note
+This command can only be run on an SSR400/SSR440.
+:::
+
+## `show chassis led`
+
+Show the status of the chassis LEDs
+
+#### Usage
+
+```
+show chassis led [router <router>] [node <node>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| node | The name of the node |
+| router | The name of the router (default: &lt;current router&gt;) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`phy`](#show-chassis-led-phy) | Show the status of the port LEDs |
+| [`system`](#show-chassis-led-system) | Show the status of the System LED |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show chassis`](#show-chassis) | Display information about the chassis |
+| [`show chassis firmware`](#show-chassis-firmware) | Show information about the chassis firmware |
+| [`show chassis hardware`](#show-chassis-hardware) | Show information about the chassis hardware |
+| [`show chassis led phy`](#show-chassis-led-phy) | Show the status of the port LEDs |
+| [`show chassis led system`](#show-chassis-led-system) | Show the status of the System LED |
+| [`show chassis power`](#show-chassis-power) | Show chassis power |
+| [`show chassis temperature`](#show-chassis-temperature) | Show chassis temperature sensor readings |
+| [`show chassis temperature-thresholds`](#show-chassis-temperature-thresholds) | Show chassis temperature thresholds |
+
+#### Description
+
+:::note
+This command can only be run on an SSR400/SSR440.
+:::
+
+## `show chassis led phy`
+
+Show the status of the port LEDs
+
+#### Usage
+
+```
+show chassis led phy [port <port>] [router <router>] [node <node>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| node | The name of the node |
+| port | The port number for an ethernet port [type: port] |
+| router | The name of the router (default: &lt;current router&gt;) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show chassis`](#show-chassis) | Display information about the chassis |
+| [`show chassis firmware`](#show-chassis-firmware) | Show information about the chassis firmware |
+| [`show chassis hardware`](#show-chassis-hardware) | Show information about the chassis hardware |
+| [`show chassis led`](#show-chassis-led) | Show the status of the chassis LEDs |
+| [`show chassis led system`](#show-chassis-led-system) | Show the status of the System LED |
+| [`show chassis power`](#show-chassis-power) | Show chassis power |
+| [`show chassis temperature`](#show-chassis-temperature) | Show chassis temperature sensor readings |
+| [`show chassis temperature-thresholds`](#show-chassis-temperature-thresholds) | Show chassis temperature thresholds |
+
+#### Description
+
+:::note
+This command can only be run on an SSR400/SSR440.
+:::
 
-## `show bgp summary`
+## `show chassis led system`
 
-Show the current BGP summary from the routing manager.
+Show the status of the System LED
 
 #### Usage
 
 ```
-show bgp summary [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<family>]
+show chassis led system [router <router>] [node <node>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
-| force | Skip confirmation prompt. Only required when targeting all routers |
-| resource-group | The name of the resource group |
-| router | The name of the router for which to display the BGP summary |
-| rows | The number of bgp entries to display at once [type: int or &#x27;all&#x27;] (default: 50) |
-| vrf | VRF name |
+| node | The name of the node |
+| router | The name of the router (default: &lt;current router&gt;) |
 
-##### Positional Arguments
+##### See Also
 
-| name | description |
-| ---- | ----------- |
-| family | ipv4 \| ipv6 \| ipv4-vpn \| ipv6-vpn \| all |
+| command | description |
+| ------- | ----------- |
+| [`show chassis`](#show-chassis) | Display information about the chassis |
+| [`show chassis firmware`](#show-chassis-firmware) | Show information about the chassis firmware |
+| [`show chassis hardware`](#show-chassis-hardware) | Show information about the chassis hardware |
+| [`show chassis led`](#show-chassis-led) | Show the status of the chassis LEDs |
+| [`show chassis led phy`](#show-chassis-led-phy) | Show the status of the port LEDs |
+| [`show chassis power`](#show-chassis-power) | Show chassis power |
+| [`show chassis temperature`](#show-chassis-temperature) | Show chassis temperature sensor readings |
+| [`show chassis temperature-thresholds`](#show-chassis-temperature-thresholds) | Show chassis temperature thresholds |
 
 #### Description
 
-The _show bgp summary_ gives administrators a high-level summary table of the state of all of the SSR&#x27;s BGP peers.
-
-It includes information on each BGP neighbor, including the version (V) of BGP that they are using (generally v4), the Autonomous System number (AS), the number of BGP messages sent and received (MsgSent, MsgRcvd), the table version (TblVer), etc.
-
-#### Example
-
-```
-admin@labsystem1.fiedler# show bgp summary
-BGP router identifier 128.128.128.128, local AS number 4200000128
-RIB entries 7, using 784 bytes of memory
-Peers 3, using 13 KiB of memory
-
-Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  State/PfxRcd
-172.18.1.2      4 4200000001      62      73        0    0    0 00:29:07             1
-172.18.2.2      4 4200000002      62      73        0    0    0 00:29:10             1
-172.18.3.2      4 4200000003      88      84        0    0    0 00:09:53             1
-
-Total number of neighbors 3
-```
-
-#### Version History
-
-| Release | Modification                |
-| ------- | ----------------------------|
-| 1.0.0   | This feature was introduced |
-| 5.1.0 | Added VFR support |
+:::note
+This command can only be run on an SSR400/SSR440.
+:::
 
-## `show capacity`
+## `show chassis power`
 
-Shows current fib/flow/arp/action usage and capacities at the specified node.
+Show chassis power
 
 #### Usage
 
 ```
-show capacity [force] [node <node>] {router <router> | resource-group <resource-group>}
+show chassis power [router <router>] [node <node>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
-| force | Skip confirmation prompt. Only required when targeting all routers |
-| node | The node from which to retrieve capacities |
-| resource-group | The name of the resource group |
-| router | The router from which to retrieve capacities |
-
-#### Example
+| node | The name of the node |
+| router | The name of the router (default: &lt;current router&gt;) |
 
-```
-admin@gouda.novigrad# show capacity
-Wed 2020-04-22 15:17:55 UTC
+##### See Also
 
-Node: gouda
+| command | description |
+| ------- | ----------- |
+| [`show chassis`](#show-chassis) | Display information about the chassis |
+| [`show chassis firmware`](#show-chassis-firmware) | Show information about the chassis firmware |
+| [`show chassis hardware`](#show-chassis-hardware) | Show information about the chassis hardware |
+| [`show chassis led`](#show-chassis-led) | Show the status of the chassis LEDs |
+| [`show chassis led phy`](#show-chassis-led-phy) | Show the status of the port LEDs |
+| [`show chassis led system`](#show-chassis-led-system) | Show the status of the System LED |
+| [`show chassis temperature`](#show-chassis-temperature) | Show chassis temperature sensor readings |
+| [`show chassis temperature-thresholds`](#show-chassis-temperature-thresholds) | Show chassis temperature thresholds |
 
-===================== ========= ========== =======
- Resource              Entries   Capacity   Usage
-===================== ========= ========== =======
- access-policy-table        17       5402   0.3%
- action-pool              2274     301210   0.8%
- arp-table                  23      65535   0.0%
- fib-table                 176      19051   0.9%
- flow-table               1882     131554   1.4%
- source-tenant-table        54       2736   2.0%
+#### Description
 
-Completed in 0.09 seconds
-```
+:::note
+This command can only be run on an SSR400/SSR440.
+:::
 
-## `show capture-filters`
+## `show chassis temperature`
 
-Show active capture-filters.
+Show chassis temperature sensor readings
 
 #### Usage
 
 ```
-show capture-filters [{router <router> | resource-group <resource-group>}] [device-interface <device-interface>] [force] [node <node>]
+show chassis temperature [sensor <sensor>] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
-| device-interface | Device interface on which to show capture-filters (default: all) |
-| force | Skip confirmation prompt. Only required when targeting all routers |
-| node | The node on which to show capture-filters |
-| resource-group | The name of the resource group |
-| router | The router on which to show capture-filters (default: all) |
+| node | The name of the node |
+| router | The name of the router (default: &lt;current router&gt;) |
+| sensor | The name of the target temperature sensor |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary (default: summary) |
 
 ##### See Also
 
 | command | description |
 | ------- | ----------- |
-| [`create capture-filter`](#create-capture-filter) | Creates a capture-filter using BPF syntax (as used in wireshark) on the target interface. |
-| [`delete capture-filter`](#delete-capture-filter) | Deletes a capture-filter created using create capture-filter. (It will not delete filters committed as part of the configuration.) |
-| [`show stats packet-capture`](cli_stats_reference.md#show-stats-packet-capture) | Stats pertaining to captured packets |
+| [`show chassis`](#show-chassis) | Display information about the chassis |
+| [`show chassis firmware`](#show-chassis-firmware) | Show information about the chassis firmware |
+| [`show chassis hardware`](#show-chassis-hardware) | Show information about the chassis hardware |
+| [`show chassis led`](#show-chassis-led) | Show the status of the chassis LEDs |
+| [`show chassis led phy`](#show-chassis-led-phy) | Show the status of the port LEDs |
+| [`show chassis led system`](#show-chassis-led-system) | Show the status of the System LED |
+| [`show chassis power`](#show-chassis-power) | Show chassis power |
+| [`show chassis temperature-thresholds`](#show-chassis-temperature-thresholds) | Show chassis temperature thresholds |
 
 #### Description
 
-Shows all configured capture-filters, including static capture-filters that exist as part of the configuration as well as dynamic capture-filters (i.e., those created using the create capture-filter command).
-
-#### Example
-
-```
-admin@tp-colo-primary.tp-colo# show capture-filters device-interface blended-5
-Thu 2020-04-23 20:28:05 UTC
-
-========= ================= ================ =================
- Router    Node              Interface Name   Capture Filters
-========= ================= ================ =================
- tp-colo   tp-colo-primary   blended-5        host 172.18.5.4
-
-Completed in 0.01 seconds
-```
-
-#### Version History
-
-| Release | Modification                |
-| ------- | ----------------------------|
-| 4.4.0   | This feature was introduced |
+:::note
+This command can only be run on an SSR400/SSR440.
+:::
 
-## `show certificate webserver`
+## `show chassis temperature-thresholds`
 
-Display the webserver certificate
+Show chassis temperature thresholds
 
 #### Usage
 
 ```
-show certificate webserver
+show chassis temperature-thresholds [region <region>] [router <router>] [node <node>]
 ```
 
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| node | The name of the node |
+| region | The target region for temperature thresholds |
+| router | The name of the router (default: &lt;current router&gt;) |
+
 ##### See Also
 
 | command | description |
 | ------- | ----------- |
-| [`create certificate request`](#create-certificate-request) | Create a certificate signing request. |
-| [`create certificate self-signed webserver`](#create-certificate-self-signed-webserver) | Create a self-signed certificate. |
-| [`delete certificate webserver`](#delete-certificate-webserver) | Delete the webserver certificate. |
-| [`import certificate`](#import-certificate) | Import a certificate. |
+| [`show chassis`](#show-chassis) | Display information about the chassis |
+| [`show chassis firmware`](#show-chassis-firmware) | Show information about the chassis firmware |
+| [`show chassis hardware`](#show-chassis-hardware) | Show information about the chassis hardware |
+| [`show chassis led`](#show-chassis-led) | Show the status of the chassis LEDs |
+| [`show chassis led phy`](#show-chassis-led-phy) | Show the status of the port LEDs |
+| [`show chassis led system`](#show-chassis-led-system) | Show the status of the System LED |
+| [`show chassis power`](#show-chassis-power) | Show chassis power |
+| [`show chassis temperature`](#show-chassis-temperature) | Show chassis temperature sensor readings |
+
+#### Description
+
+:::note
+This command can only be run on an SSR400/SSR440.
+:::
 
 ## `show chassis`
 
@@ -7955,6 +8487,29 @@ This command queries the LTE devices and displays the following state info:
 - registration-status
 - connection-status (show IP if connected, otherwise, show previous error)
 - signal-strength (rating, RSSI, and SNR)
+
+## `show management-proxy`
+
+Show management-proxy state data
+
+#### Usage
+
+```
+show management-proxy [force] [node <node>] {router <router> | resource-group <resource-group>}
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The node for which to display status |
+| resource-group | The name of the resource group |
+| router | The router for which to display status |
+
+#### Description
+
+Query the management-proxy to check state details.
 ## `show mist`
 
 Display information about the link between the SSR and the Mist Cloud
@@ -10596,6 +11151,34 @@ show roles [name <name>] [rows <rows>]
 | [`show user`](#show-user) | Display information for user accounts. |
 | [`show user activity`](#show-user-activity) | Show the most recent usage of SSR. |
 
+## `show secure-conductor-onboarding`
+
+Show Secure Conductor Onboarding (SCO) state of all assets.
+
+#### Usage
+
+```
+show secure-conductor-onboarding [<asset_id>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| asset_id | Show detailed state for a specific asset |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`create secure-conductor-onboarding`](#create-secure-conductor-onboarding) | Parent command group for Secure Conductor Onboarding commands. |
+
+#### Description
+
+:::note
+This command can only be run on a Conductor.
+:::
+
 ## `show security key-status`
 
 Display detailed security key status.
@@ -11172,6 +11755,7 @@ show system [{router <router> | resource-group <resource-group>}] [force] [node
 | [`resource-allocation`](#show-system-resource-allocation) | Display information for reserved hugepages and CPU core masks. |
 | [`services`](#show-system-services) | Display a table summarizing statuses of SSR systemd services. |
 | [`software`](#show-system-software) | &lt;available&gt; \| &lt;downgrade&gt; \| &lt;download&gt; \| &lt;health-check&gt; \| &lt;revert&gt; \| &lt;sources&gt; \| &lt;upgrade&gt; |
+| [`utilization`](#show-system-utilization-session-processors) | Display system utilization session processor thread CPU usage. |
 | [`version`](#show-system-version) | Show system version information. |
 
 ##### See Also
@@ -11989,6 +12573,31 @@ show system software upgrade [{router <router> | resource-group <resource-group>
 | [`show system software sources`](#show-system-software-sources) | Display information about software sources. |
 | [`show system version`](#show-system-version) | Show system version information. |
 
+## `show system utilization session-processors`
+
+Display system utilization session processor thread CPU usage
+
+#### Usage
+
+```
+show system utilization session-processors [force] [node <node>] {router <router> | resource-group <resource-group>} [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node |
+| resource-group | The name of the resource group |
+| router | The name of the router |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary (default: summary) |
+
 ## `show system version`
 
 Show system version information.
@@ -12577,6 +13186,9 @@ traceroute to 172.16.1.201, 64 hops max
 | 6.1.0 | Introduced | 
 | 6.2.3-R2 | Updates and improvements made to the keyword arguments |
 
+The only mandatory parameter is the destination IP.
+
+
 ## `validate`
 
 Validate the candidate config.
diff --git a/docs/cli_stats_reference.md b/docs/cli_stats_reference.md
index 1df549243b..ad56b56bb7 100755
--- a/docs/cli_stats_reference.md
+++ b/docs/cli_stats_reference.md
@@ -30979,6 +30979,7 @@ show stats app-id [since <since>] [force] [router <router>] [node <node>] [<verb
 | [`refreshes`](#show-stats-app-id-refreshes) | The total number of times app-id modules were refreshed |
 | [`retries`](#show-stats-app-id-retries) | The total number of times failed app-id modules were retried |
 | [`subcategory-lookup`](#show-stats-app-id-subcategory-lookup) | Statistics for &#x27;subcategory-lookup&#x27; |
+| [`summary-tracking`](#show-stats-app-id-summary-tracking) | Statistics for &#x27;summary-tracking&#x27; |
 | [`url-lookup`](#show-stats-app-id-url-lookup) | Statistics for &#x27;url-lookup&#x27; |
 
 ## `show stats app-id application-director`
@@ -34484,6 +34485,157 @@ show stats app-id subcategory-lookup service-not-applicable [since <since>] [for
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
+## `show stats app-id summary-tracking`
+
+Statistics for &#x27;summary-tracking&#x27;
+
+#### Usage
+
+```
+show stats app-id summary-tracking [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`stale-contributor`](#show-stats-app-id-summary-tracking-stale-contributor) | Statistics for &#x27;stale-contributor&#x27; |
+
+## `show stats app-id summary-tracking stale-contributor`
+
+Statistics for &#x27;stale-contributor&#x27;
+
+#### Usage
+
+```
+show stats app-id summary-tracking stale-contributor [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`detected`](#show-stats-app-id-summary-tracking-stale-contributor-detected) | The count of times when stale contributors were detected (in-memory) |
+| [`stack-generated`](#show-stats-app-id-summary-tracking-stale-contributor-stack-generated) | The count of times when stale contributors stack traces were generated (in-memory) |
+| [`stack-skipped`](#show-stats-app-id-summary-tracking-stale-contributor-stack-skipped) | The count of times when stale contributors stack traces were skipped (in-memory) |
+
+## `show stats app-id summary-tracking stale-contributor detected`
+
+The count of times when stale contributors were detected (in-memory)
+
+#### Usage
+
+```
+show stats app-id summary-tracking stale-contributor detected [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+#### Description
+
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats app-id summary-tracking stale-contributor stack-generated`
+
+The count of times when stale contributors stack traces were generated (in-memory)
+
+#### Usage
+
+```
+show stats app-id summary-tracking stale-contributor stack-generated [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+#### Description
+
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats app-id summary-tracking stale-contributor stack-skipped`
+
+The count of times when stale contributors stack traces were skipped (in-memory)
+
+#### Usage
+
+```
+show stats app-id summary-tracking stale-contributor stack-skipped [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+#### Description
+
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
 ## `show stats app-id url-lookup`
 
 Statistics for &#x27;url-lookup&#x27;
@@ -37218,6 +37370,7 @@ show stats bfd [since <since>] [force] [router <router>] [node <node>] [<verbosi
 | [`local-source-nat-change`](#show-stats-bfd-local-source-nat-change) | The number of local source nat changes on the peer path. |
 | [`local-source-nat-reset`](#show-stats-bfd-local-source-nat-reset) | The number of local source nat resets on the peer path. |
 | [`metadata-key`](#show-stats-bfd-metadata-key) | Stats pertaining to BFD metadata key exchange mode in total. |
+| [`ml-kem-key`](#show-stats-bfd-ml-kem-key) | Stats pertaining to BFD ml-kem-key exchange mode in total. |
 | [`neighbor`](#show-stats-bfd-neighbor) | Stats pertaining to BFD Neighbor |
 | [`received-invalid`](#show-stats-bfd-received-invalid) | Stats pertaining to invalid BFD packets received |
 | [`salt`](#show-stats-bfd-salt) | Stats pertaining to BFD salt exchange mode in total. |
@@ -37541,6 +37694,7 @@ show stats bfd by-peer-node-id [peer-name <peer-name>] [peer-node-id <peer-node-
 | [`cert`](#show-stats-bfd-by-peer-node-id-cert) | Stats pertaining to BFD certificate exchange peer peer node-id |
 | [`dh-public-key`](#show-stats-bfd-by-peer-node-id-dh-public-key) | Stats pertaining to BFD dh-public-key exchange peer peer node-id |
 | [`metadata-key`](#show-stats-bfd-by-peer-node-id-metadata-key) | Stats pertaining to BFD metadata-key exchange peer peer node-id |
+| [`ml-kem-key`](#show-stats-bfd-by-peer-node-id-ml-kem-key) | Stats pertaining to BFD ml-kem-key exchange peer peer node-id |
 | [`salt`](#show-stats-bfd-by-peer-node-id-salt) | Stats pertaining to BFD salt exchange peer peer node-id |
 
 ##### See Also
@@ -38258,14 +38412,14 @@ show stats bfd by-peer-node-id metadata-key sent success [peer-name <peer-name>]
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-node-id salt`
+## `show stats bfd by-peer-node-id ml-kem-key`
 
-Stats pertaining to BFD salt exchange peer peer node-id
+Stats pertaining to BFD ml-kem-key exchange peer peer node-id
 
 #### Usage
 
 ```
-show stats bfd by-peer-node-id salt [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id ml-kem-key [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -38289,8 +38443,8 @@ show stats bfd by-peer-node-id salt [peer-name <peer-name>] [peer-node-id <peer-
 
 | command | description |
 | ------- | ----------- |
-| [`received`](#show-stats-bfd-by-peer-node-id-salt-received) | BFD salt exchange packets received for the peer node-id. |
-| [`sent`](#show-stats-bfd-by-peer-node-id-salt-sent) | BFD salt exchange packets sent for the peer node-id. |
+| [`received`](#show-stats-bfd-by-peer-node-id-ml-kem-key-received) | BFD ml-kem-key exchange packets received for the peer node-id. |
+| [`sent`](#show-stats-bfd-by-peer-node-id-ml-kem-key-sent) | BFD ml-kem-key exchange packets sent for the peer node-id. |
 
 ##### See Also
 
@@ -38299,14 +38453,14 @@ show stats bfd by-peer-node-id salt [peer-name <peer-name>] [peer-node-id <peer-
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-node-id salt received`
+## `show stats bfd by-peer-node-id ml-kem-key received`
 
-BFD salt exchange packets received for the peer node-id.
+BFD ml-kem-key exchange packets received for the peer node-id.
 
 #### Usage
 
 ```
-show stats bfd by-peer-node-id salt received [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id ml-kem-key received [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -38330,8 +38484,8 @@ show stats bfd by-peer-node-id salt received [peer-name <peer-name>] [peer-node-
 
 | command | description |
 | ------- | ----------- |
-| [`miss`](#show-stats-bfd-by-peer-node-id-salt-received-miss) | BFD salt exchange packets not received in time for the peer node-id. (in-memory) |
-| [`success`](#show-stats-bfd-by-peer-node-id-salt-received-success) | BFD salt exchange packets received for the peer node-id. (in-memory) |
+| [`miss`](#show-stats-bfd-by-peer-node-id-ml-kem-key-received-miss) | BFD ml-kem-key exchange packets not received in time for the peer node-id. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-node-id-ml-kem-key-received-success) | BFD ml-kem-key exchange packets received for the peer node-id. (in-memory) |
 
 ##### See Also
 
@@ -38340,14 +38494,14 @@ show stats bfd by-peer-node-id salt received [peer-name <peer-name>] [peer-node-
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-node-id salt received miss`
+## `show stats bfd by-peer-node-id ml-kem-key received miss`
 
-BFD salt exchange packets not received in time for the peer node-id. (in-memory)
+BFD ml-kem-key exchange packets not received in time for the peer node-id. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-node-id salt received miss [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id ml-kem-key received miss [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -38378,14 +38532,14 @@ show stats bfd by-peer-node-id salt received miss [peer-name <peer-name>] [peer-
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-node-id salt received success`
+## `show stats bfd by-peer-node-id ml-kem-key received success`
 
-BFD salt exchange packets received for the peer node-id. (in-memory)
+BFD ml-kem-key exchange packets received for the peer node-id. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-node-id salt received success [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id ml-kem-key received success [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -38416,14 +38570,14 @@ show stats bfd by-peer-node-id salt received success [peer-name <peer-name>] [pe
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-node-id salt sent`
+## `show stats bfd by-peer-node-id ml-kem-key sent`
 
-BFD salt exchange packets sent for the peer node-id.
+BFD ml-kem-key exchange packets sent for the peer node-id.
 
 #### Usage
 
 ```
-show stats bfd by-peer-node-id salt sent [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id ml-kem-key sent [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -38447,7 +38601,7 @@ show stats bfd by-peer-node-id salt sent [peer-name <peer-name>] [peer-node-id <
 
 | command | description |
 | ------- | ----------- |
-| [`success`](#show-stats-bfd-by-peer-node-id-salt-sent-success) | BFD salt exchange packets sent successfully for the peer node-id. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-node-id-ml-kem-key-sent-success) | BFD ml-kem-key exchange packets sent successfully for the peer node-id. (in-memory) |
 
 ##### See Also
 
@@ -38456,14 +38610,14 @@ show stats bfd by-peer-node-id salt sent [peer-name <peer-name>] [peer-node-id <
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-node-id salt sent success`
+## `show stats bfd by-peer-node-id ml-kem-key sent success`
 
-BFD salt exchange packets sent successfully for the peer node-id. (in-memory)
+BFD ml-kem-key exchange packets sent successfully for the peer node-id. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-node-id salt sent success [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id ml-kem-key sent success [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -38494,28 +38648,26 @@ show stats bfd by-peer-node-id salt sent success [peer-name <peer-name>] [peer-n
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path`
+## `show stats bfd by-peer-node-id salt`
 
-Stats pertaining to BFD per peer path
+Stats pertaining to BFD salt exchange peer peer node-id
 
 #### Usage
 
 ```
-show stats bfd by-peer-path [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id salt [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
-| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
-| peer-host | The host of the peer generating this metric (comma-separated list) |
 | peer-name | The name of the peer generating this metric (comma-separated list) |
+| peer-node-id | The node id of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
-| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -38527,23 +38679,8 @@ show stats bfd by-peer-path [peer-name <peer-name>] [peer-host <peer-host>] [dev
 
 | command | description |
 | ------- | ----------- |
-| [`async`](#show-stats-bfd-by-peer-path-async) | Stats pertaining to BFD async mode per peer path |
-| [`average-latency`](#show-stats-bfd-by-peer-path-average-latency) | Rolling average latency in milliseconds for the SSR peer path. |
-| [`cert`](#show-stats-bfd-by-peer-path-cert) | Stats pertaining to BFD certificate exchange per peer path |
-| [`dh-public-key`](#show-stats-bfd-by-peer-path-dh-public-key) | Stats pertaining to BFD dh-public-key exchange per peer path |
-| [`dynamic-damping`](#show-stats-bfd-by-peer-path-dynamic-damping) | Stats pertaining to Dynamic BFD Damping |
-| [`echo`](#show-stats-bfd-by-peer-path-echo) | Stats pertaining to BFD echo mode per peer path |
-| [`jitter`](#show-stats-bfd-by-peer-path-jitter) | Jitter in milliseconds for the SSR peer path. |
-| [`latency`](#show-stats-bfd-by-peer-path-latency) | Latency in milliseconds for the SSR peer path. |
-| [`link-down`](#show-stats-bfd-by-peer-path-link-down) | Stats tracking BFD link down event per peer path |
-| [`link-up`](#show-stats-bfd-by-peer-path-link-up) | The number of link-ups on the peer path. (in-memory) |
-| [`local-source-nat-change`](#show-stats-bfd-by-peer-path-local-source-nat-change) | The number of local source nat changes on the peer path. (in-memory) |
-| [`local-source-nat-reset`](#show-stats-bfd-by-peer-path-local-source-nat-reset) | The number of local source nat resets on the peer path. (in-memory) |
-| [`loss`](#show-stats-bfd-by-peer-path-loss) | Packet loss percentange for the SSR peer path. |
-| [`metadata-key`](#show-stats-bfd-by-peer-path-metadata-key) | Stats pertaining to BFD metadata-key exchange per peer path |
-| [`mos`](#show-stats-bfd-by-peer-path-mos) | MOS value calculated for the SSR peer path. (hundreths of a decimal) |
-| [`neighbor`](#show-stats-bfd-by-peer-path-neighbor) | Stats pertaining to BFD Neighbor |
-| [`salt`](#show-stats-bfd-by-peer-path-salt) | Stats pertaining to BFD salt exchange per peer path |
+| [`received`](#show-stats-bfd-by-peer-node-id-salt-received) | BFD salt exchange packets received for the peer node-id. |
+| [`sent`](#show-stats-bfd-by-peer-node-id-salt-sent) | BFD salt exchange packets sent for the peer node-id. |
 
 ##### See Also
 
@@ -38552,28 +38689,26 @@ show stats bfd by-peer-path [peer-name <peer-name>] [peer-host <peer-host>] [dev
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path async`
+## `show stats bfd by-peer-node-id salt received`
 
-Stats pertaining to BFD async mode per peer path
+BFD salt exchange packets received for the peer node-id.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path async [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id salt received [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
-| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
-| peer-host | The host of the peer generating this metric (comma-separated list) |
 | peer-name | The name of the peer generating this metric (comma-separated list) |
+| peer-node-id | The node id of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
-| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -38585,8 +38720,8 @@ show stats bfd by-peer-path async [peer-name <peer-name>] [peer-host <peer-host>
 
 | command | description |
 | ------- | ----------- |
-| [`received`](#show-stats-bfd-by-peer-path-async-received) | BFD async packets received on the peer path. |
-| [`sent`](#show-stats-bfd-by-peer-path-async-sent) | BFD async packets sent on the peer path. |
+| [`miss`](#show-stats-bfd-by-peer-node-id-salt-received-miss) | BFD salt exchange packets not received in time for the peer node-id. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-node-id-salt-received-success) | BFD salt exchange packets received for the peer node-id. (in-memory) |
 
 ##### See Also
 
@@ -38595,28 +38730,26 @@ show stats bfd by-peer-path async [peer-name <peer-name>] [peer-host <peer-host>
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path async received`
+## `show stats bfd by-peer-node-id salt received miss`
 
-BFD async packets received on the peer path.
+BFD salt exchange packets not received in time for the peer node-id. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path async received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id salt received miss [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
-| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
-| peer-host | The host of the peer generating this metric (comma-separated list) |
 | peer-name | The name of the peer generating this metric (comma-separated list) |
+| peer-node-id | The node id of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
-| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -38624,13 +38757,6 @@ show stats bfd by-peer-path async received [peer-name <peer-name>] [peer-host <p
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`miss`](#show-stats-bfd-by-peer-path-async-received-miss) | BFD async packets not received in time on the peer path. (in-memory) |
-| [`success`](#show-stats-bfd-by-peer-path-async-received-success) | BFD async packets received on the peer path. (in-memory) |
-
 ##### See Also
 
 | command | description |
@@ -38638,28 +38764,30 @@ show stats bfd by-peer-path async received [peer-name <peer-name>] [peer-host <p
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path async received miss`
+#### Description
 
-BFD async packets not received in time on the peer path. (in-memory)
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-node-id salt received success`
+
+BFD salt exchange packets received for the peer node-id. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path async received miss [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id salt received success [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
-| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
-| peer-host | The host of the peer generating this metric (comma-separated list) |
 | peer-name | The name of the peer generating this metric (comma-separated list) |
+| peer-node-id | The node id of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
-| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -38678,28 +38806,26 @@ show stats bfd by-peer-path async received miss [peer-name <peer-name>] [peer-ho
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path async received success`
+## `show stats bfd by-peer-node-id salt sent`
 
-BFD async packets received on the peer path. (in-memory)
+BFD salt exchange packets sent for the peer node-id.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path async received success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id salt sent [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
-| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
-| peer-host | The host of the peer generating this metric (comma-separated list) |
 | peer-name | The name of the peer generating this metric (comma-separated list) |
+| peer-node-id | The node id of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
-| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -38707,6 +38833,12 @@ show stats bfd by-peer-path async received success [peer-name <peer-name>] [peer
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`success`](#show-stats-bfd-by-peer-node-id-salt-sent-success) | BFD salt exchange packets sent successfully for the peer node-id. (in-memory) |
+
 ##### See Also
 
 | command | description |
@@ -38714,32 +38846,26 @@ show stats bfd by-peer-path async received success [peer-name <peer-name>] [peer
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path async sent`
+## `show stats bfd by-peer-node-id salt sent success`
 
-BFD async packets sent on the peer path.
+BFD salt exchange packets sent successfully for the peer node-id. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path async sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-node-id salt sent success [peer-name <peer-name>] [peer-node-id <peer-node-id>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
-| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
-| peer-host | The host of the peer generating this metric (comma-separated list) |
 | peer-name | The name of the peer generating this metric (comma-separated list) |
+| peer-node-id | The node id of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
-| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -38747,14 +38873,6 @@ show stats bfd by-peer-path async sent [peer-name <peer-name>] [peer-host <peer-
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`arp-failure`](#show-stats-bfd-by-peer-path-async-sent-arp-failure) | BFD async packets tx arp failure on the peer path. (in-memory) |
-| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-async-sent-buffer-allocation-failure) | BFD async packets tx allocation failure on the peer path. (in-memory) |
-| [`success`](#show-stats-bfd-by-peer-path-async-sent-success) | BFD async packets sent successfully on the peer path. (in-memory) |
-
 ##### See Also
 
 | command | description |
@@ -38762,14 +38880,18 @@ show stats bfd by-peer-path async sent [peer-name <peer-name>] [peer-host <peer-
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path async sent arp-failure`
+#### Description
 
-BFD async packets tx arp failure on the peer path. (in-memory)
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path`
+
+Stats pertaining to BFD per peer path
 
 #### Usage
 
 ```
-show stats bfd by-peer-path async sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -38791,45 +38913,28 @@ show stats bfd by-peer-path async sent arp-failure [peer-name <peer-name>] [peer
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### See Also
+##### Subcommands
 
 | command | description |
 | ------- | ----------- |
-| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
-| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
-
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path async sent buffer-allocation-failure`
-
-BFD async packets tx allocation failure on the peer path. (in-memory)
-
-#### Usage
-
-```
-show stats bfd by-peer-path async sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
-```
-
-##### Keyword Arguments
-
-| name | description |
-| ---- | ----------- |
-| device-name | The name of the device port for which this metric was generated (comma-separated list) |
-| force | Skip confirmation prompt. Only required when targeting all routers |
-| node | The name of the node generating this metric |
-| peer-host | The host of the peer generating this metric (comma-separated list) |
-| peer-name | The name of the peer generating this metric (comma-separated list) |
-| router | The router for which to display stats (default: &lt;current router&gt;) |
-| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
-| vlan | The vlan for which this metrics was generated (comma-separated list) |
-
-##### Positional Arguments
-
-| name | description |
-| ---- | ----------- |
-| verbosity | detail \| summary \| debug (default: detail) |
+| [`async`](#show-stats-bfd-by-peer-path-async) | Stats pertaining to BFD async mode per peer path |
+| [`average-latency`](#show-stats-bfd-by-peer-path-average-latency) | Rolling average latency in milliseconds for the SSR peer path. |
+| [`cert`](#show-stats-bfd-by-peer-path-cert) | Stats pertaining to BFD certificate exchange per peer path |
+| [`dh-public-key`](#show-stats-bfd-by-peer-path-dh-public-key) | Stats pertaining to BFD dh-public-key exchange per peer path |
+| [`dynamic-damping`](#show-stats-bfd-by-peer-path-dynamic-damping) | Stats pertaining to Dynamic BFD Damping |
+| [`echo`](#show-stats-bfd-by-peer-path-echo) | Stats pertaining to BFD echo mode per peer path |
+| [`jitter`](#show-stats-bfd-by-peer-path-jitter) | Jitter in milliseconds for the SSR peer path. |
+| [`latency`](#show-stats-bfd-by-peer-path-latency) | Latency in milliseconds for the SSR peer path. |
+| [`link-down`](#show-stats-bfd-by-peer-path-link-down) | Stats tracking BFD link down event per peer path |
+| [`link-up`](#show-stats-bfd-by-peer-path-link-up) | The number of link-ups on the peer path. (in-memory) |
+| [`local-source-nat-change`](#show-stats-bfd-by-peer-path-local-source-nat-change) | The number of local source nat changes on the peer path. (in-memory) |
+| [`local-source-nat-reset`](#show-stats-bfd-by-peer-path-local-source-nat-reset) | The number of local source nat resets on the peer path. (in-memory) |
+| [`loss`](#show-stats-bfd-by-peer-path-loss) | Packet loss percentange for the SSR peer path. |
+| [`metadata-key`](#show-stats-bfd-by-peer-path-metadata-key) | Stats pertaining to BFD metadata-key exchange per peer path |
+| [`ml-kem-key`](#show-stats-bfd-by-peer-path-ml-kem-key) | Stats pertaining to BFD ml-kem-key exchange per peer path |
+| [`mos`](#show-stats-bfd-by-peer-path-mos) | MOS value calculated for the SSR peer path. (hundreths of a decimal) |
+| [`neighbor`](#show-stats-bfd-by-peer-path-neighbor) | Stats pertaining to BFD Neighbor |
+| [`salt`](#show-stats-bfd-by-peer-path-salt) | Stats pertaining to BFD salt exchange per peer path |
 
 ##### See Also
 
@@ -38838,18 +38943,14 @@ show stats bfd by-peer-path async sent buffer-allocation-failure [peer-name <pee
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path async sent success`
+## `show stats bfd by-peer-path async`
 
-BFD async packets sent successfully on the peer path. (in-memory)
+Stats pertaining to BFD async mode per peer path
 
 #### Usage
 
 ```
-show stats bfd by-peer-path async sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path async [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -38871,45 +38972,12 @@ show stats bfd by-peer-path async sent success [peer-name <peer-name>] [peer-hos
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### See Also
+##### Subcommands
 
 | command | description |
 | ------- | ----------- |
-| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
-| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
-
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path average-latency`
-
-Rolling average latency in milliseconds for the SSR peer path.
-
-#### Usage
-
-```
-show stats bfd by-peer-path average-latency [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
-```
-
-##### Keyword Arguments
-
-| name | description |
-| ---- | ----------- |
-| device-name | The name of the device port for which this metric was generated (comma-separated list) |
-| force | Skip confirmation prompt. Only required when targeting all routers |
-| node | The name of the node generating this metric |
-| peer-host | The host of the peer generating this metric (comma-separated list) |
-| peer-name | The name of the peer generating this metric (comma-separated list) |
-| router | The router for which to display stats (default: &lt;current router&gt;) |
-| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
-| vlan | The vlan for which this metrics was generated (comma-separated list) |
-
-##### Positional Arguments
-
-| name | description |
-| ---- | ----------- |
-| verbosity | detail \| summary \| debug (default: detail) |
+| [`received`](#show-stats-bfd-by-peer-path-async-received) | BFD async packets received on the peer path. |
+| [`sent`](#show-stats-bfd-by-peer-path-async-sent) | BFD async packets sent on the peer path. |
 
 ##### See Also
 
@@ -38918,14 +38986,14 @@ show stats bfd by-peer-path average-latency [peer-name <peer-name>] [peer-host <
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path cert`
+## `show stats bfd by-peer-path async received`
 
-Stats pertaining to BFD certificate exchange per peer path
+BFD async packets received on the peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path cert [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path async received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -38951,8 +39019,8 @@ show stats bfd by-peer-path cert [peer-name <peer-name>] [peer-host <peer-host>]
 
 | command | description |
 | ------- | ----------- |
-| [`received`](#show-stats-bfd-by-peer-path-cert-received) | BFD certificate exchange packets received on the peer path. |
-| [`sent`](#show-stats-bfd-by-peer-path-cert-sent) | BFD certificate exchange packets sent on the peer path. |
+| [`miss`](#show-stats-bfd-by-peer-path-async-received-miss) | BFD async packets not received in time on the peer path. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-path-async-received-success) | BFD async packets received on the peer path. (in-memory) |
 
 ##### See Also
 
@@ -38961,14 +39029,14 @@ show stats bfd by-peer-path cert [peer-name <peer-name>] [peer-host <peer-host>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path cert received`
+## `show stats bfd by-peer-path async received miss`
 
-BFD certificate exchange packets received on the peer path.
+BFD async packets not received in time on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path cert received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path async received miss [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -38990,12 +39058,6 @@ show stats bfd by-peer-path cert received [peer-name <peer-name>] [peer-host <pe
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`success`](#show-stats-bfd-by-peer-path-cert-received-success) | BFD certificate exchange packets received on the peer path. (in-memory) |
-
 ##### See Also
 
 | command | description |
@@ -39003,14 +39065,18 @@ show stats bfd by-peer-path cert received [peer-name <peer-name>] [peer-host <pe
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path cert received success`
+#### Description
 
-BFD certificate exchange packets received on the peer path. (in-memory)
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path async received success`
+
+BFD async packets received on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path cert received success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path async received success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39043,14 +39109,14 @@ show stats bfd by-peer-path cert received success [peer-name <peer-name>] [peer-
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path cert sent`
+## `show stats bfd by-peer-path async sent`
 
-BFD certificate exchange packets sent on the peer path.
+BFD async packets sent on the peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path cert sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path async sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39076,9 +39142,9 @@ show stats bfd by-peer-path cert sent [peer-name <peer-name>] [peer-host <peer-h
 
 | command | description |
 | ------- | ----------- |
-| [`arp-failure`](#show-stats-bfd-by-peer-path-cert-sent-arp-failure) | BFD certificate exchange packets tx arp failure on the peer path. (in-memory) |
-| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-cert-sent-buffer-allocation-failure) | BFD certificate exchange packets tx allocation failure on the peer path. (in-memory) |
-| [`success`](#show-stats-bfd-by-peer-path-cert-sent-success) | BFD certificate exchange packets sent successfully on the peer path. (in-memory) |
+| [`arp-failure`](#show-stats-bfd-by-peer-path-async-sent-arp-failure) | BFD async packets tx arp failure on the peer path. (in-memory) |
+| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-async-sent-buffer-allocation-failure) | BFD async packets tx allocation failure on the peer path. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-path-async-sent-success) | BFD async packets sent successfully on the peer path. (in-memory) |
 
 ##### See Also
 
@@ -39087,14 +39153,14 @@ show stats bfd by-peer-path cert sent [peer-name <peer-name>] [peer-host <peer-h
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path cert sent arp-failure`
+## `show stats bfd by-peer-path async sent arp-failure`
 
-BFD certificate exchange packets tx arp failure on the peer path. (in-memory)
+BFD async packets tx arp failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path cert sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path async sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39127,14 +39193,14 @@ show stats bfd by-peer-path cert sent arp-failure [peer-name <peer-name>] [peer-
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path cert sent buffer-allocation-failure`
+## `show stats bfd by-peer-path async sent buffer-allocation-failure`
 
-BFD certificate exchange packets tx allocation failure on the peer path. (in-memory)
+BFD async packets tx allocation failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path cert sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path async sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39167,14 +39233,14 @@ show stats bfd by-peer-path cert sent buffer-allocation-failure [peer-name <peer
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path cert sent success`
+## `show stats bfd by-peer-path async sent success`
 
-BFD certificate exchange packets sent successfully on the peer path. (in-memory)
+BFD async packets sent successfully on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path cert sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path async sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39207,14 +39273,14 @@ show stats bfd by-peer-path cert sent success [peer-name <peer-name>] [peer-host
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path dh-public-key`
+## `show stats bfd by-peer-path average-latency`
 
-Stats pertaining to BFD dh-public-key exchange per peer path
+Rolling average latency in milliseconds for the SSR peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path dh-public-key [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path average-latency [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39236,13 +39302,6 @@ show stats bfd by-peer-path dh-public-key [peer-name <peer-name>] [peer-host <pe
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`received`](#show-stats-bfd-by-peer-path-dh-public-key-received) | BFD dh-public-key exchange packets received on the peer path. |
-| [`sent`](#show-stats-bfd-by-peer-path-dh-public-key-sent) | BFD dh-public-key exchange packets sent on the peer path. |
-
 ##### See Also
 
 | command | description |
@@ -39250,14 +39309,14 @@ show stats bfd by-peer-path dh-public-key [peer-name <peer-name>] [peer-host <pe
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path dh-public-key received`
+## `show stats bfd by-peer-path cert`
 
-BFD dh-public-key exchange packets received on the peer path.
+Stats pertaining to BFD certificate exchange per peer path
 
 #### Usage
 
 ```
-show stats bfd by-peer-path dh-public-key received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path cert [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39283,7 +39342,8 @@ show stats bfd by-peer-path dh-public-key received [peer-name <peer-name>] [peer
 
 | command | description |
 | ------- | ----------- |
-| [`success`](#show-stats-bfd-by-peer-path-dh-public-key-received-success) | BFD dh-public-key exchange packets received on the peer path. (in-memory) |
+| [`received`](#show-stats-bfd-by-peer-path-cert-received) | BFD certificate exchange packets received on the peer path. |
+| [`sent`](#show-stats-bfd-by-peer-path-cert-sent) | BFD certificate exchange packets sent on the peer path. |
 
 ##### See Also
 
@@ -39292,14 +39352,14 @@ show stats bfd by-peer-path dh-public-key received [peer-name <peer-name>] [peer
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path dh-public-key received success`
+## `show stats bfd by-peer-path cert received`
 
-BFD dh-public-key exchange packets received on the peer path. (in-memory)
+BFD certificate exchange packets received on the peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path dh-public-key received success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path cert received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39321,6 +39381,12 @@ show stats bfd by-peer-path dh-public-key received success [peer-name <peer-name
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`success`](#show-stats-bfd-by-peer-path-cert-received-success) | BFD certificate exchange packets received on the peer path. (in-memory) |
+
 ##### See Also
 
 | command | description |
@@ -39328,18 +39394,14 @@ show stats bfd by-peer-path dh-public-key received success [peer-name <peer-name
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path dh-public-key sent`
+## `show stats bfd by-peer-path cert received success`
 
-BFD dh-public-key exchange packets sent on the peer path.
+BFD certificate exchange packets received on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path dh-public-key sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path cert received success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39361,14 +39423,6 @@ show stats bfd by-peer-path dh-public-key sent [peer-name <peer-name>] [peer-hos
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`arp-failure`](#show-stats-bfd-by-peer-path-dh-public-key-sent-arp-failure) | BFD dh-public-key exchange packets tx arp failure on the peer path. (in-memory) |
-| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-dh-public-key-sent-buffer-allocation-failure) | BFD dh-public-key exchange packets tx allocation failure on the peer path. (in-memory) |
-| [`success`](#show-stats-bfd-by-peer-path-dh-public-key-sent-success) | BFD dh-public-key exchange packets sent successfully on the peer path. (in-memory) |
-
 ##### See Also
 
 | command | description |
@@ -39376,14 +39430,18 @@ show stats bfd by-peer-path dh-public-key sent [peer-name <peer-name>] [peer-hos
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path dh-public-key sent arp-failure`
+#### Description
 
-BFD dh-public-key exchange packets tx arp failure on the peer path. (in-memory)
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path cert sent`
+
+BFD certificate exchange packets sent on the peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path dh-public-key sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path cert sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39405,6 +39463,14 @@ show stats bfd by-peer-path dh-public-key sent arp-failure [peer-name <peer-name
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`arp-failure`](#show-stats-bfd-by-peer-path-cert-sent-arp-failure) | BFD certificate exchange packets tx arp failure on the peer path. (in-memory) |
+| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-cert-sent-buffer-allocation-failure) | BFD certificate exchange packets tx allocation failure on the peer path. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-path-cert-sent-success) | BFD certificate exchange packets sent successfully on the peer path. (in-memory) |
+
 ##### See Also
 
 | command | description |
@@ -39412,18 +39478,14 @@ show stats bfd by-peer-path dh-public-key sent arp-failure [peer-name <peer-name
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path dh-public-key sent buffer-allocation-failure`
+## `show stats bfd by-peer-path cert sent arp-failure`
 
-BFD dh-public-key exchange packets tx allocation failure on the peer path. (in-memory)
+BFD certificate exchange packets tx arp failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path dh-public-key sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path cert sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39456,14 +39518,14 @@ show stats bfd by-peer-path dh-public-key sent buffer-allocation-failure [peer-n
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path dh-public-key sent success`
+## `show stats bfd by-peer-path cert sent buffer-allocation-failure`
 
-BFD dh-public-key exchange packets sent successfully on the peer path. (in-memory)
+BFD certificate exchange packets tx allocation failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path dh-public-key sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path cert sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39496,14 +39558,14 @@ show stats bfd by-peer-path dh-public-key sent success [peer-name <peer-name>] [
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path dynamic-damping`
+## `show stats bfd by-peer-path cert sent success`
 
-Stats pertaining to Dynamic BFD Damping
+BFD certificate exchange packets sent successfully on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path dynamic-damping [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path cert sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39525,13 +39587,6 @@ show stats bfd by-peer-path dynamic-damping [peer-name <peer-name>] [peer-host <
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`current-hold-down-time`](#show-stats-bfd-by-peer-path-dynamic-damping-current-hold-down-time) | The hold-down duration in seconds. This value will be used for the next time the hold-down timer is started (in-memory) |
-| [`hold-down-link-flaps`](#show-stats-bfd-by-peer-path-dynamic-damping-hold-down-link-flaps) | Number of link flaps that have occured within a hold-down period since the last path-down notification (in-memory) |
-
 ##### See Also
 
 | command | description |
@@ -39539,14 +39594,18 @@ show stats bfd by-peer-path dynamic-damping [peer-name <peer-name>] [peer-host <
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path dynamic-damping current-hold-down-time`
+#### Description
 
-The hold-down duration in seconds. This value will be used for the next time the hold-down timer is started (in-memory)
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path dh-public-key`
+
+Stats pertaining to BFD dh-public-key exchange per peer path
 
 #### Usage
 
 ```
-show stats bfd by-peer-path dynamic-damping current-hold-down-time [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path dh-public-key [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39568,6 +39627,13 @@ show stats bfd by-peer-path dynamic-damping current-hold-down-time [peer-name <p
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`received`](#show-stats-bfd-by-peer-path-dh-public-key-received) | BFD dh-public-key exchange packets received on the peer path. |
+| [`sent`](#show-stats-bfd-by-peer-path-dh-public-key-sent) | BFD dh-public-key exchange packets sent on the peer path. |
+
 ##### See Also
 
 | command | description |
@@ -39575,18 +39641,14 @@ show stats bfd by-peer-path dynamic-damping current-hold-down-time [peer-name <p
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path dynamic-damping hold-down-link-flaps`
+## `show stats bfd by-peer-path dh-public-key received`
 
-Number of link flaps that have occured within a hold-down period since the last path-down notification (in-memory)
+BFD dh-public-key exchange packets received on the peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path dynamic-damping hold-down-link-flaps [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path dh-public-key received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39608,6 +39670,12 @@ show stats bfd by-peer-path dynamic-damping hold-down-link-flaps [peer-name <pee
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`success`](#show-stats-bfd-by-peer-path-dh-public-key-received-success) | BFD dh-public-key exchange packets received on the peer path. (in-memory) |
+
 ##### See Also
 
 | command | description |
@@ -39615,18 +39683,14 @@ show stats bfd by-peer-path dynamic-damping hold-down-link-flaps [peer-name <pee
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path echo`
+## `show stats bfd by-peer-path dh-public-key received success`
 
-Stats pertaining to BFD echo mode per peer path
+BFD dh-public-key exchange packets received on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path echo [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path dh-public-key received success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39648,13 +39712,6 @@ show stats bfd by-peer-path echo [peer-name <peer-name>] [peer-host <peer-host>]
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`received`](#show-stats-bfd-by-peer-path-echo-received) | BFD echo packets received on the peer path. (in-memory) |
-| [`sent`](#show-stats-bfd-by-peer-path-echo-sent) | BFD echo packets sent on the peer path. |
-
 ##### See Also
 
 | command | description |
@@ -39662,14 +39719,18 @@ show stats bfd by-peer-path echo [peer-name <peer-name>] [peer-host <peer-host>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path echo received`
+#### Description
 
-BFD echo packets received on the peer path. (in-memory)
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path dh-public-key sent`
+
+BFD dh-public-key exchange packets sent on the peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path echo received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path dh-public-key sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39691,6 +39752,14 @@ show stats bfd by-peer-path echo received [peer-name <peer-name>] [peer-host <pe
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`arp-failure`](#show-stats-bfd-by-peer-path-dh-public-key-sent-arp-failure) | BFD dh-public-key exchange packets tx arp failure on the peer path. (in-memory) |
+| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-dh-public-key-sent-buffer-allocation-failure) | BFD dh-public-key exchange packets tx allocation failure on the peer path. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-path-dh-public-key-sent-success) | BFD dh-public-key exchange packets sent successfully on the peer path. (in-memory) |
+
 ##### See Also
 
 | command | description |
@@ -39698,18 +39767,14 @@ show stats bfd by-peer-path echo received [peer-name <peer-name>] [peer-host <pe
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path echo sent`
+## `show stats bfd by-peer-path dh-public-key sent arp-failure`
 
-BFD echo packets sent on the peer path.
+BFD dh-public-key exchange packets tx arp failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path echo sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path dh-public-key sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39731,14 +39796,6 @@ show stats bfd by-peer-path echo sent [peer-name <peer-name>] [peer-host <peer-h
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`arp-failure`](#show-stats-bfd-by-peer-path-echo-sent-arp-failure) | BFD echo packets arp failure on the peer path. (in-memory) |
-| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-echo-sent-buffer-allocation-failure) | BFD echo packets buffer allocation failure on the peer path. (in-memory) |
-| [`success`](#show-stats-bfd-by-peer-path-echo-sent-success) | BFD echo packets sent successfully on the peer path. (in-memory) |
-
 ##### See Also
 
 | command | description |
@@ -39746,14 +39803,18 @@ show stats bfd by-peer-path echo sent [peer-name <peer-name>] [peer-host <peer-h
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path echo sent arp-failure`
+#### Description
 
-BFD echo packets arp failure on the peer path. (in-memory)
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path dh-public-key sent buffer-allocation-failure`
+
+BFD dh-public-key exchange packets tx allocation failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path echo sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path dh-public-key sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39786,14 +39847,14 @@ show stats bfd by-peer-path echo sent arp-failure [peer-name <peer-name>] [peer-
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path echo sent buffer-allocation-failure`
+## `show stats bfd by-peer-path dh-public-key sent success`
 
-BFD echo packets buffer allocation failure on the peer path. (in-memory)
+BFD dh-public-key exchange packets sent successfully on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path echo sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path dh-public-key sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39826,14 +39887,14 @@ show stats bfd by-peer-path echo sent buffer-allocation-failure [peer-name <peer
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path echo sent success`
+## `show stats bfd by-peer-path dynamic-damping`
 
-BFD echo packets sent successfully on the peer path. (in-memory)
+Stats pertaining to Dynamic BFD Damping
 
 #### Usage
 
 ```
-show stats bfd by-peer-path echo sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path dynamic-damping [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39855,6 +39916,13 @@ show stats bfd by-peer-path echo sent success [peer-name <peer-name>] [peer-host
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`current-hold-down-time`](#show-stats-bfd-by-peer-path-dynamic-damping-current-hold-down-time) | The hold-down duration in seconds. This value will be used for the next time the hold-down timer is started (in-memory) |
+| [`hold-down-link-flaps`](#show-stats-bfd-by-peer-path-dynamic-damping-hold-down-link-flaps) | Number of link flaps that have occured within a hold-down period since the last path-down notification (in-memory) |
+
 ##### See Also
 
 | command | description |
@@ -39862,18 +39930,14 @@ show stats bfd by-peer-path echo sent success [peer-name <peer-name>] [peer-host
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path jitter`
+## `show stats bfd by-peer-path dynamic-damping current-hold-down-time`
 
-Jitter in milliseconds for the SSR peer path.
+The hold-down duration in seconds. This value will be used for the next time the hold-down timer is started (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path jitter [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path dynamic-damping current-hold-down-time [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39902,14 +39966,18 @@ show stats bfd by-peer-path jitter [peer-name <peer-name>] [peer-host <peer-host
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path latency`
+#### Description
 
-Latency in milliseconds for the SSR peer path.
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path dynamic-damping hold-down-link-flaps`
+
+Number of link flaps that have occured within a hold-down period since the last path-down notification (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path latency [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path dynamic-damping hold-down-link-flaps [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39938,14 +40006,18 @@ show stats bfd by-peer-path latency [peer-name <peer-name>] [peer-host <peer-hos
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path link-down`
+#### Description
 
-Stats tracking BFD link down event per peer path
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path echo`
+
+Stats pertaining to BFD echo mode per peer path
 
 #### Usage
 
 ```
-show stats bfd by-peer-path link-down [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path echo [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -39971,10 +40043,8 @@ show stats bfd by-peer-path link-down [peer-name <peer-name>] [peer-host <peer-h
 
 | command | description |
 | ------- | ----------- |
-| [`local-oper-down`](#show-stats-bfd-by-peer-path-link-down-local-oper-down) | The number of link-downs triggered by local-oper-down. (in-memory) |
-| [`remote-admin-down`](#show-stats-bfd-by-peer-path-link-down-remote-admin-down) | The number of link-downs triggered by remote-admin-down on the peer path. (in-memory) |
-| [`remote-down`](#show-stats-bfd-by-peer-path-link-down-remote-down) | The number of link-downs triggered by remote-down on the peer path. (in-memory) |
-| [`timer-expiry`](#show-stats-bfd-by-peer-path-link-down-timer-expiry) | The number of link-downs triggered by timer-expiry on the peer path. (in-memory) |
+| [`received`](#show-stats-bfd-by-peer-path-echo-received) | BFD echo packets received on the peer path. (in-memory) |
+| [`sent`](#show-stats-bfd-by-peer-path-echo-sent) | BFD echo packets sent on the peer path. |
 
 ##### See Also
 
@@ -39983,14 +40053,14 @@ show stats bfd by-peer-path link-down [peer-name <peer-name>] [peer-host <peer-h
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path link-down local-oper-down`
+## `show stats bfd by-peer-path echo received`
 
-The number of link-downs triggered by local-oper-down. (in-memory)
+BFD echo packets received on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path link-down local-oper-down [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path echo received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40023,14 +40093,14 @@ show stats bfd by-peer-path link-down local-oper-down [peer-name <peer-name>] [p
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path link-down remote-admin-down`
+## `show stats bfd by-peer-path echo sent`
 
-The number of link-downs triggered by remote-admin-down on the peer path. (in-memory)
+BFD echo packets sent on the peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path link-down remote-admin-down [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path echo sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40052,6 +40122,14 @@ show stats bfd by-peer-path link-down remote-admin-down [peer-name <peer-name>]
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`arp-failure`](#show-stats-bfd-by-peer-path-echo-sent-arp-failure) | BFD echo packets arp failure on the peer path. (in-memory) |
+| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-echo-sent-buffer-allocation-failure) | BFD echo packets buffer allocation failure on the peer path. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-path-echo-sent-success) | BFD echo packets sent successfully on the peer path. (in-memory) |
+
 ##### See Also
 
 | command | description |
@@ -40059,18 +40137,14 @@ show stats bfd by-peer-path link-down remote-admin-down [peer-name <peer-name>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path link-down remote-down`
+## `show stats bfd by-peer-path echo sent arp-failure`
 
-The number of link-downs triggered by remote-down on the peer path. (in-memory)
+BFD echo packets arp failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path link-down remote-down [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path echo sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40103,14 +40177,14 @@ show stats bfd by-peer-path link-down remote-down [peer-name <peer-name>] [peer-
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path link-down timer-expiry`
+## `show stats bfd by-peer-path echo sent buffer-allocation-failure`
 
-The number of link-downs triggered by timer-expiry on the peer path. (in-memory)
+BFD echo packets buffer allocation failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path link-down timer-expiry [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path echo sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40143,14 +40217,14 @@ show stats bfd by-peer-path link-down timer-expiry [peer-name <peer-name>] [peer
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path link-up`
+## `show stats bfd by-peer-path echo sent success`
 
-The number of link-ups on the peer path. (in-memory)
+BFD echo packets sent successfully on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path link-up [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path echo sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40183,14 +40257,14 @@ show stats bfd by-peer-path link-up [peer-name <peer-name>] [peer-host <peer-hos
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path local-source-nat-change`
+## `show stats bfd by-peer-path jitter`
 
-The number of local source nat changes on the peer path. (in-memory)
+Jitter in milliseconds for the SSR peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path local-source-nat-change [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path jitter [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40219,18 +40293,14 @@ show stats bfd by-peer-path local-source-nat-change [peer-name <peer-name>] [pee
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path local-source-nat-reset`
+## `show stats bfd by-peer-path latency`
 
-The number of local source nat resets on the peer path. (in-memory)
+Latency in milliseconds for the SSR peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path local-source-nat-reset [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path latency [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40259,18 +40329,14 @@ show stats bfd by-peer-path local-source-nat-reset [peer-name <peer-name>] [peer
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd by-peer-path loss`
+## `show stats bfd by-peer-path link-down`
 
-Packet loss percentange for the SSR peer path.
+Stats tracking BFD link down event per peer path
 
 #### Usage
 
 ```
-show stats bfd by-peer-path loss [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path link-down [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40292,6 +40358,15 @@ show stats bfd by-peer-path loss [peer-name <peer-name>] [peer-host <peer-host>]
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`local-oper-down`](#show-stats-bfd-by-peer-path-link-down-local-oper-down) | The number of link-downs triggered by local-oper-down. (in-memory) |
+| [`remote-admin-down`](#show-stats-bfd-by-peer-path-link-down-remote-admin-down) | The number of link-downs triggered by remote-admin-down on the peer path. (in-memory) |
+| [`remote-down`](#show-stats-bfd-by-peer-path-link-down-remote-down) | The number of link-downs triggered by remote-down on the peer path. (in-memory) |
+| [`timer-expiry`](#show-stats-bfd-by-peer-path-link-down-timer-expiry) | The number of link-downs triggered by timer-expiry on the peer path. (in-memory) |
+
 ##### See Also
 
 | command | description |
@@ -40299,14 +40374,14 @@ show stats bfd by-peer-path loss [peer-name <peer-name>] [peer-host <peer-host>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path metadata-key`
+## `show stats bfd by-peer-path link-down local-oper-down`
 
-Stats pertaining to BFD metadata-key exchange per peer path
+The number of link-downs triggered by local-oper-down. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path metadata-key [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path link-down local-oper-down [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40328,13 +40403,6 @@ show stats bfd by-peer-path metadata-key [peer-name <peer-name>] [peer-host <pee
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`received`](#show-stats-bfd-by-peer-path-metadata-key-received) | BFD metadata-key exchange packets received on the peer path. |
-| [`sent`](#show-stats-bfd-by-peer-path-metadata-key-sent) | BFD metadata-key exchange packets sent on the peer path. |
-
 ##### See Also
 
 | command | description |
@@ -40342,14 +40410,18 @@ show stats bfd by-peer-path metadata-key [peer-name <peer-name>] [peer-host <pee
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path metadata-key received`
+#### Description
 
-BFD metadata-key exchange packets received on the peer path.
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path link-down remote-admin-down`
+
+The number of link-downs triggered by remote-admin-down on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path metadata-key received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path link-down remote-admin-down [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40371,12 +40443,6 @@ show stats bfd by-peer-path metadata-key received [peer-name <peer-name>] [peer-
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`success`](#show-stats-bfd-by-peer-path-metadata-key-received-success) | BFD metadata-key exchange packets received on the peer path. (in-memory) |
-
 ##### See Also
 
 | command | description |
@@ -40384,14 +40450,18 @@ show stats bfd by-peer-path metadata-key received [peer-name <peer-name>] [peer-
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path metadata-key received success`
+#### Description
 
-BFD metadata-key exchange packets received on the peer path. (in-memory)
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path link-down remote-down`
+
+The number of link-downs triggered by remote-down on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path metadata-key received success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path link-down remote-down [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40424,14 +40494,14 @@ show stats bfd by-peer-path metadata-key received success [peer-name <peer-name>
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path metadata-key sent`
+## `show stats bfd by-peer-path link-down timer-expiry`
 
-BFD metadata-key exchange packets sent on the peer path.
+The number of link-downs triggered by timer-expiry on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path metadata-key sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path link-down timer-expiry [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40453,13 +40523,45 @@ show stats bfd by-peer-path metadata-key sent [peer-name <peer-name>] [peer-host
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
+##### See Also
 
 | command | description |
 | ------- | ----------- |
-| [`arp-failure`](#show-stats-bfd-by-peer-path-metadata-key-sent-arp-failure) | BFD metadata-key exchange packets tx arp failure on the peer path. (in-memory) |
-| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-metadata-key-sent-buffer-allocation-failure) | BFD metadata-key exchange packets tx allocation failure on the peer path. (in-memory) |
-| [`success`](#show-stats-bfd-by-peer-path-metadata-key-sent-success) | BFD metadata-key exchange packets sent successfully on the peer path. (in-memory) |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+#### Description
+
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path link-up`
+
+The number of link-ups on the peer path. (in-memory)
+
+#### Usage
+
+```
+show stats bfd by-peer-path link-up [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
 
 ##### See Also
 
@@ -40468,14 +40570,18 @@ show stats bfd by-peer-path metadata-key sent [peer-name <peer-name>] [peer-host
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path metadata-key sent arp-failure`
+#### Description
 
-BFD metadata-key exchange packets tx arp failure on the peer path. (in-memory)
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path local-source-nat-change`
+
+The number of local source nat changes on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path metadata-key sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path local-source-nat-change [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40508,14 +40614,14 @@ show stats bfd by-peer-path metadata-key sent arp-failure [peer-name <peer-name>
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path metadata-key sent buffer-allocation-failure`
+## `show stats bfd by-peer-path local-source-nat-reset`
 
-BFD metadata-key exchange packets tx allocation failure on the peer path. (in-memory)
+The number of local source nat resets on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path metadata-key sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path local-source-nat-reset [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40548,14 +40654,14 @@ show stats bfd by-peer-path metadata-key sent buffer-allocation-failure [peer-na
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path metadata-key sent success`
+## `show stats bfd by-peer-path loss`
 
-BFD metadata-key exchange packets sent successfully on the peer path. (in-memory)
+Packet loss percentange for the SSR peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path metadata-key sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path loss [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40584,18 +40690,57 @@ show stats bfd by-peer-path metadata-key sent success [peer-name <peer-name>] [p
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
+## `show stats bfd by-peer-path metadata-key`
 
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+Stats pertaining to BFD metadata-key exchange per peer path
 
-## `show stats bfd by-peer-path mos`
+#### Usage
 
-MOS value calculated for the SSR peer path. (hundreths of a decimal)
+```
+show stats bfd by-peer-path metadata-key [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`received`](#show-stats-bfd-by-peer-path-metadata-key-received) | BFD metadata-key exchange packets received on the peer path. |
+| [`sent`](#show-stats-bfd-by-peer-path-metadata-key-sent) | BFD metadata-key exchange packets sent on the peer path. |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd by-peer-path metadata-key received`
+
+BFD metadata-key exchange packets received on the peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path mos [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path metadata-key received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40617,6 +40762,12 @@ show stats bfd by-peer-path mos [peer-name <peer-name>] [peer-host <peer-host>]
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`success`](#show-stats-bfd-by-peer-path-metadata-key-received-success) | BFD metadata-key exchange packets received on the peer path. (in-memory) |
+
 ##### See Also
 
 | command | description |
@@ -40624,14 +40775,54 @@ show stats bfd by-peer-path mos [peer-name <peer-name>] [peer-host <peer-host>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path neighbor`
+## `show stats bfd by-peer-path metadata-key received success`
 
-Stats pertaining to BFD Neighbor
+BFD metadata-key exchange packets received on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path neighbor [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path metadata-key received success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+#### Description
+
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path metadata-key sent`
+
+BFD metadata-key exchange packets sent on the peer path.
+
+#### Usage
+
+```
+show stats bfd by-peer-path metadata-key sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40657,8 +40848,9 @@ show stats bfd by-peer-path neighbor [peer-name <peer-name>] [peer-host <peer-ho
 
 | command | description |
 | ------- | ----------- |
-| [`failover`](#show-stats-bfd-by-peer-path-neighbor-failover) | The number of neighbor failover events on the peer path. (in-memory) |
-| [`source-nat-change`](#show-stats-bfd-by-peer-path-neighbor-source-nat-change) | The number of neighbor source nat changes on the peer path. (in-memory) |
+| [`arp-failure`](#show-stats-bfd-by-peer-path-metadata-key-sent-arp-failure) | BFD metadata-key exchange packets tx arp failure on the peer path. (in-memory) |
+| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-metadata-key-sent-buffer-allocation-failure) | BFD metadata-key exchange packets tx allocation failure on the peer path. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-path-metadata-key-sent-success) | BFD metadata-key exchange packets sent successfully on the peer path. (in-memory) |
 
 ##### See Also
 
@@ -40667,14 +40859,14 @@ show stats bfd by-peer-path neighbor [peer-name <peer-name>] [peer-host <peer-ho
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path neighbor failover`
+## `show stats bfd by-peer-path metadata-key sent arp-failure`
 
-The number of neighbor failover events on the peer path. (in-memory)
+BFD metadata-key exchange packets tx arp failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path neighbor failover [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path metadata-key sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40707,14 +40899,14 @@ show stats bfd by-peer-path neighbor failover [peer-name <peer-name>] [peer-host
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path neighbor source-nat-change`
+## `show stats bfd by-peer-path metadata-key sent buffer-allocation-failure`
 
-The number of neighbor source nat changes on the peer path. (in-memory)
+BFD metadata-key exchange packets tx allocation failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path neighbor source-nat-change [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path metadata-key sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40747,14 +40939,54 @@ show stats bfd by-peer-path neighbor source-nat-change [peer-name <peer-name>] [
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path salt`
+## `show stats bfd by-peer-path metadata-key sent success`
 
-Stats pertaining to BFD salt exchange per peer path
+BFD metadata-key exchange packets sent successfully on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path salt [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path metadata-key sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+#### Description
+
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path ml-kem-key`
+
+Stats pertaining to BFD ml-kem-key exchange per peer path
+
+#### Usage
+
+```
+show stats bfd by-peer-path ml-kem-key [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40780,8 +41012,8 @@ show stats bfd by-peer-path salt [peer-name <peer-name>] [peer-host <peer-host>]
 
 | command | description |
 | ------- | ----------- |
-| [`received`](#show-stats-bfd-by-peer-path-salt-received) | BFD salt exchange packets received on the peer path. |
-| [`sent`](#show-stats-bfd-by-peer-path-salt-sent) | BFD salt exchange packets sent on the peer path. |
+| [`received`](#show-stats-bfd-by-peer-path-ml-kem-key-received) | BFD ml-kem-key exchange packets received on the peer path. |
+| [`sent`](#show-stats-bfd-by-peer-path-ml-kem-key-sent) | BFD ml-kem-key exchange packets sent on the peer path. |
 
 ##### See Also
 
@@ -40790,14 +41022,14 @@ show stats bfd by-peer-path salt [peer-name <peer-name>] [peer-host <peer-host>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path salt received`
+## `show stats bfd by-peer-path ml-kem-key received`
 
-BFD salt exchange packets received on the peer path.
+BFD ml-kem-key exchange packets received on the peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path salt received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path ml-kem-key received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40823,7 +41055,7 @@ show stats bfd by-peer-path salt received [peer-name <peer-name>] [peer-host <pe
 
 | command | description |
 | ------- | ----------- |
-| [`success`](#show-stats-bfd-by-peer-path-salt-received-success) | BFD salt exchange packets received on the peer path. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-path-ml-kem-key-received-success) | BFD ml-kem-key exchange packets received on the peer path. (in-memory) |
 
 ##### See Also
 
@@ -40832,14 +41064,14 @@ show stats bfd by-peer-path salt received [peer-name <peer-name>] [peer-host <pe
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path salt received success`
+## `show stats bfd by-peer-path ml-kem-key received success`
 
-BFD salt exchange packets received on the peer path. (in-memory)
+BFD ml-kem-key exchange packets received on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path salt received success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path ml-kem-key received success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40872,14 +41104,14 @@ show stats bfd by-peer-path salt received success [peer-name <peer-name>] [peer-
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path salt sent`
+## `show stats bfd by-peer-path ml-kem-key sent`
 
-BFD salt exchange packets sent on the peer path.
+BFD ml-kem-key exchange packets sent on the peer path.
 
 #### Usage
 
 ```
-show stats bfd by-peer-path salt sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path ml-kem-key sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40905,9 +41137,9 @@ show stats bfd by-peer-path salt sent [peer-name <peer-name>] [peer-host <peer-h
 
 | command | description |
 | ------- | ----------- |
-| [`arp-failure`](#show-stats-bfd-by-peer-path-salt-sent-arp-failure) | BFD salt exchange packets tx arp failure on the peer path. (in-memory) |
-| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-salt-sent-buffer-allocation-failure) | BFD salt exchange packets tx allocation failure on the peer path. (in-memory) |
-| [`success`](#show-stats-bfd-by-peer-path-salt-sent-success) | BFD salt exchange packets sent successfully on the peer path. (in-memory) |
+| [`arp-failure`](#show-stats-bfd-by-peer-path-ml-kem-key-sent-arp-failure) | BFD ml-kem-key exchange packets tx arp failure on the peer path. (in-memory) |
+| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-ml-kem-key-sent-buffer-allocation-failure) | BFD ml-kem-key exchange packets tx allocation failure on the peer path. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-path-ml-kem-key-sent-success) | BFD ml-kem-key exchange packets sent successfully on the peer path. (in-memory) |
 
 ##### See Also
 
@@ -40916,14 +41148,14 @@ show stats bfd by-peer-path salt sent [peer-name <peer-name>] [peer-host <peer-h
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd by-peer-path salt sent arp-failure`
+## `show stats bfd by-peer-path ml-kem-key sent arp-failure`
 
-BFD salt exchange packets tx arp failure on the peer path. (in-memory)
+BFD ml-kem-key exchange packets tx arp failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path salt sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path ml-kem-key sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40956,14 +41188,14 @@ show stats bfd by-peer-path salt sent arp-failure [peer-name <peer-name>] [peer-
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path salt sent buffer-allocation-failure`
+## `show stats bfd by-peer-path ml-kem-key sent buffer-allocation-failure`
 
-BFD salt exchange packets tx allocation failure on the peer path. (in-memory)
+BFD ml-kem-key exchange packets tx allocation failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path salt sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path ml-kem-key sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -40996,14 +41228,14 @@ show stats bfd by-peer-path salt sent buffer-allocation-failure [peer-name <peer
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd by-peer-path salt sent success`
+## `show stats bfd by-peer-path ml-kem-key sent success`
 
-BFD salt exchange packets sent successfully on the peer path. (in-memory)
+BFD ml-kem-key exchange packets sent successfully on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd by-peer-path salt sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path ml-kem-key sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41036,24 +41268,28 @@ show stats bfd by-peer-path salt sent success [peer-name <peer-name>] [peer-host
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats bfd cert`
+## `show stats bfd by-peer-path mos`
 
-Stats pertaining to BFD certificate exchange mode in total.
+MOS value calculated for the SSR peer path. (hundreths of a decimal)
 
 #### Usage
 
 ```
-show stats bfd cert [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path mos [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -41061,13 +41297,6 @@ show stats bfd cert [since <since>] [force] [router <router>] [node <node>] [<ve
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`received`](#show-stats-bfd-cert-received) | BFD certificate exchange packets received on the peer path. |
-| [`sent`](#show-stats-bfd-cert-sent) | BFD certificate exchange packets sent on the peer path. |
-
 ##### See Also
 
 | command | description |
@@ -41075,24 +41304,28 @@ show stats bfd cert [since <since>] [force] [router <router>] [node <node>] [<ve
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd cert received`
+## `show stats bfd by-peer-path neighbor`
 
-BFD certificate exchange packets received on the peer path.
+Stats pertaining to BFD Neighbor
 
 #### Usage
 
 ```
-show stats bfd cert received [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path neighbor [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -41104,8 +41337,8 @@ show stats bfd cert received [since <since>] [force] [router <router>] [node <no
 
 | command | description |
 | ------- | ----------- |
-| [`miss`](#show-stats-bfd-cert-received-miss) | BFD certificate exchange packets not received in time on the peer path. |
-| [`success`](#show-stats-bfd-cert-received-success) | BFD certificate exchange packets received on the peer path. |
+| [`failover`](#show-stats-bfd-by-peer-path-neighbor-failover) | The number of neighbor failover events on the peer path. (in-memory) |
+| [`source-nat-change`](#show-stats-bfd-by-peer-path-neighbor-source-nat-change) | The number of neighbor source nat changes on the peer path. (in-memory) |
 
 ##### See Also
 
@@ -41114,24 +41347,28 @@ show stats bfd cert received [since <since>] [force] [router <router>] [node <no
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd cert received miss`
+## `show stats bfd by-peer-path neighbor failover`
 
-BFD certificate exchange packets not received in time on the peer path.
+The number of neighbor failover events on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd cert received miss [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path neighbor failover [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -41146,24 +41383,32 @@ show stats bfd cert received miss [since <since>] [force] [router <router>] [nod
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd cert received success`
+#### Description
 
-BFD certificate exchange packets received on the peer path.
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path neighbor source-nat-change`
+
+The number of neighbor source nat changes on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd cert received success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path neighbor source-nat-change [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -41178,24 +41423,32 @@ show stats bfd cert received success [since <since>] [force] [router <router>] [
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd cert sent`
+#### Description
 
-BFD certificate exchange packets sent on the peer path.
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path salt`
+
+Stats pertaining to BFD salt exchange per peer path
 
 #### Usage
 
 ```
-show stats bfd cert sent [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path salt [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -41207,9 +41460,8 @@ show stats bfd cert sent [since <since>] [force] [router <router>] [node <node>]
 
 | command | description |
 | ------- | ----------- |
-| [`arp-failure`](#show-stats-bfd-cert-sent-arp-failure) | BFD certificate exchange packets arp failure in total. |
-| [`buffer-allocation-failure`](#show-stats-bfd-cert-sent-buffer-allocation-failure) | BFD certificate exchange packets buffer allocation failure in total. |
-| [`success`](#show-stats-bfd-cert-sent-success) | BFD certificate exchange packets sent successfully in total. |
+| [`received`](#show-stats-bfd-by-peer-path-salt-received) | BFD salt exchange packets received on the peer path. |
+| [`sent`](#show-stats-bfd-by-peer-path-salt-sent) | BFD salt exchange packets sent on the peer path. |
 
 ##### See Also
 
@@ -41218,24 +41470,28 @@ show stats bfd cert sent [since <since>] [force] [router <router>] [node <node>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd cert sent arp-failure`
+## `show stats bfd by-peer-path salt received`
 
-BFD certificate exchange packets arp failure in total.
+BFD salt exchange packets received on the peer path.
 
 #### Usage
 
 ```
-show stats bfd cert sent arp-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path salt received [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -41243,37 +41499,11 @@ show stats bfd cert sent arp-failure [since <since>] [force] [router <router>] [
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### See Also
+##### Subcommands
 
 | command | description |
 | ------- | ----------- |
-| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
-| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
-
-## `show stats bfd cert sent buffer-allocation-failure`
-
-BFD certificate exchange packets buffer allocation failure in total.
-
-#### Usage
-
-```
-show stats bfd cert sent buffer-allocation-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
-```
-
-##### Keyword Arguments
-
-| name | description |
-| ---- | ----------- |
-| force | Skip confirmation prompt. Only required when targeting all routers |
-| node | The name of the node generating this metric |
-| router | The router for which to display stats (default: &lt;current router&gt;) |
-| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
-
-##### Positional Arguments
-
-| name | description |
-| ---- | ----------- |
-| verbosity | detail \| summary \| debug (default: detail) |
+| [`success`](#show-stats-bfd-by-peer-path-salt-received-success) | BFD salt exchange packets received on the peer path. (in-memory) |
 
 ##### See Also
 
@@ -41282,24 +41512,28 @@ show stats bfd cert sent buffer-allocation-failure [since <since>] [force] [rout
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd cert sent success`
+## `show stats bfd by-peer-path salt received success`
 
-BFD certificate exchange packets sent successfully in total.
+BFD salt exchange packets received on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd cert sent success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path salt received success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -41314,24 +41548,32 @@ show stats bfd cert sent success [since <since>] [force] [router <router>] [node
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd dh-public-key`
+#### Description
 
-Stats pertaining to BFD dh-public-key exchange mode in total.
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path salt sent`
+
+BFD salt exchange packets sent on the peer path.
 
 #### Usage
 
 ```
-show stats bfd dh-public-key [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path salt sent [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -41343,8 +41585,9 @@ show stats bfd dh-public-key [since <since>] [force] [router <router>] [node <no
 
 | command | description |
 | ------- | ----------- |
-| [`received`](#show-stats-bfd-dh-public-key-received) | BFD dh-public-key exchange packets received on the peer path. |
-| [`sent`](#show-stats-bfd-dh-public-key-sent) | BFD dh-public-key exchange packets sent on the peer path. |
+| [`arp-failure`](#show-stats-bfd-by-peer-path-salt-sent-arp-failure) | BFD salt exchange packets tx arp failure on the peer path. (in-memory) |
+| [`buffer-allocation-failure`](#show-stats-bfd-by-peer-path-salt-sent-buffer-allocation-failure) | BFD salt exchange packets tx allocation failure on the peer path. (in-memory) |
+| [`success`](#show-stats-bfd-by-peer-path-salt-sent-success) | BFD salt exchange packets sent successfully on the peer path. (in-memory) |
 
 ##### See Also
 
@@ -41353,24 +41596,28 @@ show stats bfd dh-public-key [since <since>] [force] [router <router>] [node <no
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd dh-public-key received`
+## `show stats bfd by-peer-path salt sent arp-failure`
 
-BFD dh-public-key exchange packets received on the peer path.
+BFD salt exchange packets tx arp failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd dh-public-key received [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path salt sent arp-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -41378,13 +41625,6 @@ show stats bfd dh-public-key received [since <since>] [force] [router <router>]
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`miss`](#show-stats-bfd-dh-public-key-received-miss) | BFD dh-public-key exchange packets not received in time on the peer path. |
-| [`success`](#show-stats-bfd-dh-public-key-received-success) | BFD dh-public-key exchange packets received on the peer path. |
-
 ##### See Also
 
 | command | description |
@@ -41392,24 +41632,32 @@ show stats bfd dh-public-key received [since <since>] [force] [router <router>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd dh-public-key received miss`
+#### Description
 
-BFD dh-public-key exchange packets not received in time on the peer path.
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path salt sent buffer-allocation-failure`
+
+BFD salt exchange packets tx allocation failure on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd dh-public-key received miss [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path salt sent buffer-allocation-failure [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -41424,24 +41672,32 @@ show stats bfd dh-public-key received miss [since <since>] [force] [router <rout
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd dh-public-key received success`
+#### Description
 
-BFD dh-public-key exchange packets received on the peer path.
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd by-peer-path salt sent success`
+
+BFD salt exchange packets sent successfully on the peer path. (in-memory)
 
 #### Usage
 
 ```
-show stats bfd dh-public-key received success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd by-peer-path salt sent success [peer-name <peer-name>] [peer-host <peer-host>] [device-name <device-name>] [vlan <vlan>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
 
 | name | description |
 | ---- | ----------- |
+| device-name | The name of the device port for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| peer-host | The host of the peer generating this metric (comma-separated list) |
+| peer-name | The name of the peer generating this metric (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+| vlan | The vlan for which this metrics was generated (comma-separated list) |
 
 ##### Positional Arguments
 
@@ -41456,14 +41712,18 @@ show stats bfd dh-public-key received success [since <since>] [force] [router <r
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd dh-public-key sent`
+#### Description
 
-BFD dh-public-key exchange packets sent on the peer path.
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd cert`
+
+Stats pertaining to BFD certificate exchange mode in total.
 
 #### Usage
 
 ```
-show stats bfd dh-public-key sent [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd cert [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41485,9 +41745,8 @@ show stats bfd dh-public-key sent [since <since>] [force] [router <router>] [nod
 
 | command | description |
 | ------- | ----------- |
-| [`arp-failure`](#show-stats-bfd-dh-public-key-sent-arp-failure) | BFD dh-public-key exchange packets arp failure in total. |
-| [`buffer-allocation-failure`](#show-stats-bfd-dh-public-key-sent-buffer-allocation-failure) | BFD dh-public-key exchange packets buffer allocation failure in total. |
-| [`success`](#show-stats-bfd-dh-public-key-sent-success) | BFD dh-public-key exchange packets sent successfully in total. |
+| [`received`](#show-stats-bfd-cert-received) | BFD certificate exchange packets received on the peer path. |
+| [`sent`](#show-stats-bfd-cert-sent) | BFD certificate exchange packets sent on the peer path. |
 
 ##### See Also
 
@@ -41496,14 +41755,14 @@ show stats bfd dh-public-key sent [since <since>] [force] [router <router>] [nod
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd dh-public-key sent arp-failure`
+## `show stats bfd cert received`
 
-BFD dh-public-key exchange packets arp failure in total.
+BFD certificate exchange packets received on the peer path.
 
 #### Usage
 
 ```
-show stats bfd dh-public-key sent arp-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd cert received [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41521,37 +41780,12 @@ show stats bfd dh-public-key sent arp-failure [since <since>] [force] [router <r
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### See Also
+##### Subcommands
 
 | command | description |
 | ------- | ----------- |
-| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
-| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
-
-## `show stats bfd dh-public-key sent buffer-allocation-failure`
-
-BFD dh-public-key exchange packets buffer allocation failure in total.
-
-#### Usage
-
-```
-show stats bfd dh-public-key sent buffer-allocation-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
-```
-
-##### Keyword Arguments
-
-| name | description |
-| ---- | ----------- |
-| force | Skip confirmation prompt. Only required when targeting all routers |
-| node | The name of the node generating this metric |
-| router | The router for which to display stats (default: &lt;current router&gt;) |
-| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
-
-##### Positional Arguments
-
-| name | description |
-| ---- | ----------- |
-| verbosity | detail \| summary \| debug (default: detail) |
+| [`miss`](#show-stats-bfd-cert-received-miss) | BFD certificate exchange packets not received in time on the peer path. |
+| [`success`](#show-stats-bfd-cert-received-success) | BFD certificate exchange packets received on the peer path. |
 
 ##### See Also
 
@@ -41560,14 +41794,460 @@ show stats bfd dh-public-key sent buffer-allocation-failure [since <since>] [for
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd dh-public-key sent success`
+## `show stats bfd cert received miss`
 
-BFD dh-public-key exchange packets sent successfully in total.
+BFD certificate exchange packets not received in time on the peer path.
 
 #### Usage
 
 ```
-show stats bfd dh-public-key sent success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd cert received miss [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd cert received success`
+
+BFD certificate exchange packets received on the peer path.
+
+#### Usage
+
+```
+show stats bfd cert received success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd cert sent`
+
+BFD certificate exchange packets sent on the peer path.
+
+#### Usage
+
+```
+show stats bfd cert sent [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`arp-failure`](#show-stats-bfd-cert-sent-arp-failure) | BFD certificate exchange packets arp failure in total. |
+| [`buffer-allocation-failure`](#show-stats-bfd-cert-sent-buffer-allocation-failure) | BFD certificate exchange packets buffer allocation failure in total. |
+| [`success`](#show-stats-bfd-cert-sent-success) | BFD certificate exchange packets sent successfully in total. |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd cert sent arp-failure`
+
+BFD certificate exchange packets arp failure in total.
+
+#### Usage
+
+```
+show stats bfd cert sent arp-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd cert sent buffer-allocation-failure`
+
+BFD certificate exchange packets buffer allocation failure in total.
+
+#### Usage
+
+```
+show stats bfd cert sent buffer-allocation-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd cert sent success`
+
+BFD certificate exchange packets sent successfully in total.
+
+#### Usage
+
+```
+show stats bfd cert sent success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd dh-public-key`
+
+Stats pertaining to BFD dh-public-key exchange mode in total.
+
+#### Usage
+
+```
+show stats bfd dh-public-key [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`received`](#show-stats-bfd-dh-public-key-received) | BFD dh-public-key exchange packets received on the peer path. |
+| [`sent`](#show-stats-bfd-dh-public-key-sent) | BFD dh-public-key exchange packets sent on the peer path. |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd dh-public-key received`
+
+BFD dh-public-key exchange packets received on the peer path.
+
+#### Usage
+
+```
+show stats bfd dh-public-key received [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`miss`](#show-stats-bfd-dh-public-key-received-miss) | BFD dh-public-key exchange packets not received in time on the peer path. |
+| [`success`](#show-stats-bfd-dh-public-key-received-success) | BFD dh-public-key exchange packets received on the peer path. |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd dh-public-key received miss`
+
+BFD dh-public-key exchange packets not received in time on the peer path.
+
+#### Usage
+
+```
+show stats bfd dh-public-key received miss [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd dh-public-key received success`
+
+BFD dh-public-key exchange packets received on the peer path.
+
+#### Usage
+
+```
+show stats bfd dh-public-key received success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd dh-public-key sent`
+
+BFD dh-public-key exchange packets sent on the peer path.
+
+#### Usage
+
+```
+show stats bfd dh-public-key sent [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`arp-failure`](#show-stats-bfd-dh-public-key-sent-arp-failure) | BFD dh-public-key exchange packets arp failure in total. |
+| [`buffer-allocation-failure`](#show-stats-bfd-dh-public-key-sent-buffer-allocation-failure) | BFD dh-public-key exchange packets buffer allocation failure in total. |
+| [`success`](#show-stats-bfd-dh-public-key-sent-success) | BFD dh-public-key exchange packets sent successfully in total. |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd dh-public-key sent arp-failure`
+
+BFD dh-public-key exchange packets arp failure in total.
+
+#### Usage
+
+```
+show stats bfd dh-public-key sent arp-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd dh-public-key sent buffer-allocation-failure`
+
+BFD dh-public-key exchange packets buffer allocation failure in total.
+
+#### Usage
+
+```
+show stats bfd dh-public-key sent buffer-allocation-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd dh-public-key sent success`
+
+BFD dh-public-key exchange packets sent successfully in total.
+
+#### Usage
+
+```
+show stats bfd dh-public-key sent success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41662,18 +42342,330 @@ show stats bfd dynamic-damping hold-down-link-flaps [since <since>] [force] [rou
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-#### Description
-
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
-
-## `show stats bfd echo`
+#### Description
+
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats bfd echo`
+
+Stats pertaining to BFD echo mode in total.
+
+#### Usage
+
+```
+show stats bfd echo [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`received`](#show-stats-bfd-echo-received) | BFD echo packets received on the peer path. |
+| [`sent`](#show-stats-bfd-echo-sent) | BFD echo packets sent on the peer path. |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd echo received`
+
+BFD echo packets received on the peer path.
+
+#### Usage
+
+```
+show stats bfd echo received [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd echo sent`
+
+BFD echo packets sent on the peer path.
+
+#### Usage
+
+```
+show stats bfd echo sent [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`arp-failure`](#show-stats-bfd-echo-sent-arp-failure) | BFD echo packets tx arp failure in total. |
+| [`buffer-allocation-failure`](#show-stats-bfd-echo-sent-buffer-allocation-failure) | BFD echo packets tx allocation failure in total. |
+| [`success`](#show-stats-bfd-echo-sent-success) | BFD echo packets sent successfully in total. |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd echo sent arp-failure`
+
+BFD echo packets tx arp failure in total.
+
+#### Usage
+
+```
+show stats bfd echo sent arp-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd echo sent buffer-allocation-failure`
+
+BFD echo packets tx allocation failure in total.
+
+#### Usage
+
+```
+show stats bfd echo sent buffer-allocation-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd echo sent success`
+
+BFD echo packets sent successfully in total.
+
+#### Usage
+
+```
+show stats bfd echo sent success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd link-down`
+
+Stats tracking BFD link down event
+
+#### Usage
+
+```
+show stats bfd link-down [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`local-oper-down`](#show-stats-bfd-link-down-local-oper-down) | The number of link-downs triggered by local-oper-down. |
+| [`remote-admin-down`](#show-stats-bfd-link-down-remote-admin-down) | The number of link-downs triggered by remote-admin-down on the peer path. |
+| [`remote-down`](#show-stats-bfd-link-down-remote-down) | The number of link-downs triggered by remote-down on the peer path. |
+| [`timer-expiry`](#show-stats-bfd-link-down-timer-expiry) | The number of link-downs triggered by timer-expiry on the peer path. |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd link-down local-oper-down`
+
+The number of link-downs triggered by local-oper-down.
+
+#### Usage
+
+```
+show stats bfd link-down local-oper-down [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd link-down remote-admin-down`
+
+The number of link-downs triggered by remote-admin-down on the peer path.
+
+#### Usage
+
+```
+show stats bfd link-down remote-admin-down [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### See Also
+
+| command | description |
+| ------- | ----------- |
+| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
+| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
+
+## `show stats bfd link-down remote-down`
 
-Stats pertaining to BFD echo mode in total.
+The number of link-downs triggered by remote-down on the peer path.
 
 #### Usage
 
 ```
-show stats bfd echo [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd link-down remote-down [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41691,13 +42683,6 @@ show stats bfd echo [since <since>] [force] [router <router>] [node <node>] [<ve
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`received`](#show-stats-bfd-echo-received) | BFD echo packets received on the peer path. |
-| [`sent`](#show-stats-bfd-echo-sent) | BFD echo packets sent on the peer path. |
-
 ##### See Also
 
 | command | description |
@@ -41705,14 +42690,14 @@ show stats bfd echo [since <since>] [force] [router <router>] [node <node>] [<ve
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd echo received`
+## `show stats bfd link-down timer-expiry`
 
-BFD echo packets received on the peer path.
+The number of link-downs triggered by timer-expiry on the peer path.
 
 #### Usage
 
 ```
-show stats bfd echo received [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd link-down timer-expiry [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41737,14 +42722,14 @@ show stats bfd echo received [since <since>] [force] [router <router>] [node <no
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd echo sent`
+## `show stats bfd link-up`
 
-BFD echo packets sent on the peer path.
+The number of link-ups on the peer path.
 
 #### Usage
 
 ```
-show stats bfd echo sent [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd link-up [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41762,14 +42747,6 @@ show stats bfd echo sent [since <since>] [force] [router <router>] [node <node>]
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
-
-| command | description |
-| ------- | ----------- |
-| [`arp-failure`](#show-stats-bfd-echo-sent-arp-failure) | BFD echo packets tx arp failure in total. |
-| [`buffer-allocation-failure`](#show-stats-bfd-echo-sent-buffer-allocation-failure) | BFD echo packets tx allocation failure in total. |
-| [`success`](#show-stats-bfd-echo-sent-success) | BFD echo packets sent successfully in total. |
-
 ##### See Also
 
 | command | description |
@@ -41777,14 +42754,14 @@ show stats bfd echo sent [since <since>] [force] [router <router>] [node <node>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd echo sent arp-failure`
+## `show stats bfd local-source-nat-change`
 
-BFD echo packets tx arp failure in total.
+The number of local source nat changes on the peer path.
 
 #### Usage
 
 ```
-show stats bfd echo sent arp-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd local-source-nat-change [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41809,14 +42786,14 @@ show stats bfd echo sent arp-failure [since <since>] [force] [router <router>] [
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd echo sent buffer-allocation-failure`
+## `show stats bfd local-source-nat-reset`
 
-BFD echo packets tx allocation failure in total.
+The number of local source nat resets on the peer path.
 
 #### Usage
 
 ```
-show stats bfd echo sent buffer-allocation-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd local-source-nat-reset [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41841,14 +42818,14 @@ show stats bfd echo sent buffer-allocation-failure [since <since>] [force] [rout
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd echo sent success`
+## `show stats bfd metadata-key`
 
-BFD echo packets sent successfully in total.
+Stats pertaining to BFD metadata key exchange mode in total.
 
 #### Usage
 
 ```
-show stats bfd echo sent success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd metadata-key [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41866,6 +42843,13 @@ show stats bfd echo sent success [since <since>] [force] [router <router>] [node
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`received`](#show-stats-bfd-metadata-key-received) | BFD metadata key exchange packets received on the peer path. |
+| [`sent`](#show-stats-bfd-metadata-key-sent) | BFD metadata key exchange packets sent on the peer path. |
+
 ##### See Also
 
 | command | description |
@@ -41873,14 +42857,14 @@ show stats bfd echo sent success [since <since>] [force] [router <router>] [node
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd link-down`
+## `show stats bfd metadata-key received`
 
-Stats tracking BFD link down event
+BFD metadata key exchange packets received on the peer path.
 
 #### Usage
 
 ```
-show stats bfd link-down [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd metadata-key received [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41902,10 +42886,8 @@ show stats bfd link-down [since <since>] [force] [router <router>] [node <node>]
 
 | command | description |
 | ------- | ----------- |
-| [`local-oper-down`](#show-stats-bfd-link-down-local-oper-down) | The number of link-downs triggered by local-oper-down. |
-| [`remote-admin-down`](#show-stats-bfd-link-down-remote-admin-down) | The number of link-downs triggered by remote-admin-down on the peer path. |
-| [`remote-down`](#show-stats-bfd-link-down-remote-down) | The number of link-downs triggered by remote-down on the peer path. |
-| [`timer-expiry`](#show-stats-bfd-link-down-timer-expiry) | The number of link-downs triggered by timer-expiry on the peer path. |
+| [`miss`](#show-stats-bfd-metadata-key-received-miss) | BFD metadata key exchange packets not received in time on the peer path. |
+| [`success`](#show-stats-bfd-metadata-key-received-success) | BFD metadata key exchange packets received on the peer path. |
 
 ##### See Also
 
@@ -41914,14 +42896,14 @@ show stats bfd link-down [since <since>] [force] [router <router>] [node <node>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd link-down local-oper-down`
+## `show stats bfd metadata-key received miss`
 
-The number of link-downs triggered by local-oper-down.
+BFD metadata key exchange packets not received in time on the peer path.
 
 #### Usage
 
 ```
-show stats bfd link-down local-oper-down [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd metadata-key received miss [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41946,14 +42928,14 @@ show stats bfd link-down local-oper-down [since <since>] [force] [router <router
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd link-down remote-admin-down`
+## `show stats bfd metadata-key received success`
 
-The number of link-downs triggered by remote-admin-down on the peer path.
+BFD metadata key exchange packets received on the peer path.
 
 #### Usage
 
 ```
-show stats bfd link-down remote-admin-down [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd metadata-key received success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -41978,14 +42960,14 @@ show stats bfd link-down remote-admin-down [since <since>] [force] [router <rout
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd link-down remote-down`
+## `show stats bfd metadata-key sent`
 
-The number of link-downs triggered by remote-down on the peer path.
+BFD metadata key exchange packets sent on the peer path.
 
 #### Usage
 
 ```
-show stats bfd link-down remote-down [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd metadata-key sent [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -42003,37 +42985,13 @@ show stats bfd link-down remote-down [since <since>] [force] [router <router>] [
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### See Also
+##### Subcommands
 
 | command | description |
 | ------- | ----------- |
-| [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
-| [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
-
-## `show stats bfd link-down timer-expiry`
-
-The number of link-downs triggered by timer-expiry on the peer path.
-
-#### Usage
-
-```
-show stats bfd link-down timer-expiry [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
-```
-
-##### Keyword Arguments
-
-| name | description |
-| ---- | ----------- |
-| force | Skip confirmation prompt. Only required when targeting all routers |
-| node | The name of the node generating this metric |
-| router | The router for which to display stats (default: &lt;current router&gt;) |
-| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
-
-##### Positional Arguments
-
-| name | description |
-| ---- | ----------- |
-| verbosity | detail \| summary \| debug (default: detail) |
+| [`arp-failure`](#show-stats-bfd-metadata-key-sent-arp-failure) | BFD metadata key exchange packets arp failure in total. |
+| [`buffer-allocation-failure`](#show-stats-bfd-metadata-key-sent-buffer-allocation-failure) | BFD metadata key exchange packets buffer allocation failure in total. |
+| [`success`](#show-stats-bfd-metadata-key-sent-success) | BFD metadata key exchange packets sent successfully in total. |
 
 ##### See Also
 
@@ -42042,14 +43000,14 @@ show stats bfd link-down timer-expiry [since <since>] [force] [router <router>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd link-up`
+## `show stats bfd metadata-key sent arp-failure`
 
-The number of link-ups on the peer path.
+BFD metadata key exchange packets arp failure in total.
 
 #### Usage
 
 ```
-show stats bfd link-up [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd metadata-key sent arp-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -42074,14 +43032,14 @@ show stats bfd link-up [since <since>] [force] [router <router>] [node <node>] [
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd local-source-nat-change`
+## `show stats bfd metadata-key sent buffer-allocation-failure`
 
-The number of local source nat changes on the peer path.
+BFD metadata key exchange packets buffer allocation failure in total.
 
 #### Usage
 
 ```
-show stats bfd local-source-nat-change [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd metadata-key sent buffer-allocation-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -42106,14 +43064,14 @@ show stats bfd local-source-nat-change [since <since>] [force] [router <router>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd local-source-nat-reset`
+## `show stats bfd metadata-key sent success`
 
-The number of local source nat resets on the peer path.
+BFD metadata key exchange packets sent successfully in total.
 
 #### Usage
 
 ```
-show stats bfd local-source-nat-reset [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd metadata-key sent success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -42138,14 +43096,14 @@ show stats bfd local-source-nat-reset [since <since>] [force] [router <router>]
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd metadata-key`
+## `show stats bfd ml-kem-key`
 
-Stats pertaining to BFD metadata key exchange mode in total.
+Stats pertaining to BFD ml-kem-key exchange mode in total.
 
 #### Usage
 
 ```
-show stats bfd metadata-key [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd ml-kem-key [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -42167,8 +43125,8 @@ show stats bfd metadata-key [since <since>] [force] [router <router>] [node <nod
 
 | command | description |
 | ------- | ----------- |
-| [`received`](#show-stats-bfd-metadata-key-received) | BFD metadata key exchange packets received on the peer path. |
-| [`sent`](#show-stats-bfd-metadata-key-sent) | BFD metadata key exchange packets sent on the peer path. |
+| [`received`](#show-stats-bfd-ml-kem-key-received) | BFD ml-kem-key exchange packets received on the peer path. |
+| [`sent`](#show-stats-bfd-ml-kem-key-sent) | BFD ml-kem-key exchange packets sent on the peer path. |
 
 ##### See Also
 
@@ -42177,14 +43135,14 @@ show stats bfd metadata-key [since <since>] [force] [router <router>] [node <nod
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd metadata-key received`
+## `show stats bfd ml-kem-key received`
 
-BFD metadata key exchange packets received on the peer path.
+BFD ml-kem-key exchange packets received on the peer path.
 
 #### Usage
 
 ```
-show stats bfd metadata-key received [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd ml-kem-key received [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -42206,8 +43164,8 @@ show stats bfd metadata-key received [since <since>] [force] [router <router>] [
 
 | command | description |
 | ------- | ----------- |
-| [`miss`](#show-stats-bfd-metadata-key-received-miss) | BFD metadata key exchange packets not received in time on the peer path. |
-| [`success`](#show-stats-bfd-metadata-key-received-success) | BFD metadata key exchange packets received on the peer path. |
+| [`miss`](#show-stats-bfd-ml-kem-key-received-miss) | BFD ml-kem-key exchange packets not received in time on the peer path. |
+| [`success`](#show-stats-bfd-ml-kem-key-received-success) | BFD ml-kem-key exchange packets received on the peer path. |
 
 ##### See Also
 
@@ -42216,14 +43174,14 @@ show stats bfd metadata-key received [since <since>] [force] [router <router>] [
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd metadata-key received miss`
+## `show stats bfd ml-kem-key received miss`
 
-BFD metadata key exchange packets not received in time on the peer path.
+BFD ml-kem-key exchange packets not received in time on the peer path.
 
 #### Usage
 
 ```
-show stats bfd metadata-key received miss [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd ml-kem-key received miss [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -42248,14 +43206,14 @@ show stats bfd metadata-key received miss [since <since>] [force] [router <route
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd metadata-key received success`
+## `show stats bfd ml-kem-key received success`
 
-BFD metadata key exchange packets received on the peer path.
+BFD ml-kem-key exchange packets received on the peer path.
 
 #### Usage
 
 ```
-show stats bfd metadata-key received success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd ml-kem-key received success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -42280,14 +43238,14 @@ show stats bfd metadata-key received success [since <since>] [force] [router <ro
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd metadata-key sent`
+## `show stats bfd ml-kem-key sent`
 
-BFD metadata key exchange packets sent on the peer path.
+BFD ml-kem-key exchange packets sent on the peer path.
 
 #### Usage
 
 ```
-show stats bfd metadata-key sent [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd ml-kem-key sent [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -42309,9 +43267,9 @@ show stats bfd metadata-key sent [since <since>] [force] [router <router>] [node
 
 | command | description |
 | ------- | ----------- |
-| [`arp-failure`](#show-stats-bfd-metadata-key-sent-arp-failure) | BFD metadata key exchange packets arp failure in total. |
-| [`buffer-allocation-failure`](#show-stats-bfd-metadata-key-sent-buffer-allocation-failure) | BFD metadata key exchange packets buffer allocation failure in total. |
-| [`success`](#show-stats-bfd-metadata-key-sent-success) | BFD metadata key exchange packets sent successfully in total. |
+| [`arp-failure`](#show-stats-bfd-ml-kem-key-sent-arp-failure) | BFD ml-kem-key exchange packets arp failure in total. |
+| [`buffer-allocation-failure`](#show-stats-bfd-ml-kem-key-sent-buffer-allocation-failure) | BFD ml-kem-key exchange packets buffer allocation failure in total. |
+| [`success`](#show-stats-bfd-ml-kem-key-sent-success) | BFD ml-kem-key exchange packets sent successfully in total. |
 
 ##### See Also
 
@@ -42320,14 +43278,14 @@ show stats bfd metadata-key sent [since <since>] [force] [router <router>] [node
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd metadata-key sent arp-failure`
+## `show stats bfd ml-kem-key sent arp-failure`
 
-BFD metadata key exchange packets arp failure in total.
+BFD ml-kem-key exchange packets arp failure in total.
 
 #### Usage
 
 ```
-show stats bfd metadata-key sent arp-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd ml-kem-key sent arp-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -42352,14 +43310,14 @@ show stats bfd metadata-key sent arp-failure [since <since>] [force] [router <ro
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd metadata-key sent buffer-allocation-failure`
+## `show stats bfd ml-kem-key sent buffer-allocation-failure`
 
-BFD metadata key exchange packets buffer allocation failure in total.
+BFD ml-kem-key exchange packets buffer allocation failure in total.
 
 #### Usage
 
 ```
-show stats bfd metadata-key sent buffer-allocation-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd ml-kem-key sent buffer-allocation-failure [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -42384,14 +43342,14 @@ show stats bfd metadata-key sent buffer-allocation-failure [since <since>] [forc
 | [`show stats packet-processing action failure bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`show stats packet-processing action success bfd`](#show-stats-packet-processing-action-success-bfd) | Statistics for &#x27;bfd&#x27; |
 
-## `show stats bfd metadata-key sent success`
+## `show stats bfd ml-kem-key sent success`
 
-BFD metadata key exchange packets sent successfully in total.
+BFD ml-kem-key exchange packets sent successfully in total.
 
 #### Usage
 
 ```
-show stats bfd metadata-key sent success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats bfd ml-kem-key sent success [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -56401,6 +57359,7 @@ show stats packet-processing action failure [core <core>] [since <since>] [force
 | [`aes`](#show-stats-packet-processing-action-failure-aes) | Statistics for &#x27;aes&#x27; |
 | [`bfd`](#show-stats-packet-processing-action-failure-bfd) | Statistics for &#x27;bfd&#x27; |
 | [`dpi`](#show-stats-packet-processing-action-failure-dpi) | Statistics for &#x27;dpi&#x27; |
+| [`egress`](#show-stats-packet-processing-action-failure-egress) | Statistics for &#x27;egress&#x27; |
 | [`ethernet-header-transform`](#show-stats-packet-processing-action-failure-ethernet-header-transform) | Statistics for &#x27;ethernet-header-transform&#x27; |
 | [`fec`](#show-stats-packet-processing-action-failure-fec) | Statistics for &#x27;fec&#x27; |
 | [`flow-move`](#show-stats-packet-processing-action-failure-flow-move) | Statistics for &#x27;flow-move&#x27; |
@@ -57310,6 +58269,66 @@ show stats packet-processing action failure dpi ftp pinhole-timeout [core <core>
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+## `show stats packet-processing action failure egress`
+
+Statistics for &#x27;egress&#x27;
+
+#### Usage
+
+```
+show stats packet-processing action failure egress [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| core | The core number for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| port | The device interface for which this metric was generated (comma-separated list) |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`invalid-egress-interface`](#show-stats-packet-processing-action-failure-egress-invalid-egress-interface) | Packet drop due to invalid egress interface |
+
+## `show stats packet-processing action failure egress invalid-egress-interface`
+
+Packet drop due to invalid egress interface
+
+#### Usage
+
+```
+show stats packet-processing action failure egress invalid-egress-interface [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| core | The core number for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| port | The device interface for which this metric was generated (comma-separated list) |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
 ## `show stats packet-processing action failure ethernet-header-transform`
 
 Statistics for &#x27;ethernet-header-transform&#x27;
@@ -62158,14 +63177,45 @@ show stats packet-processing action success flow-move generated-keep-alive [core
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats packet-processing action success flow-move generated-keep-alive-retransmission`
+## `show stats packet-processing action success flow-move generated-keep-alive-retransmission`
+
+The number of generated packets retransmitted after flow move has been triggered when no forward traffic is present (in-memory)
+
+#### Usage
+
+```
+show stats packet-processing action success flow-move generated-keep-alive-retransmission [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| core | The core number for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| port | The device interface for which this metric was generated (comma-separated list) |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+#### Description
+
+For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+
+## `show stats packet-processing action success flow-move packets-enqueued`
 
-The number of generated packets retransmitted after flow move has been triggered when no forward traffic is present (in-memory)
+The number of packets enqueued as a result of a flow move
 
 #### Usage
 
 ```
-show stats packet-processing action success flow-move generated-keep-alive-retransmission [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats packet-processing action success flow-move packets-enqueued [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -62185,18 +63235,44 @@ show stats packet-processing action success flow-move generated-keep-alive-retra
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+## `show stats packet-processing action success flow-move sessions-closed`
+
+The number of sessions closed for flow move keep-alives (in-memory)
+
+#### Usage
+
+```
+show stats packet-processing action success flow-move sessions-closed [core <core>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| core | The core number for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
 #### Description
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats packet-processing action success flow-move packets-enqueued`
+## `show stats packet-processing action success flow-move sessions-install-rate`
 
-The number of packets enqueued as a result of a flow move
+The rate of sessions created for flow move keep-alives (sessions added per second)
 
 #### Usage
 
 ```
-show stats packet-processing action success flow-move packets-enqueued [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats packet-processing action success flow-move sessions-install-rate [core <core>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -62206,7 +63282,6 @@ show stats packet-processing action success flow-move packets-enqueued [core <co
 | core | The core number for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
-| port | The device interface for which this metric was generated (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
 
@@ -62216,14 +63291,14 @@ show stats packet-processing action success flow-move packets-enqueued [core <co
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-## `show stats packet-processing action success flow-move sessions-closed`
+## `show stats packet-processing action success flow-move sessions-opened`
 
-The number of sessions closed for flow move keep-alives (in-memory)
+The number of sessions opened for flow move keep-alives (in-memory)
 
 #### Usage
 
 ```
-show stats packet-processing action success flow-move sessions-closed [core <core>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats packet-processing action success flow-move sessions-opened [core <core>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -62246,14 +63321,14 @@ show stats packet-processing action success flow-move sessions-closed [core <cor
 
 For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
 
-## `show stats packet-processing action success flow-move sessions-install-rate`
+## `show stats packet-processing action success forward`
 
-The rate of sessions created for flow move keep-alives (sessions added per second)
+Statistics for &#x27;forward&#x27;
 
 #### Usage
 
 ```
-show stats packet-processing action success flow-move sessions-install-rate [core <core>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats packet-processing action success forward [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -62263,6 +63338,7 @@ show stats packet-processing action success flow-move sessions-install-rate [cor
 | core | The core number for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| port | The device interface for which this metric was generated (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
 
@@ -62272,14 +63348,21 @@ show stats packet-processing action success flow-move sessions-install-rate [cor
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-## `show stats packet-processing action success flow-move sessions-opened`
+##### Subcommands
 
-The number of sessions opened for flow move keep-alives (in-memory)
+| command | description |
+| ------- | ----------- |
+| [`eosvr-loop-prevention`](#show-stats-packet-processing-action-success-forward-eosvr-loop-prevention) | Statistics for &#x27;eosvr-loop-prevention&#x27; |
+| [`to-wire`](#show-stats-packet-processing-action-success-forward-to-wire) | The number of packets successfully forwarded |
+
+## `show stats packet-processing action success forward eosvr-loop-prevention`
+
+Statistics for &#x27;eosvr-loop-prevention&#x27;
 
 #### Usage
 
 ```
-show stats packet-processing action success flow-move sessions-opened [core <core>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats packet-processing action success forward eosvr-loop-prevention [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -62289,6 +63372,7 @@ show stats packet-processing action success flow-move sessions-opened [core <cor
 | core | The core number for which this metric was generated (comma-separated list) |
 | force | Skip confirmation prompt. Only required when targeting all routers |
 | node | The name of the node generating this metric |
+| port | The device interface for which this metric was generated (comma-separated list) |
 | router | The router for which to display stats (default: &lt;current router&gt;) |
 | since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
 
@@ -62298,18 +63382,22 @@ show stats packet-processing action success flow-move sessions-opened [core <cor
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-#### Description
+##### Subcommands
 
-For more information regarding in-memory metrics, please refer to this retention document - https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_in-memory_metrics/
+| command | description |
+| ------- | ----------- |
+| [`broadcast`](#show-stats-packet-processing-action-success-forward-eosvr-loop-prevention-broadcast) | Broadcast packets dropped to prevent an Ethernet-over-SVR loop |
+| [`multicast`](#show-stats-packet-processing-action-success-forward-eosvr-loop-prevention-multicast) | Multicast packets dropped to prevent an Ethernet-over-SVR loop |
+| [`unicast`](#show-stats-packet-processing-action-success-forward-eosvr-loop-prevention-unicast) | Unicast packets dropped to prevent an Ethernet-over-SVR loop |
 
-## `show stats packet-processing action success forward`
+## `show stats packet-processing action success forward eosvr-loop-prevention broadcast`
 
-Statistics for &#x27;forward&#x27;
+Broadcast packets dropped to prevent an Ethernet-over-SVR loop
 
 #### Usage
 
 ```
-show stats packet-processing action success forward [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+show stats packet-processing action success forward eosvr-loop-prevention broadcast [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
 ```
 
 ##### Keyword Arguments
@@ -62329,11 +63417,59 @@ show stats packet-processing action success forward [core <core>] [port <port>]
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
-##### Subcommands
+## `show stats packet-processing action success forward eosvr-loop-prevention multicast`
 
-| command | description |
-| ------- | ----------- |
-| [`to-wire`](#show-stats-packet-processing-action-success-forward-to-wire) | The number of packets successfully forwarded |
+Multicast packets dropped to prevent an Ethernet-over-SVR loop
+
+#### Usage
+
+```
+show stats packet-processing action success forward eosvr-loop-prevention multicast [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| core | The core number for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| port | The device interface for which this metric was generated (comma-separated list) |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+## `show stats packet-processing action success forward eosvr-loop-prevention unicast`
+
+Unicast packets dropped to prevent an Ethernet-over-SVR loop
+
+#### Usage
+
+```
+show stats packet-processing action success forward eosvr-loop-prevention unicast [core <core>] [port <port>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| core | The core number for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| port | The device interface for which this metric was generated (comma-separated list) |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
 
 ## `show stats packet-processing action success forward to-wire`
 
@@ -68815,10 +69951,66 @@ show stats packet-processing enqueue [core <core>] [since <since>] [force] [rout
 
 | command | description |
 | ------- | ----------- |
+| [`from-worker-core-invalid`](#show-stats-packet-processing-enqueue-from-worker-core-invalid) | The number of invalid packets dropped on injection within the Fast Lane |
+| [`from-worker-core-invalid-low-volume`](#show-stats-packet-processing-enqueue-from-worker-core-invalid-low-volume) | The number of invalid packets dropped on injection within the Fast Lane |
 | [`to-deferred-ring-failure`](#show-stats-packet-processing-enqueue-to-deferred-ring-failure) | The number of packets dropped due to deferred ring overflow |
 | [`to-deferred-ring-success`](#show-stats-packet-processing-enqueue-to-deferred-ring-success) | The number of packets enqueued deferred ring |
 | [`to-worker-core-failure`](#show-stats-packet-processing-enqueue-to-worker-core-failure) | The number of failures when re-enqueuing packets within the Fast Lane |
+| [`to-worker-core-failure-low-volume`](#show-stats-packet-processing-enqueue-to-worker-core-failure-low-volume) | The number of failures when re-enqueuing packets within the Fast Lane |
 | [`to-worker-core-success`](#show-stats-packet-processing-enqueue-to-worker-core-success) | The number of packets re-enqueued within the Fast Lane |
+| [`to-worker-core-success-low-volume`](#show-stats-packet-processing-enqueue-to-worker-core-success-low-volume) | The number of packets re-enqueued within the Fast Lane |
+
+## `show stats packet-processing enqueue from-worker-core-invalid`
+
+The number of invalid packets dropped on injection within the Fast Lane
+
+#### Usage
+
+```
+show stats packet-processing enqueue from-worker-core-invalid [core <core>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| core | The core number for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
+## `show stats packet-processing enqueue from-worker-core-invalid-low-volume`
+
+The number of invalid packets dropped on injection within the Fast Lane
+
+#### Usage
+
+```
+show stats packet-processing enqueue from-worker-core-invalid-low-volume [core <core>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| core | The core number for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
 
 ## `show stats packet-processing enqueue to-deferred-ring-failure`
 
@@ -68900,6 +70092,32 @@ show stats packet-processing enqueue to-worker-core-failure [core <core>] [since
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+## `show stats packet-processing enqueue to-worker-core-failure-low-volume`
+
+The number of failures when re-enqueuing packets within the Fast Lane
+
+#### Usage
+
+```
+show stats packet-processing enqueue to-worker-core-failure-low-volume [core <core>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| core | The core number for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
 ## `show stats packet-processing enqueue to-worker-core-success`
 
 The number of packets re-enqueued within the Fast Lane
@@ -68926,6 +70144,32 @@ show stats packet-processing enqueue to-worker-core-success [core <core>] [since
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+## `show stats packet-processing enqueue to-worker-core-success-low-volume`
+
+The number of packets re-enqueued within the Fast Lane
+
+#### Usage
+
+```
+show stats packet-processing enqueue to-worker-core-success-low-volume [core <core>] [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| core | The core number for which this metric was generated (comma-separated list) |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
 ## `show stats packet-processing fib-action`
 
 Summary of stats pertaining to packet processing actions after fib table hit
@@ -76955,6 +78199,7 @@ show stats redundancy session-errors [since <since>] [force] [router <router>] [
 | [`invalid-buffer-received`](#show-stats-redundancy-session-errors-invalid-buffer-received) | Number of times invalid buffer was received from database |
 | [`invalid-session-key`](#show-stats-redundancy-session-errors-invalid-session-key) | Number of times invalid session-key was received from database |
 | [`new-session-creation-failure`](#show-stats-redundancy-session-errors-new-session-creation-failure) | Number of times database miss processing resulting in failure to create new session |
+| [`no-service-path`](#show-stats-redundancy-session-errors-no-service-path) | Number of times recovery failed due to no service path |
 | [`session-not-found`](#show-stats-redundancy-session-errors-session-not-found) | Number of times redundancy session was not found in the session table |
 | [`session-update-failures`](#show-stats-redundancy-session-errors-session-update-failures) | Number of times session update failed |
 | [`source-lookup-error`](#show-stats-redundancy-session-errors-source-lookup-error) | Number of times recovery failed due to source lookup miss |
@@ -77110,6 +78355,31 @@ show stats redundancy session-errors new-session-creation-failure [since <since>
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+## `show stats redundancy session-errors no-service-path`
+
+Number of times recovery failed due to no service path
+
+#### Usage
+
+```
+show stats redundancy session-errors no-service-path [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
 ## `show stats redundancy session-errors session-not-found`
 
 Number of times redundancy session was not found in the session table
@@ -81399,6 +82669,7 @@ show stats service-area received [since <since>] [force] [router <router>] [node
 | [`flow-expired-reverse-metadata-packets`](#show-stats-service-area-received-flow-expired-reverse-metadata-packets) | Number of reverse metadata packets received with no matching flow |
 | [`flow-move-packets`](#show-stats-service-area-received-flow-move-packets) | Number of packets received for flows requiring modification to use a better path |
 | [`flow-move-packets-local-ip-change`](#show-stats-service-area-received-flow-move-packets-local-ip-change) | Number of packets received for flows requiring modification as the local egress ip changed |
+| [`flow-move-packets-reverse-arp-change`](#show-stats-service-area-received-flow-move-packets-reverse-arp-change) | Number of forward packets received for flows from a different source-mac, indicating a reverse-arp change |
 | [`flow-move-packets-reverse-flow-idle`](#show-stats-service-area-received-flow-move-packets-reverse-flow-idle) | Number of packets received for flows requiring modification as the reverse flow as idle |
 | [`forward-metadata-wayport-range-miss`](#show-stats-service-area-received-forward-metadata-wayport-range-miss) | Number of packets with forward metadata that missed the waypoint range |
 | [`hierarchical-service-validation`](#show-stats-service-area-received-hierarchical-service-validation) | Stats pertaining to hierarchical service packet validation |
@@ -82041,6 +83312,31 @@ show stats service-area received flow-move-packets-local-ip-change [since <since
 | ---- | ----------- |
 | verbosity | detail \| summary \| debug (default: detail) |
 
+## `show stats service-area received flow-move-packets-reverse-arp-change`
+
+Number of forward packets received for flows from a different source-mac, indicating a reverse-arp change
+
+#### Usage
+
+```
+show stats service-area received flow-move-packets-reverse-arp-change [since <since>] [force] [router <router>] [node <node>] [<verbosity>]
+```
+
+##### Keyword Arguments
+
+| name | description |
+| ---- | ----------- |
+| force | Skip confirmation prompt. Only required when targeting all routers |
+| node | The name of the node generating this metric |
+| router | The router for which to display stats (default: &lt;current router&gt;) |
+| since | The displayed stats will be calculated as a delta from the given time. The given time can either be a timestamp or a delta, such as 45m, 1d, or 1mo. Providing &quot;launch&quot; ensures that no start time for the delta is set [type: timestamp] |
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| verbosity | detail \| summary \| debug (default: detail) |
+
 ## `show stats service-area received flow-move-packets-reverse-flow-idle`
 
 Number of packets received for flows requiring modification as the reverse flow as idle
diff --git a/docs/concept-tpm.md b/docs/concept-tpm.md
new file mode 100644
index 0000000000..85b90e87d7
--- /dev/null
+++ b/docs/concept-tpm.md
@@ -0,0 +1,50 @@
+---
+title: Trusted Platform Module Overview
+sidebar_label: Trusted Platform Module 
+---
+
+#### Version History
+
+| Release | Modification                |
+| ------- | --------------------------- |
+| 7.1.3-r2   | Trusted Platform Module support added. |
+
+A Trusted Platform Module (TPM) is a secure cryptoprocessor that stores cryptographic keys. It serves as a secure storage mechanism for essential security artifacts such as digital certificates.
+
+## TPM-Based Certificates
+
+The SSR400 and SSR440 use the TPM-based certificate to ensure secure identification of the device. The device has a burnt-in idev-id certificate on the TPM. The idev-id certificate provides the device's Juniper serial number and model, proving that the device was manufactured in a Juniper facility. The TPM certificate is the most secure way for a Juniper device to prove its identity.
+
+### Benefits of TPM-Based Certificates
+
+- Provides trust. Helps to establish advanced security in an insecure digital world.
+- Provides confidentiality. Data sent is encrypted and only visible to the server and client.
+- Provides integrity. Ensures that the data has not been modified during the transfer.
+
+### How Does a Conventional SSL/TLS Certificate Work?
+
+Secure Socket Layer (SSL) is a protocol that allows encryption. It helps to secure and authenticate communications between a client and a server. It can also secure email, VoIP, and other communications over unsecured networks. SSL is also referred to as Transport Layer Security (TLS).
+
+In unsecured HTTP connections, hackers can easily intercept messages between client and server. SSL certificates use a public/private keypair system to initiate the HTTPS protocol. Hence, SSL certificates enable secure connections for users and clients to connect. SSL/TLS works through:
+
+- Secure communication that begins with a TLS handshake. The two communicating parties open a secure connection and exchange the public key.
+
+- During the TLS handshake, the two parties generate session keys. The session keys encrypt and decrypt all communications after the TLS handshake.
+
+- Different session keys encrypt communications in each new session.
+
+- TLS ensures that the user on the server side, or the website the user is interacting with, is who they claim.
+
+- TLS also ensures that data has not been altered, since a Message Authentication Code (MAC) is included with transmissions.
+
+When a signed SSL certificate secures a website, it proves that the organization has verified and authenticated its identity with the trusted third party. When the browser trusts the CA, the browser now trusts that organization’s identity too.
+
+For additional details on how SSR uses TPM, see [Configuration Integrity](concepts-config-integrity.md).
+
+### Support for vTPM on Conductor-managed Deployments
+
+If a vTPM is present on a platform, the SSR will first check to see if a trusted certificate and private key already exists. For Azure, AWS, and GCP it is expected that these platforms generate their own keys and certificates. On other platforms, if no certificate and private key is present, a single `DevID` certificate and `master` private key are created and stored in the vTPM.
+
+Each certificate installed on the system is signed with a uniquely created private key pair and stored on disk, encrypted with the master key stored in the vTPM.
+
+
diff --git a/docs/concepts-config-integrity.md b/docs/concepts-config-integrity.md
new file mode 100644
index 0000000000..796494e0ec
--- /dev/null
+++ b/docs/concepts-config-integrity.md
@@ -0,0 +1,86 @@
+---
+title: Configuration Integrity
+sidebar_label: Configuration Integrity
+--- 
+
+#### Version History
+
+| Release | Modification                |
+| ------- | --------------------------- |
+| 7.1.3   | SSR Configuration Integrity added. |
+
+SSR Configuration Integrity addresses security requirements for protecting sensitive data stored on SSR devices when they are at rest - when a system is powered off for extended periods, physically stolen, or have their storage media removed and analyzed offline by malicious actors seeking to extract sensitive information or compromise network security. 
+
+SSR devices are frequently deployed in environments where physical security cannot be guaranteed, ranging from remote branch offices and retail locations to temporary installations and field deployments. In these environments, configuration files, private keys, and operational data stored on the device require protection from unauthorized access. 
+
+Modern compliance requirements and regulatory frameworks mandate encryption-at-rest for sensitive data, particularly in the financial services, healthcare, and government sectors. High-security customers require robust protection against data exfiltration to maintain their security posture and meet regulatory obligations. These requirements have evolved beyond simple access controls to demand cryptographic protection of stored credentials, configuration data, and private key material that could be exploited to compromise broader network infrastructure.
+
+SSR Configuration Integrity protects authentication credentials, keys and certificates, network topology information, and other pieces of sensitive SSR configuration from unauthorized access when the system is powered off.
+
+Furthermore, Configuration Integrity prevents network and SSR operations from executing when the system is determined to be in a compromised state. These protected secrets cannot be exfiltrated even if the bad actor has physical access to the drive, preventing attackers from impersonating network nodes or intercepting encrypted communications. Most importantly, it meets compliance requirements for encryption-at-rest without impacting runtime performance, allowing organizations to satisfy regulatory mandates while maintaining the high-performance networking capabilities that SSR devices are designed to provide.
+
+Configuration Integrity does not address any runtime access-policy or permissions concerns. Proper file and directory permissions are still required, as well as proper login and authentication controls. Configuration Integrity augments the existing SSR security functionality to provide encryption-at-rest guarantees. 
+
+Configuration Integrity is enabled by default on new installations of, and upgrades to, SSR 7.1.3-r2. 
+
+## How It Works
+
+Configuration Integrity utilizes a hybrid approach combining TPM2 hardware security with Linux native filesystem encryption, administered by the userspace tool fscrypt. fscrypt utilizes an AES-256 key generated and protected by the TPM to perform encryption and decryption operations. Once the encrypted directories are unlocked, they operate as a normal directory; the encryption is transparent to the user.
+
+### Major Components
+
+The following are the major components of Configuration Integrity. 
+
+### TPM2 Hardware Security Module
+
+The TPM is the trust anchor of the system. It creates and unseals the Filesystem Encryption Key (FEK), and is the only component of the system that can perform this task. If the storage of the SSR is somehow separated from the TPM, the FEK can no longer be unsealed, and the filesystem cannot be unlocked, ensuring that sensitive data remains protected.  
+
+All SSR TPMs are provisioned with an RSA-2048 key, which is used to perform the encryption and decryption of the FEK.
+
+### Filesystem Encryption Key (FEK)
+
+The FEK is a 256-bit random number generated by the TPM. Once it has been generated, it is encrypted by the TPM using RSA-2048 before being written to disk. At no time will the unencrypted FEK be written on disk. Any time it is decrypted, it is stored in memory only.
+
+### fscrypt 
+
+fscrypt is a userspace interface to the Kernel-level filesystem and encryption stacks. It operates on a per-directory basis, leveraging either a PAM module, a passphrase, or a 256-bit raw key to unlock and decrypt the directory. The SSR uses only the raw key mode.
+
+fscrypt requires that no target directory exist as a repository for decrypted files. Because technology allows the recovery of deleted files from a directory, the process of migrating files to an existing encrypted directory leaves traces of the unencrypted versions on disk resulting in a potential security risk. 
+
+All sensitive files will be written to the encrypted directory from their inception onward, ensuring that there is no security risk. fscrypt configured in raw_key mode uses AES-256-XTS encryption for file contents and AES-256-CBC-CTS encryption for filenames. 
+
+### Configuration Integrity Systemd Service
+
+The Integrity Handler is the systemd service responsible for Configuration Integrity on the system. If it detects that a system has not been configured for Configuration Integrity, it will perform a series of checks to see if it can support the feature. If the system can support the feature, it will onboard the system into Configuration Integrity.
+
+Once a system is onboarded, the Integrity Handler is responsible for unlocking the encrypted directories so they can be transparently used by the system. It does so with the following sequence:
+
+1.	Locate encrypted FEK on disk.
+2.	Unseal FEK with the TPM.
+3.	Pass unencrypted FEK to fscrypt.
+4.	fscrypt uses the FEK to automatically unlock the necessary encrypted directories.
+
+If any of these steps fail, it is interpreted as an integrity event. Network activities are blocked. An emergency log is generated and broadcast to all consoles on the system that the system integrity is compromised and it must be reprovisioned. The SSR will repeatedly try to start the integrity service to unlock the encrypted directories and fail, each time writing the emergency log. 
+
+```
+Broadcast message from systemd-journald@TESTsystem1 (Mon 2025-12-01 17:15:20 UTC):
+
+integrity-handler: Integrity event detected. A clean installation is required.
+```
+
+Recovery steps require physical access to the device to [reimage the system with a fresh ISO](intro_installation_univ-iso.md).
+
+## Troubleshooting
+
+Use the information below to investigate issues and understand the Configuration Integrity feature.
+
+### Logging
+
+Logging is handled through existing system components rather than a dedicated log category. During initial system provisioning, all Configuration Integrity initialization is logged as part of the standard provisioning process. On subsequent boots, the systemd service that is responsible for unlocking encrypted directories logs all unlock operations and service status information through the systemd journal. Use `journalctl -u integrity-handler` for visibility into the operational state of the encryption system during the boot sequence.
+
+Key operational messages include TPM provisioning status and error conditions, filesystem encryption capability detection results, and detailed logging of FEK generation, storage, and retrieval operations. The system also logs all directory encryption and decryption operations along with integrity violation events that may trigger protective responses. 
+
+### Compromised System
+
+In the event your system has been compromised, the device must be reprovisioned with a [clean install from a bootable USB](intro_installation_univ-iso.md). If that is not viable, contact your sales team or Juniper technical support to begin the RMA process. 
+
diff --git a/docs/config-custom-certs.md b/docs/config-custom-certs.md
index 6a7c164924..c863361ed2 100644
--- a/docs/config-custom-certs.md
+++ b/docs/config-custom-certs.md
@@ -166,7 +166,7 @@ Store the value of the token in a file called `token.txt` for use later.
 ### Issue a Private-key Creation Request
 
 :::important
-It is necessary for all of the following REST APIs to use the name `custom_ssr_peering` in order for this private key and certificate to be visible and usable by Enhanced Security Key Managementin 7.0. This is a reserved name specifically used by Enhanced Security Key Management.
+It is necessary for all of the following REST APIs to use the name `custom_ssr_peering` in order for this private key and certificate to be visible and usable by Enhanced Security Key Management in 7.0. This is a reserved name specifically used by Enhanced Security Key Management.
 :::
 
 The goal of this workflow is to ensure that the private key of the SSR never leaves the SSR. To do so, we need to instruct the SSR to create a private key. To accomplish this, we provide the SSR some details, including:
diff --git a/docs/config-factory-reset.md b/docs/config-factory-reset.md
index b15637249f..56767b50c6 100644
--- a/docs/config-factory-reset.md
+++ b/docs/config-factory-reset.md
@@ -3,19 +3,25 @@ title: Factory Reset
 sidebars_label: Factory Reset
 ---
 
+#### Version History
+
+| Release | Modification                |
+| ------- | --------------------------- |
+| 7.1.0   | SSR 4x0 Factory Reset support added. |
+
 The SSR software, SSR1x0, SSR1x00, and SSR4x0 series provide the ability to reset to factory defaults. The SSR software and SSR1x0/1x00 devices use a software reset to return to the original factory defaults, and remove customer configurations.
 
-The SSR400 and SSR440 provides software-activated reset as well as a reset button on the device. With the reset button, you have the option of resetting to a previously defined golden configuration, or reset to the factory configuration and perform a secure zeroization.
+The SSR400 and SSR440 provides software-activated reset as well as a reset button on the device. With the reset button, you have the option of resetting to a previously defined rescue configuration, or reset to the factory configuration and perform a secure zeroization.
 
 Use the information below to determine the best option for your deployment.    
 
 ## SSR400 and SSR440 Factory Reset
 
-The SSR400 and SSR440 devices are equipped with a reset switch to perform the following actions:
+The SSR400 and SSR440 devices are equipped with a reset button to perform the following actions:
 
-1.	Press and hold for up to 4 seconds to **reboot** the device.
-2.	Press and hold for up to 15 seconds initiates a reset to a **rescue, or golden**, configuration.
-3.	Press and hold for up to 30 seconds initiates a reset to the **factory default** configuration.
+1.	Press and hold for 1 to 4 seconds to **reboot** the device.
+2.	Press and hold for 5 to 15 seconds initiates a reset to a **rescue** configuration.
+3.	Press and hold for 16 to 30 seconds initiates a reset to the **factory default** configuration.
 
 Holding the reset button for longer than 30 seconds cancels any of the button press actions described above.  
 
@@ -25,15 +31,15 @@ This action is the standard system reboot, often performed as part of troublesho
 
 ### Reset to the Rescue Configuration
 
-Press and hold the **Reset** button for more than 5 seconds but less than 15 to load and commit the rescue configuration. The rescue, or golden configuration is a router-only configuration, and is used as a manual fall back if the device configuration becomes corrupt or is unable to establish communications with the network. 
+Press and hold the **Reset** button for more than 5 seconds but less than 15 to load and commit the rescue configuration. The rescue, configuration is used as a manual fall back if the device configuration becomes corrupt or is unable to establish communications with the network. 
 
-Note that if a golden configuration has not been set, holding the reset button for 5-15 seconds does nothing.
+Note that if a rescue configuration has not been set, holding the reset button for 5-15 seconds does nothing.
 
-The rescue, or golden configuration is set via API at onboarding. For information about using the API to generate a golden configuration, see [Create a Golden Reset Configuration](#create-a-golden-reset-configuration). It should be noted that in an HA configuration, if one node is reset to the golden config, the other node (standby node) will receive the same golden config from it's HA peer. 
+The rescue configuration is set via API at onboarding. For information about using the API to generate a rescue configuration, see [Create a Rescue Reset Configuration](#create-a-rescue-configuration). It should be noted that in an HA configuration, if one node is reset to the rescue config, the other node (standby node) will receive the same rescue configuration from it's HA peer. 
 
 ### Factory Reset
 
-Press and hold the **Reset** button for up to 30 seconds to initiate a reset to the factory default configuration.
+Press and hold the **Reset** button for 16 to 30 seconds to initiate a reset to the factory default configuration.
 
 This process deletes all configurations on the device, including the backup configurations and rescue configuration, and loads and commits the original factory configuration. It also removes all data files, including customized configuration and log files, by unlinking the files from their directories. The command removes all user-created files from the system, including passwords, secrets, and private keys for SSH, certificates, local encryption, local authentication, IPsec, RADIUS, TACACS+, and others.
 
@@ -95,9 +101,9 @@ A log file of the platform cleanup operation is written out to `/tmp` while the
 
 ### Additional Security - Zeroization Process
 
-When equipment is discarded or removed from its operational environment, the following process can be used to ensure there is no unauthorized access possible to sensitive residual information (e.g. cryptographic keys, keying material, PINs, passwords, etc.) on SSR network equipment. 
+This process is for use with SSR Software and SSR1x0 and SSR1x00 devices.
 
-This process is to be used with SSR Software and SSR1x0 and SSR1x00 devices.
+When equipment is discarded or removed from its operational environment, the following process can be used to ensure there is no unauthorized access possible to sensitive residual information (e.g. cryptographic keys, keying material, PINs, passwords, etc.) on SSR network equipment. 
 
 For the certified SSR platforms, all software and configuration reside on the SSD hard drive `/dev/sda`. Use the following procedure to zeroize/erase the SSD hard drive. 
 
@@ -125,9 +131,9 @@ For the certified SSR platforms, all software and configuration reside on the SS
 
 The system is wiped of all information, and is no longer operational as an SSR. If the system is to be reused in future, perform the ISO installation process. 
 
-## Create a Golden Reset Configuration
+## Create a Rescue Configuration
 
-The following API allows an administrator the ability to create a configuration snapshot to be used as a golden configuration for routers should they experience a catastrophic failure or become corrupt. This configuration is generated at the router level, and then imported by the Chassis Manager during a reset operation.
+The following API allows an administrator the ability to create a configuration snapshot to be used as a rescue configuration for routers should they experience a catastrophic failure or become corrupt. This configuration is generated at the router level, and then imported by the Chassis Manager during a reset operation.
 
 #### Endpoint: 
 
@@ -135,7 +141,7 @@ The following API allows an administrator the ability to create a configuration
 
 #### Purpose: 
 
-Exports the current configuration (running or candidate) to a predefined golden config file that can be later imported.
+Exports the current configuration (running or candidate) to a predefined rescue config file that can be later imported.
 
 #### Authentication & Authorization:
 
@@ -158,7 +164,7 @@ Request Body (JSON):
 #### Behavior:
 
 - Automatically uses the filename `_golden-config` (predefined, not user-specified)
-- Always overwrites any existing golden config file
+- Always overwrites any existing rescue config file
 - The export is directed to the active node
 - Creates a configuration export file to be imported later
 
diff --git a/docs/config-smart-download.md b/docs/config-smart-download.md
new file mode 100644
index 0000000000..2743021b72
--- /dev/null
+++ b/docs/config-smart-download.md
@@ -0,0 +1,163 @@
+---
+title: Smart Download
+sidebar_label: Smart Download
+---
+
+#### Version History
+
+| Release | Modification                |
+| ------- | --------------------------- |
+| 7.1.3-r2   | Smart OS Download support added. |
+
+Sometimes network connections can become unreliable, slow, or just plain break. To mitigate these disruptions, the SSR download process provides the following features for better recovery and control over software downloads.
+
+* [Failover Resiliency](#download-failover-resiliency)
+* [Resumable Download](#resumable-ssr-download)
+* [Sequenced HA Download](#sequenced-ha-download)
+* [Bandwidth Limiting](#bandwidth-limiting) 
+* [Show Download Progress](#show-download-progress)
+
+Downloads that have been stopped either by a manual pause or due to connection issues are able to be resumed, starting from where they left off.
+
+## Download Failover Resiliency
+
+SSR images can be downloaded from a variety of sources, depending on software access mode (e.g., internet-only, prefer-conductor, conductor-only, offline-mode): the HA peer, the conductor, the Juniper repository, and the Mist proxy (cloud deployments only).
+
+To improve resiliency against network connectivity issues, the SSR queries available versions from all sources before beginning the download. It compiles a list of sources where the requested version is available and begins the download. If a request to a source fails, the SSR moves on to the next source. The following priority order is used for sources: 
+
+1. HA Peer 
+2. Conductor node 1
+3. Conductor node 2
+4. Juniper repository
+5. Mist proxy
+
+Only when the SSR has tried all available sources and reached the consecutive failure threshold on each is the download considered **failed due to connectivity issues**. In that case, an error is reported and the download stopped. 
+
+### HA Download Resiliency
+
+If the HA Conductor acting as the repository fails during the download, the download automatically switches over to the second conductor node. The process continues downloading from there, even if the first conductor node comes back online. 
+
+If an HA Router fails during download and another download is requested after failover to the second node, a new download is begun. If the router returns to the original node and then resumes the original download, it will resume from where it left off. However, if the original node experienced a catastrophic failure where the shutdown was not clean, a new download is initiated.
+
+## Resumable SSR Download
+
+Downloads are automatically paused if the connection fails. When the connection is restored, the SSR automatically resumes the download from the point where it stopped. 
+
+Downloads can also be manually paused, resumed, or deleted from either the CLI or the GUI. 
+
+#### Command Line
+
+To pause a download from the CLI, use the `request system software download pause` command. 
+
+```
+request system software download pause version SSR-7.1.3-4
+request system software download pause router Router1 node Node1 version 7.1.0-1
+```
+
+The download process can be continued by restarting the download; `request system software download`. The download resumes from the point where the download was paused. 
+
+As a system cleanup operation, you can delete stale versions of the software using the `delete system software` command.
+
+#### GUI
+
+On the Software Lifecycle page, an in-progress download can be paused by selecting the download, and clicking the Pause button in the Details view. 
+
+![Pause button](/img/config-smartdwnld-pause.png)
+
+Using the same window, you can also resume or delete a download.
+
+![Resume or Delete buttons](/img/config-smartdwnld-resume-delete.png)
+
+### Auto-resume Download on WAN Failures
+
+In the event that all sources have reached the threshold of consecutive failures and a download attempt has returned an error, the SSR can be configured to wait for a specified amount of time and then retry the download. If a connection is successfully made, the download will resume where it left off.
+
+The retry delay time is the longest time to wait between retry attempts. For example, the initial retry delay starts at 30 seconds. With each failure the delay is increased exponentially. However, when that calculated value reaches the maximum retry delay time, successive wait times for additional attempts do not exceed the maximum retry delay time. The default is 3600 seconds. A maximum number of times to retry can also be configured.
+
+The timeout is enabled by default (`software-update download enable-timeout true`). The SSR waits for a configurable amount of time (default is 10800s) for the download to complete. If the timeout value is reached without successfully downloading the software, the download is marked as "Failed".  
+
+Use the command `configure authority router system software-update download` to adjust the download retry behavior. The command parameters are listed below:
+
+- `enable-timeout`: True/false, default is true. This enables a time limit for the overall download.
+- `timeout`: Amount of time in seconds that the SSR waits for the software download to complete. When the timeout value is reached the download is marked as **Failed**, and the retry delay begins. The default download wait time is 10800s. Range is 1800s - 604800s.
+- `attempts`: The maximum number of attempts to download before considering the download as failed. If set to 0, the SSR will retry the download until the timeout is hit. Default is 10.
+- `maximum retry delay`: The maximum amount of time in seconds to wait in between retry attempts. The retry delay will start off low and back off exponentially up to this duration. Range is 0 to 86400s. Default is 3600s.
+
+#### Examples
+
+In this example, the router will retry downloads up to 10 times, or for an hour, whichever comes first. The retry delay will back off exponentially until it reaches 10 minutes, then all further retries will have a 10 minute delay.
+
+```
+configure
+    authority
+        system
+            software-update
+
+                download
+                    enable-timeout       true
+                    timeout              3600
+            		attempts             10
+            		maximum-retry-delay  600
+            	exit
+        	exit
+    	exit
+	exit
+exit
+```
+
+In this example, the router will retry downloads up to 50 times, no matter how long that takes (because the timeout is disabled). The retry will back off exponentially until it reaches an hour and all further retries will have a delay of an hour.
+
+```
+configure
+    authority
+        system
+            software-update
+
+                download
+                    enable-timeout       false
+            		attempts             50
+            		maximum-retry-delay  3600
+            	exit
+        	exit
+    	exit
+	exit
+exit
+```
+
+In this example, the router will retry downloads for up to 10 hours, no matter how many retries it takes (because attempts is set to 0). The retry will back off exponentially until it reaches 30 minutes and all further retries will have a delay of an hour.
+
+```
+configure
+    authority
+        system
+            software-update
+
+                download
+                    enable-timeout       true
+                    timeout              3600
+            		attempts             0
+            		maximum-retry-delay  1800
+            	exit
+        	exit
+    	exit
+	exit
+exit
+```
+
+### Sequenced HA Download
+
+The SSR can be configured to perform sequenced downloading; one node of an HA pair downloads an image from the remote repository, and the other node waits for it to complete. Once that download is complete, the second node will download it from the first. This feature is not enabled by default. To enable sequencing, use `request system software download router RouterName version SSR-X.Y.Z sequenced`.
+
+:::note
+The second node will download the software from the first node, unless it encounters a connectivity issue. In that case, the router would move on to the next source as described in [Failover Resiliency](#download-failover-resiliency).
+:::
+
+## Bandwidth Limiting
+
+In some deployments, downloads speeds may be restricted by bandwidth sharing, or cabling or signal limitations. The `software-update` configuration command allows administrative controls over the speeds used to retrieve software. 
+
+Use the `configure-authority-router-system-software-update-max-bandwidth` command to define the bandwidth limiter applied to software downloads. Valid values are; unlimited, 1-999999999999 bits/second.
+
+## Show Download Progress
+
+To display the progress of a software download on the command line, use the `show system software download [{router <router> | resource-group <resource-group>}] [version <version>] [node <node>]` command. 
diff --git a/docs/config_command_guide.md b/docs/config_command_guide.md
index c2cc3cae07..a07a018582 100755
--- a/docs/config_command_guide.md
+++ b/docs/config_command_guide.md
@@ -49,6 +49,7 @@ Authority configuration is the top-most level in the SSR configuration hierarchy
 | [`resource-group`](#configure-authority-resource-group) | Collect objects into a management group. |
 | [`router`](#configure-authority-router) | The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies. |
 | [`routing`](#configure-authority-routing) | authority level routing configuration |
+| [`secure-conductor-onboarding`](#configure-authority-secure-conductor-onboarding) | Configure Secure Conductor Onboarding |
 | [`security`](#configure-authority-security) | The security elements represent security policies for governing how and when the SSR encrypts and/or authenticates packets. |
 | [`security-key-management`](#configure-authority-security-key-management) | Configure Security Key Management |
 | [`service`](#configure-authority-service) | The service configuration is where you define the services that reside within the authority&#x27;s tenants as well as the policies to apply to those services. |
@@ -5049,12 +5050,14 @@ configure authority router <name>
 | [`icmp-probe-profile`](#configure-authority-router-icmp-probe-profile) | Profile for active ICMP probes for reachability-detection enforcement |
 | [`idp`](#configure-authority-router-idp) | Advanced IDP configuration. |
 | [`inter-node-security`](#configure-authority-router-inter-node-security) | The name of the security policy used for inter node communication between router interfaces |
+| [`key-exchange-algorithm-override`](#configure-authority-router-key-exchange-algorithm-override) | Key exchange algorithm selection for security key management for the router. |
 | [`location`](#configure-authority-router-location) | A descriptive location for this SSR. |
 | [`location-coordinates`](#configure-authority-router-location-coordinates) | The geolocation of this router in ISO 6709 format. Some examples: (1) Degrees only: +50.20361-074.00417/ (2) Degrees and minutes: +5012.22-07400.25/ or (3) Degrees, minutes, and seconds: +501213.1-0740015.1/ |
 | [`maintenance-mode`](#configure-authority-router-maintenance-mode) | When enabled, the router will be in maintenance mode and alarms related to this router will be shelved. |
 | [`management-proxy`](#configure-authority-router-management-proxy) | Settings to enable forwarding of SSR management traffic to a proxy |
 | [`management-service-generation`](#configure-authority-router-management-service-generation) | Configure Management Service Generation |
 | [`max-inter-node-way-points`](#configure-authority-router-max-inter-node-way-points) | Maximum number of way points to be allocated on inter-node path. |
+| [`ml-kem-keygen-priority`](#configure-authority-router-ml-kem-keygen-priority) | Priority for ML-KEM key generation with peers. Higher values indicate higher priority. |
 | [`name`](#configure-authority-router-name) | An identifier for the router. |
 | [`nat-pool`](#configure-authority-router-nat-pool) | A pool of shared NAT ports. |
 | [`node`](#configure-authority-router-node) | List of one or two SSR software instances, comprising an SSR. |
@@ -5390,6 +5393,32 @@ A true or false value.
 
 Options: true or false
 
+## `configure authority router application-identification summary-corruption-upload-interval`
+
+A corruption event will be reported at most once every interval. Zero disables all uploads.
+
+#### Usage
+
+```
+configure authority router application-identification summary-corruption-upload-interval [<duration>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| duration | The value to set for this field |
+
+#### Description
+
+Default: 15m
+
+##### duration (string)
+
+A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d
+
+Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d
+
 ## `configure authority router application-identification summary-retention`
 
 Configure Summary Retention
@@ -6981,6 +7010,173 @@ configure authority router inter-node-security [<security-ref>]
 
 This type is used by other entities that need to reference configured security policies.
 
+## `configure authority router key-exchange-algorithm-override`
+
+Key exchange algorithm selection for security key management for the router.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`diffie-hellman`](#configure-authority-router-key-exchange-algorithm-override-diffie-hellman) | Diffie-Hellman algorithm. |
+| [`diffie-hellman-ml-kem`](#configure-authority-router-key-exchange-algorithm-override-diffie-hellman-ml-kem) | Diffie-Hellman and ML-KEM hybrid algorithm. |
+| [`ml-kem`](#configure-authority-router-key-exchange-algorithm-override-ml-kem) | ML-KEM algorithm. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;key-exchange-algorithm-override&#x27; |
+
+## `configure authority router key-exchange-algorithm-override diffie-hellman`
+
+Diffie-Hellman algorithm.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`dh-key-size`](#configure-authority-router-key-exchange-algorithm-override-diffie-hellman-dh-key-size) | The key size used for Diffie-Hellman algorithm. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;diffie-hellman&#x27; |
+
+## `configure authority router key-exchange-algorithm-override diffie-hellman dh-key-size`
+
+The key size used for Diffie-Hellman algorithm.
+
+#### Usage
+
+```
+configure authority router key-exchange-algorithm-override diffie-hellman dh-key-size [<diffie-hellman-key-size>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| diffie-hellman-key-size | The value to set for this field |
+
+#### Description
+
+##### diffie-hellman-key-size (enumeration)
+
+The key size to use in the Diffie-Hellman key exchange
+
+Options:
+
+- 1024:    1024 bit key size
+- 2048:    2048 bit key size
+- 4096:    4096 bit key size
+
+## `configure authority router key-exchange-algorithm-override diffie-hellman-ml-kem`
+
+Diffie-Hellman and ML-KEM hybrid algorithm.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`dh-key-size`](#configure-authority-router-key-exchange-algorithm-override-diffie-hellman-ml-kem-dh-key-size) | The key size used for Diffie-Hellman algorithm. |
+| [`ml-kem-key-size`](#configure-authority-router-key-exchange-algorithm-override-diffie-hellman-ml-kem-ml-kem-key-size) | The key size used for ML-KEM algorithm. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;diffie-hellman-ml-kem&#x27; |
+
+## `configure authority router key-exchange-algorithm-override diffie-hellman-ml-kem dh-key-size`
+
+The key size used for Diffie-Hellman algorithm.
+
+#### Usage
+
+```
+configure authority router key-exchange-algorithm-override diffie-hellman-ml-kem dh-key-size [<diffie-hellman-key-size>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| diffie-hellman-key-size | The value to set for this field |
+
+#### Description
+
+##### diffie-hellman-key-size (enumeration)
+
+The key size to use in the Diffie-Hellman key exchange
+
+Options:
+
+- 1024:    1024 bit key size
+- 2048:    2048 bit key size
+- 4096:    4096 bit key size
+
+## `configure authority router key-exchange-algorithm-override diffie-hellman-ml-kem ml-kem-key-size`
+
+The key size used for ML-KEM algorithm.
+
+#### Usage
+
+```
+configure authority router key-exchange-algorithm-override diffie-hellman-ml-kem ml-kem-key-size [<ml-kem-key-size>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| ml-kem-key-size | The value to set for this field |
+
+#### Description
+
+##### ml-kem-key-size (enumeration)
+
+The key size to use in the ML-KEM key exchange
+
+Options:
+
+- 512:     512 bit key size
+- 768:     768 bit key size
+- 1024:    1024 bit key size
+
+## `configure authority router key-exchange-algorithm-override ml-kem`
+
+ML-KEM algorithm.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`ml-kem-key-size`](#configure-authority-router-key-exchange-algorithm-override-ml-kem-ml-kem-key-size) | The key size used for ML-KEM algorithm. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;ml-kem&#x27; |
+
+## `configure authority router key-exchange-algorithm-override ml-kem ml-kem-key-size`
+
+The key size used for ML-KEM algorithm.
+
+#### Usage
+
+```
+configure authority router key-exchange-algorithm-override ml-kem ml-kem-key-size [<ml-kem-key-size>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| ml-kem-key-size | The value to set for this field |
+
+#### Description
+
+##### ml-kem-key-size (enumeration)
+
+The key size to use in the ML-KEM key exchange
+
+Options:
+
+- 512:     512 bit key size
+- 768:     768 bit key size
+- 1024:    1024 bit key size
+
 ## `configure authority router location`
 
 A descriptive location for this SSR.
@@ -7292,6 +7488,28 @@ An unsigned 32-bit integer.
 
 Range: 50000-1000000
 
+## `configure authority router ml-kem-keygen-priority`
+
+Priority for ML-KEM key generation with peers. Higher values indicate higher priority.
+
+#### Usage
+
+```
+configure authority router ml-kem-keygen-priority [<uint32>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint32 | The value to set for this field |
+
+#### Description
+
+##### uint32
+
+An unsigned 32-bit integer.
+
 ## `configure authority router name`
 
 An identifier for the router.
@@ -7590,6 +7808,7 @@ configure authority router node <name>
 | [`recovery-mode-enabled`](#configure-authority-router-node-recovery-mode-enabled) | Allow booting from USB storage devices. |
 | [`reset-button-enabled`](#configure-authority-router-node-reset-button-enabled) | Enable the reset button for restarting or factory resetting. |
 | [`role`](#configure-authority-router-node-role) | The node&#x27;s role in the SSR system. |
+| [`secure-conductor-onboarding`](#configure-authority-router-node-secure-conductor-onboarding) | Configure Secure Conductor Onboarding |
 | [`serial-console-enabled`](#configure-authority-router-node-serial-console-enabled) | Enable serial console. |
 | [`session-processor-count`](#configure-authority-router-node-session-processor-count) | The number of threads to use for session processing when using &#x27;manual&#x27; session-processor mode. |
 | [`session-processor-mode`](#configure-authority-router-node-session-processor-mode) | The method by which the number of threads used for session processing should be determined. |
@@ -21507,6 +21726,43 @@ Options:
 - combo:        A combined Control and Slice.
 - conductor:    A remote management system.
 
+## `configure authority router node secure-conductor-onboarding`
+
+Configure Secure Conductor Onboarding
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`endorsement-key`](#configure-authority-router-node-secure-conductor-onboarding-endorsement-key) | The public endorsement key of the router&#x27;s TPM in base64 encoded DER format. Required for strong mode onboarding on devices with vTPM. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;secure-conductor-onboarding&#x27; |
+
+## `configure authority router node secure-conductor-onboarding endorsement-key`
+
+The public endorsement key of the router&#x27;s TPM in base64 encoded DER format. Required for strong mode onboarding on devices with vTPM.
+
+#### Usage
+
+```
+configure authority router node secure-conductor-onboarding endorsement-key [<string>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| string | The value to set for this field |
+
+#### Description
+
+##### string
+
+A text value.
+
+Must be a base64 encoded string.
+
 ## `configure authority router node serial-console-enabled`
 
 Enable serial console.
@@ -22611,6 +22867,8 @@ configure authority router peer <name>
 | `delete` | Delete configuration data |
 | [`description`](#configure-authority-router-peer-description) | A description of the peer router. |
 | [`generated`](#configure-authority-router-peer-generated) | Indicates whether or not the Peer was automatically generated as a result of routers existing in the same neighborhood. |
+| [`key-exchange-algorithm-override`](#configure-authority-router-peer-key-exchange-algorithm-override) | Key exchange algorithm selection for security key management for the peer router. |
+| [`ml-kem-keygen-priority`](#configure-authority-router-peer-ml-kem-keygen-priority) | Priority for ML-KEM key generation with peers. Higher values indicate higher priority. |
 | [`name`](#configure-authority-router-peer-name) | An arbitrary name that represents the properties associated with the peer router. Typically this will be the name of the authority or the value of the name field in the peer&#x27;s router configuration. |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | [`peering-common-name`](#configure-authority-router-peer-peering-common-name) | The identifier to use with enhanced-security-key-management. |
@@ -23089,6 +23347,197 @@ A true or false value.
 
 Options: true or false
 
+## `configure authority router peer key-exchange-algorithm-override`
+
+Key exchange algorithm selection for security key management for the peer router.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`diffie-hellman`](#configure-authority-router-peer-key-exchange-algorithm-override-diffie-hellman) | Diffie-Hellman algorithm. |
+| [`diffie-hellman-ml-kem`](#configure-authority-router-peer-key-exchange-algorithm-override-diffie-hellman-ml-kem) | Diffie-Hellman and ML-KEM hybrid algorithm. |
+| [`ml-kem`](#configure-authority-router-peer-key-exchange-algorithm-override-ml-kem) | ML-KEM algorithm. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;key-exchange-algorithm-override&#x27; |
+
+## `configure authority router peer key-exchange-algorithm-override diffie-hellman`
+
+Diffie-Hellman algorithm.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`dh-key-size`](#configure-authority-router-peer-key-exchange-algorithm-override-diffie-hellman-dh-key-size) | The key size used for Diffie-Hellman algorithm. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;diffie-hellman&#x27; |
+
+## `configure authority router peer key-exchange-algorithm-override diffie-hellman dh-key-size`
+
+The key size used for Diffie-Hellman algorithm.
+
+#### Usage
+
+```
+configure authority router peer key-exchange-algorithm-override diffie-hellman dh-key-size [<diffie-hellman-key-size>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| diffie-hellman-key-size | The value to set for this field |
+
+#### Description
+
+##### diffie-hellman-key-size (enumeration)
+
+The key size to use in the Diffie-Hellman key exchange
+
+Options:
+
+- 1024:    1024 bit key size
+- 2048:    2048 bit key size
+- 4096:    4096 bit key size
+
+## `configure authority router peer key-exchange-algorithm-override diffie-hellman-ml-kem`
+
+Diffie-Hellman and ML-KEM hybrid algorithm.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`dh-key-size`](#configure-authority-router-peer-key-exchange-algorithm-override-diffie-hellman-ml-kem-dh-key-size) | The key size used for Diffie-Hellman algorithm. |
+| [`ml-kem-key-size`](#configure-authority-router-peer-key-exchange-algorithm-override-diffie-hellman-ml-kem-ml-kem-key-size) | The key size used for ML-KEM algorithm. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;diffie-hellman-ml-kem&#x27; |
+
+## `configure authority router peer key-exchange-algorithm-override diffie-hellman-ml-kem dh-key-size`
+
+The key size used for Diffie-Hellman algorithm.
+
+#### Usage
+
+```
+configure authority router peer key-exchange-algorithm-override diffie-hellman-ml-kem dh-key-size [<diffie-hellman-key-size>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| diffie-hellman-key-size | The value to set for this field |
+
+#### Description
+
+##### diffie-hellman-key-size (enumeration)
+
+The key size to use in the Diffie-Hellman key exchange
+
+Options:
+
+- 1024:    1024 bit key size
+- 2048:    2048 bit key size
+- 4096:    4096 bit key size
+
+## `configure authority router peer key-exchange-algorithm-override diffie-hellman-ml-kem ml-kem-key-size`
+
+The key size used for ML-KEM algorithm.
+
+#### Usage
+
+```
+configure authority router peer key-exchange-algorithm-override diffie-hellman-ml-kem ml-kem-key-size [<ml-kem-key-size>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| ml-kem-key-size | The value to set for this field |
+
+#### Description
+
+##### ml-kem-key-size (enumeration)
+
+The key size to use in the ML-KEM key exchange
+
+Options:
+
+- 512:     512 bit key size
+- 768:     768 bit key size
+- 1024:    1024 bit key size
+
+## `configure authority router peer key-exchange-algorithm-override ml-kem`
+
+ML-KEM algorithm.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`ml-kem-key-size`](#configure-authority-router-peer-key-exchange-algorithm-override-ml-kem-ml-kem-key-size) | The key size used for ML-KEM algorithm. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;ml-kem&#x27; |
+
+## `configure authority router peer key-exchange-algorithm-override ml-kem ml-kem-key-size`
+
+The key size used for ML-KEM algorithm.
+
+#### Usage
+
+```
+configure authority router peer key-exchange-algorithm-override ml-kem ml-kem-key-size [<ml-kem-key-size>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| ml-kem-key-size | The value to set for this field |
+
+#### Description
+
+##### ml-kem-key-size (enumeration)
+
+The key size to use in the ML-KEM key exchange
+
+Options:
+
+- 512:     512 bit key size
+- 768:     768 bit key size
+- 1024:    1024 bit key size
+
+## `configure authority router peer ml-kem-keygen-priority`
+
+Priority for ML-KEM key generation with peers. Higher values indicate higher priority.
+
+#### Usage
+
+```
+configure authority router peer ml-kem-keygen-priority [<uint32>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint32 | The value to set for this field |
+
+#### Description
+
+Default: 0
+
+##### uint32
+
+An unsigned 32-bit integer.
+
 ## `configure authority router peer name`
 
 An arbitrary name that represents the properties associated with the peer router. Typically this will be the name of the authority or the value of the name field in the peer&#x27;s router configuration.
@@ -27123,6 +27572,7 @@ PIM configuration
 | `delete` | Delete configuration data |
 | [`interface`](#configure-authority-router-routing-pim-interface) | List of PIM interfaces |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| [`restart-time`](#configure-authority-router-routing-pim-restart-time) | PIM graceful restart duration |
 | [`rp`](#configure-authority-router-routing-pim-rp) | PIM RP Configuration |
 | `show` | Show configuration data for &#x27;pim&#x27; |
 
@@ -27253,6 +27703,34 @@ configure authority router routing pim interface node [<leafref>]
 
 A reference to an existing value in the instance data.
 
+## `configure authority router routing pim restart-time`
+
+PIM graceful restart duration
+
+#### Usage
+
+```
+configure authority router routing pim restart-time [<uint16>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint16 | The value to set for this field |
+
+#### Description
+
+Units: seconds
+
+Default: 120
+
+##### uint16
+
+An unsigned 16-bit integer.
+
+Range: 0-1800
+
 ## `configure authority router routing pim rp`
 
 PIM RP Configuration
@@ -38675,6 +39153,7 @@ System group configuration. Lets administrators configure system-wide properties
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | [`radius`](#configure-authority-router-system-radius) | Configure Radius |
 | [`remote-login`](#configure-authority-router-system-remote-login) | Configure Remote Login |
+| [`secure-conductor-onboarding`](#configure-authority-router-system-secure-conductor-onboarding) | Configure Secure Conductor Onboarding |
 | [`services`](#configure-authority-router-system-services) | Address information for internal services |
 | `show` | Show configuration data for &#x27;system&#x27; |
 | [`software-access`](#configure-authority-router-system-software-access) | Configuration for SSR software access for this router. Supported on managed assets only. Any settings configured here will override the authority software access settings. |
@@ -40742,6 +41221,73 @@ Options:
 
 - use-authority-setting:    Use the authority wide remote-login state.
 
+## `configure authority router system secure-conductor-onboarding`
+
+Configure Secure Conductor Onboarding
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`mode`](#configure-authority-router-system-secure-conductor-onboarding-mode) | The secure conductor onboarding mode. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| [`pre-shared-secret`](#configure-authority-router-system-secure-conductor-onboarding-pre-shared-secret) | A 48-byte base64 encoded string used for conductor and router onboarding verification. |
+| `show` | Show configuration data for &#x27;secure-conductor-onboarding&#x27; |
+
+## `configure authority router system secure-conductor-onboarding mode`
+
+The secure conductor onboarding mode.
+
+#### Usage
+
+```
+configure authority router system secure-conductor-onboarding mode [<enumeration>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| enumeration | The value to set for this field |
+
+#### Description
+
+##### enumeration
+
+A value from a set of predefined names.
+
+Options:
+
+- disabled:    The secure conductor onboarding process is disabled.
+- weak:        Allows routers with a TPM to use pre-loaded self-signed certificates when onboarding.
+- strong:      For devices with DevID. Ensures the asset-id matches the serialNumber field in the router&#x27;s public certificate. For public cloud instances with a vTPM, the router&#x27;s endorsement key must match the configured endorsement key on the node.
+
+## `configure authority router system secure-conductor-onboarding pre-shared-secret`
+
+A 48-byte base64 encoded string used for conductor and router onboarding verification.
+
+#### Usage
+
+```
+configure authority router system secure-conductor-onboarding pre-shared-secret [<string>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| string | The value to set for this field |
+
+#### Description
+
+##### string
+
+A text value.
+
+Must be a 48 byte, base64 encoded string (64 characters).
+Length: 64
+
 ## `configure authority router system services`
 
 Address information for internal services
@@ -41549,6 +42095,8 @@ Web server &amp; REST API.
 | `clone` | Clone a list item |
 | `delete` | Delete configuration data |
 | [`enabled`](#configure-authority-router-system-services-webserver-enabled) | Enable Web server &amp; REST API on all control nodes in this router. |
+| [`max-sockets-per-request`](#configure-authority-router-system-services-webserver-max-sockets-per-request) | The maximum number of sockets the webserver will use per outbound request. Zero means no per-request limit but the max-total-sockets still applies. |
+| [`max-total-sockets`](#configure-authority-router-system-services-webserver-max-total-sockets) | The maximum number of total sockets the webserver will use when making outbound requests. |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | [`port`](#configure-authority-router-system-services-webserver-port) | The port on which the Web servers listen. |
 | [`server`](#configure-authority-router-system-services-webserver-server) | List of control node server addresses. When present, they override the defaults from global configuration. |
@@ -41581,6 +42129,58 @@ A true or false value.
 
 Options: true or false
 
+## `configure authority router system services webserver max-sockets-per-request`
+
+The maximum number of sockets the webserver will use per outbound request. Zero means no per-request limit but the max-total-sockets still applies.
+
+#### Usage
+
+```
+configure authority router system services webserver max-sockets-per-request [<uint16>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint16 | The value to set for this field |
+
+#### Description
+
+Default: 50
+
+##### uint16
+
+An unsigned 16-bit integer.
+
+Range: 0-65535
+
+## `configure authority router system services webserver max-total-sockets`
+
+The maximum number of total sockets the webserver will use when making outbound requests.
+
+#### Usage
+
+```
+configure authority router system services webserver max-total-sockets [<uint16>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint16 | The value to set for this field |
+
+#### Description
+
+Default: 250
+
+##### uint16
+
+An unsigned 16-bit integer.
+
+Range: 1-65535
+
 ## `configure authority router system services webserver port`
 
 The port on which the Web servers listen.
@@ -41710,15 +42310,42 @@ Configure SSL encryption for HTTPS.
 
 | command | description |
 | ------- | ----------- |
-| [`ciphers`](#configure-authority-router-system-services-webserver-ssl-ciphers) | Configure the allowed ciphers. The full list of available ciphers can be viewed by running the &#x27;openssl ciphers&#x27; shell command. See &#x27;CIPHER LIST FORMAT&#x27; and &#x27;CIPHER STRINGS&#x27; in the OpenSSL documentation https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for the permitted values and their meanings. |
+| [`cipher-suites`](#configure-authority-router-system-services-webserver-ssl-cipher-suites) | Configure the allowed ciphers for TLSv1.3. The full list of available ciphers can be viewed by running the &#x27;openssl ciphers -s -tls1_3&#x27; shell command. See &#x27;CIPHER LIST FORMAT&#x27; and &#x27;CIPHER STRINGS&#x27; in the OpenSSL documentation https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for the permitted values and their meanings. |
+| [`ciphers`](#configure-authority-router-system-services-webserver-ssl-ciphers) | Configure the allowed ciphers for TLSv1.2. The full list of available ciphers can be viewed by running the &#x27;openssl ciphers&#x27; shell command. See &#x27;CIPHER LIST FORMAT&#x27; and &#x27;CIPHER STRINGS&#x27; in the OpenSSL documentation https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for the permitted values and their meanings. |
 | `delete` | Delete configuration data |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
-| [`protocol`](#configure-authority-router-system-services-webserver-ssl-protocol) | Configure the allowed protocols. By default both &#x27;TLSv1.2&#x27; and &#x27;TLSv1.3&#x27; are used. |
+| [`protocol`](#configure-authority-router-system-services-webserver-ssl-protocol) | Configure the allowed protocols. By default both &#x27;TLSv1.2&#x27; and &#x27;TLSv1.3&#x27; are used. If compatibility with older browsers is not required then only TLSv1.3 should be used. |
 | `show` | Show configuration data for &#x27;ssl&#x27; |
 
+## `configure authority router system services webserver ssl cipher-suites`
+
+Configure the allowed ciphers for TLSv1.3. The full list of available ciphers can be viewed by running the &#x27;openssl ciphers -s -tls1_3&#x27; shell command. See &#x27;CIPHER LIST FORMAT&#x27; and &#x27;CIPHER STRINGS&#x27; in the OpenSSL documentation https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for the permitted values and their meanings.
+
+#### Usage
+
+```
+configure authority router system services webserver ssl cipher-suites [<string>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| string | The value to set for this field |
+
+#### Description
+
+Default: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+
+##### string
+
+A text value.
+
+Must contain only alphanumeric characters or any of the following: . - _ :
+
 ## `configure authority router system services webserver ssl ciphers`
 
-Configure the allowed ciphers. The full list of available ciphers can be viewed by running the &#x27;openssl ciphers&#x27; shell command. See &#x27;CIPHER LIST FORMAT&#x27; and &#x27;CIPHER STRINGS&#x27; in the OpenSSL documentation https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for the permitted values and their meanings.
+Configure the allowed ciphers for TLSv1.2. The full list of available ciphers can be viewed by running the &#x27;openssl ciphers&#x27; shell command. See &#x27;CIPHER LIST FORMAT&#x27; and &#x27;CIPHER STRINGS&#x27; in the OpenSSL documentation https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for the permitted values and their meanings.
 
 #### Usage
 
@@ -41734,15 +42361,17 @@ configure authority router system services webserver ssl ciphers [<string>]
 
 #### Description
 
-Default: HIGH:!aNULL:!MD5
+Default: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
 
 ##### string
 
 A text value.
 
+Must contain only alphanumeric characters or any of the following: . - _ :
+
 ## `configure authority router system services webserver ssl protocol`
 
-Configure the allowed protocols. By default both &#x27;TLSv1.2&#x27; and &#x27;TLSv1.3&#x27; are used.
+Configure the allowed protocols. By default both &#x27;TLSv1.2&#x27; and &#x27;TLSv1.3&#x27; are used. If compatibility with older browsers is not required then only TLSv1.3 should be used.
 
 #### Usage
 
@@ -41977,10 +42606,137 @@ Configuration for SSR software updates. Supported on managed assets only.
 | command | description |
 | ------- | ----------- |
 | `delete` | Delete configuration data |
+| [`download`](#configure-authority-router-system-software-update-download) | Configuration for software downloads. Supported on managed assets only. |
 | [`max-bandwidth`](#configure-authority-router-system-software-update-max-bandwidth) | Bandwidth limit for downloads of software updates. |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | [`repository`](#configure-authority-router-system-software-update-repository) | Configuration for how to retrieve software updates. |
+| [`rpm-operation-timeout`](#configure-authority-router-system-software-update-rpm-operation-timeout) | The timeout in seconds for rpm downloads and installs. Once the timeout is reached, the rpm operation will fail. |
 | `show` | Show configuration data for &#x27;software-update&#x27; |
+| [`timeout`](#configure-authority-router-system-software-update-timeout) | The timeout in seconds for the upgrade. Once the timeout is reached, the upgrade will fail. The timeout is reset when the device reboots during the upgrade. |
+
+## `configure authority router system software-update download`
+
+Configuration for software downloads. Supported on managed assets only.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`attempts`](#configure-authority-router-system-software-update-download-attempts) | The maximum number of attempts to try the download before considering it failed. If set to 0, the download will retry until the timeout is hit. |
+| `delete` | Delete configuration data |
+| [`enable-timeout`](#configure-authority-router-system-software-update-download-enable-timeout) | Whether to set a timeout on the overall length of the download. |
+| [`maximum-retry-delay`](#configure-authority-router-system-software-update-download-maximum-retry-delay) | The maximum amount of time in seconds to wait in between download attempts. The retry delay will start off small and back off exponentially up to this duration. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;download&#x27; |
+| [`timeout`](#configure-authority-router-system-software-update-download-timeout) | The timeout in seconds for the download. Once the timeout is reached, the download will fail. |
+
+## `configure authority router system software-update download attempts`
+
+The maximum number of attempts to try the download before considering it failed. If set to 0, the download will retry until the timeout is hit.
+
+#### Usage
+
+```
+configure authority router system software-update download attempts [<uint8>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint8 | The value to set for this field |
+
+#### Description
+
+Default: 10
+
+##### uint8
+
+An unsigned 8-bit integer.
+
+Range: 0-255
+
+## `configure authority router system software-update download enable-timeout`
+
+Whether to set a timeout on the overall length of the download.
+
+#### Usage
+
+```
+configure authority router system software-update download enable-timeout [<boolean>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| boolean | The value to set for this field |
+
+#### Description
+
+Default: true
+
+##### boolean
+
+A true or false value.
+
+Options: true or false
+
+## `configure authority router system software-update download maximum-retry-delay`
+
+The maximum amount of time in seconds to wait in between download attempts. The retry delay will start off small and back off exponentially up to this duration.
+
+#### Usage
+
+```
+configure authority router system software-update download maximum-retry-delay [<uint32>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint32 | The value to set for this field |
+
+#### Description
+
+Units: seconds
+
+Default: 3600
+
+##### uint32
+
+An unsigned 32-bit integer.
+
+Range: 0-86400
+
+## `configure authority router system software-update download timeout`
+
+The timeout in seconds for the download. Once the timeout is reached, the download will fail.
+
+#### Usage
+
+```
+configure authority router system software-update download timeout [<uint32>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint32 | The value to set for this field |
+
+#### Description
+
+Units: seconds
+
+Default: 10800
+
+##### uint32
+
+An unsigned 32-bit integer.
+
+Range: 1800-604800
 
 ## `configure authority router system software-update max-bandwidth`
 
@@ -42182,6 +42938,62 @@ Options:
 - prefer-conductor:    Download software from the Conductor, using the Internet if the Conductor has not already downloaded the requested software.
 - internet-only:       Download software from publicly available sources via the Internet.
 
+## `configure authority router system software-update rpm-operation-timeout`
+
+The timeout in seconds for rpm downloads and installs. Once the timeout is reached, the rpm operation will fail.
+
+#### Usage
+
+```
+configure authority router system software-update rpm-operation-timeout [<uint32>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint32 | The value to set for this field |
+
+#### Description
+
+Units: seconds
+
+Default: 600
+
+##### uint32
+
+An unsigned 32-bit integer.
+
+Range: 300-86400
+
+## `configure authority router system software-update timeout`
+
+The timeout in seconds for the upgrade. Once the timeout is reached, the upgrade will fail. The timeout is reset when the device reboots during the upgrade.
+
+#### Usage
+
+```
+configure authority router system software-update timeout [<uint32>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint32 | The value to set for this field |
+
+#### Description
+
+Units: seconds
+
+Default: 3600
+
+##### uint32
+
+An unsigned 32-bit integer.
+
+Range: 1800-604800
+
 ## `configure authority router system syslog`
 
 Syslog configuration lets administrators configure the SSR&#x27;s interaction with external syslog services.
@@ -44632,6 +45444,131 @@ configure authority routing resource-group [<resource-group-ref>]
 
 This type is used by other entities that need to reference configured resource groups.
 
+## `configure authority secure-conductor-onboarding`
+
+Configure Secure Conductor Onboarding
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| [`ca-certificate`](#configure-authority-secure-conductor-onboarding-ca-certificate) | The CA certificate used to sign the public certificate. |
+| `delete` | Delete configuration data |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| [`public-certificate`](#configure-authority-secure-conductor-onboarding-public-certificate) | The public certificate the conductor will use to prove it is the correct conductor. |
+| [`rate-limits`](#configure-authority-secure-conductor-onboarding-rate-limits) | Rate limits for secure conductor onboarding requests. |
+| `show` | Show configuration data for &#x27;secure-conductor-onboarding&#x27; |
+
+## `configure authority secure-conductor-onboarding ca-certificate`
+
+The CA certificate used to sign the public certificate.
+
+#### Usage
+
+```
+configure authority secure-conductor-onboarding ca-certificate [<ca-certificate-ref>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| ca-certificate-ref | The value to set for this field |
+
+#### Description
+
+##### ca-certificate-ref (leafref) (required)
+
+This type is used by other entities that need to reference configured CA certificate.
+
+## `configure authority secure-conductor-onboarding public-certificate`
+
+The public certificate the conductor will use to prove it is the correct conductor.
+
+#### Usage
+
+```
+configure authority secure-conductor-onboarding public-certificate [<client-certificate-ref>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| client-certificate-ref | The value to set for this field |
+
+#### Description
+
+##### client-certificate-ref (leafref) (required)
+
+This type is used by other entities that need to reference configured client certificate.
+
+## `configure authority secure-conductor-onboarding rate-limits`
+
+Rate limits for secure conductor onboarding requests.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`global`](#configure-authority-secure-conductor-onboarding-rate-limits-global) | The maximum number of SCO requests per second allowed from all clients. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| [`per-client`](#configure-authority-secure-conductor-onboarding-rate-limits-per-client) | The maximum number of SCO requests per second allowed from a single client IP. |
+| `show` | Show configuration data for &#x27;rate-limits&#x27; |
+
+## `configure authority secure-conductor-onboarding rate-limits global`
+
+The maximum number of SCO requests per second allowed from all clients.
+
+#### Usage
+
+```
+configure authority secure-conductor-onboarding rate-limits global [<uint16>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint16 | The value to set for this field |
+
+#### Description
+
+Default: 100
+
+##### uint16
+
+An unsigned 16-bit integer.
+
+Range: 1-1000
+
+## `configure authority secure-conductor-onboarding rate-limits per-client`
+
+The maximum number of SCO requests per second allowed from a single client IP.
+
+#### Usage
+
+```
+configure authority secure-conductor-onboarding rate-limits per-client [<uint16>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| uint16 | The value to set for this field |
+
+#### Description
+
+Default: 1
+
+##### uint16
+
+An unsigned 16-bit integer.
+
+Range: 1-100
+
 ## `configure authority security`
 
 The security elements represent security policies for governing how and when the SSR encrypts and/or authenticates packets.
@@ -44904,6 +45841,8 @@ Options:
 - sha1:          SHA1 160-bit Key Hashed Message Authentication Code Mode.
 - sha256:        SHA256 256-bit Key Hashed Message Authentication Code Mode.
 - sha256-128:    SHA256 128-bit Key Hashed Message Authentication Code Mode.
+- sha384:        SHA384 384-bit Key Hashed Message Authentication Code Mode.
+- sha512:        SHA512 512-bit Key Hashed Message Authentication Code Mode.
 
 ## `configure authority security hmac-key`
 
@@ -45031,7 +45970,7 @@ Configure Security Key Management
 | `clone` | Clone a list item |
 | `delete` | Delete configuration data |
 | [`invalid-certificate-behavior`](#configure-authority-security-key-management-invalid-certificate-behavior) | Behavior when a certificate is revoked, expired, or invalid. |
-| [`key-exchange-algorithm`](#configure-authority-security-key-management-key-exchange-algorithm) | Configure Key Exchange Algorithm |
+| [`key-exchange-algorithm`](#configure-authority-security-key-management-key-exchange-algorithm) | Key exchange algorithm selection for security key management for authority. |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | [`payload-key-rekey-interval`](#configure-authority-security-key-management-payload-key-rekey-interval) | Hours between payload security key regeneration. |
 | [`peer-key-rekey-interval`](#configure-authority-security-key-management-peer-key-rekey-interval) | Hours between security key regeneration for peer routers. |
@@ -45171,33 +46110,35 @@ Options:
 
 ## `configure authority security-key-management key-exchange-algorithm`
 
-Configure Key Exchange Algorithm
+Key exchange algorithm selection for security key management for authority.
 
 ##### Subcommands
 
 | command | description |
 | ------- | ----------- |
 | `delete` | Delete configuration data |
-| [`diffie-hellman`](#configure-authority-security-key-management-key-exchange-algorithm-diffie-hellman) | Configure Diffie Hellman |
+| [`diffie-hellman`](#configure-authority-security-key-management-key-exchange-algorithm-diffie-hellman) | Diffie-Hellman algorithm. |
+| [`diffie-hellman-ml-kem`](#configure-authority-security-key-management-key-exchange-algorithm-diffie-hellman-ml-kem) | Diffie-Hellman and ML-KEM hybrid algorithm. |
+| [`ml-kem`](#configure-authority-security-key-management-key-exchange-algorithm-ml-kem) | ML-KEM algorithm. |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | `show` | Show configuration data for &#x27;key-exchange-algorithm&#x27; |
 
 ## `configure authority security-key-management key-exchange-algorithm diffie-hellman`
 
-Configure Diffie Hellman
+Configure the Diffie-Hellman algorithm.
 
 ##### Subcommands
 
 | command | description |
 | ------- | ----------- |
 | `delete` | Delete configuration data |
-| [`dh-key-size`](#configure-authority-security-key-management-key-exchange-algorithm-diffie-hellman-dh-key-size) | Configure Dh Key Size |
+| [`dh-key-size`](#configure-authority-security-key-management-key-exchange-algorithm-diffie-hellman-dh-key-size) | The key size used for Diffie-Hellman algorithm. |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | `show` | Show configuration data for &#x27;diffie-hellman&#x27; |
 
 ## `configure authority security-key-management key-exchange-algorithm diffie-hellman dh-key-size`
 
-Configure DH Key Size
+The key size used for Diffie-Hellman algorithm.
 
 #### Usage
 
@@ -45223,6 +46164,117 @@ Options:
 - 2048:    2048 bit key size
 - 4096:    4096 bit key size
 
+## `configure authority security-key-management key-exchange-algorithm diffie-hellman-ml-kem`
+
+Diffie-Hellman and ML-KEM hybrid algorithm.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`dh-key-size`](#configure-authority-security-key-management-key-exchange-algorithm-diffie-hellman-ml-kem-dh-key-size) | The key size used for Diffie-Hellman algorithm. |
+| [`ml-kem-key-size`](#configure-authority-security-key-management-key-exchange-algorithm-diffie-hellman-ml-kem-ml-kem-key-size) | The key size used for ML-KEM algorithm. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;diffie-hellman-ml-kem&#x27; |
+
+## `configure authority security-key-management key-exchange-algorithm diffie-hellman-ml-kem dh-key-size`
+
+The key size used for Diffie-Hellman algorithm.
+
+#### Usage
+
+```
+configure authority security-key-management key-exchange-algorithm diffie-hellman-ml-kem dh-key-size [<diffie-hellman-key-size>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| diffie-hellman-key-size | The value to set for this field |
+
+#### Description
+
+##### diffie-hellman-key-size (enumeration)
+
+The key size to use in the Diffie-Hellman key exchange
+
+Options:
+
+- 1024:    1024 bit key size
+- 2048:    2048 bit key size
+- 4096:    4096 bit key size
+
+## `configure authority security-key-management key-exchange-algorithm diffie-hellman-ml-kem ml-kem-key-size`
+
+The key size used for ML-KEM algorithm.
+
+#### Usage
+
+```
+configure authority security-key-management key-exchange-algorithm diffie-hellman-ml-kem ml-kem-key-size [<ml-kem-key-size>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| ml-kem-key-size | The value to set for this field |
+
+#### Description
+
+##### ml-kem-key-size (enumeration)
+
+The key size to use in the ML-KEM key exchange
+
+Options:
+
+- 512:     512 bit key size
+- 768:     768 bit key size
+- 1024:    1024 bit key size
+
+## `configure authority security-key-management key-exchange-algorithm ml-kem`
+
+ML-KEM algorithm.
+
+##### Subcommands
+
+| command | description |
+| ------- | ----------- |
+| `delete` | Delete configuration data |
+| [`ml-kem-key-size`](#configure-authority-security-key-management-key-exchange-algorithm-ml-kem-ml-kem-key-size) | The key size used for ML-KEM algorithm. |
+| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
+| `show` | Show configuration data for &#x27;ml-kem&#x27; |
+
+## `configure authority security-key-management key-exchange-algorithm ml-kem ml-kem-key-size`
+
+The key size used for ML-KEM algorithm.
+
+#### Usage
+
+```
+configure authority security-key-management key-exchange-algorithm ml-kem ml-kem-key-size [<ml-kem-key-size>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| ml-kem-key-size | The value to set for this field |
+
+#### Description
+
+##### ml-kem-key-size (enumeration)
+
+The key size to use in the ML-KEM key exchange
+
+Options:
+
+- 512:     512 bit key size
+- 768:     768 bit key size
+- 1024:    1024 bit key size
+
 ## `configure authority security-key-management payload-key-rekey-interval`
 
 Hours between payload security key regeneration.
@@ -47880,27 +48932,27 @@ An unsigned 32-bit integer.
 
 ## `configure authority service-policy reverse-gateway-change-detection`
 
-Compare the forward packet `source-mac` against the `reverse next-hop arp` entry, and trigger a flow-move for the session to pick up the reverse next-hop update.
+Trigger a session-modify when the packet source-mac does not match the reverse next-hop ARP resolution for sessions that are not from inter-router or inter-node.
 
 #### Usage
 
 ```
-configure authority service-policy reverse-gateway-change-detection enabled
+configure authority service-policy reverse-gateway-change-detection [<boolean>]
 ```
 
 ##### Positional Arguments
 
 | name | description |
 | ---- | ----------- |
-| enumeration | The value to set for this field |
+| boolean | The value to set for this field |
 
 #### Description
 
-Default: disabled
+Default: false
 
-##### enumeration
+##### boolean
 
-A value from a set of predefined names.
+A true or false value.
 
 Options:
 
diff --git a/docs/enhanced-sec-key-mgmt.md b/docs/enhanced-sec-key-mgmt.md
index 2693fcab2a..a9747f2552 100644
--- a/docs/enhanced-sec-key-mgmt.md
+++ b/docs/enhanced-sec-key-mgmt.md
@@ -8,10 +8,11 @@ sidebars-label: Enhanced Security Key Management
 | Release | Modification                |
 | ------- | --------------------------- |
 | 7.0.1   | Enhanced Security Key Management support added. |
+| 7.1.3   | Support for ML-KEM added. |
 
 Security is a critical component of [SD-WAN (software-defined wide area network)](https://www.juniper.net/us/en/products/routers/session-smart-router.html) products in today’s market. [The SSR (Session Smart Router)](about_128t.md) offers several means of ensuring the integrity of data transmitted through the router, such as encrypting application payload content, encrypting SVR (Secure Vector Routing) metadata, and authentication for metadata.
 
-As an example, let's look at the needs of a financial institution. They have to keep transaction traffic secure. If not, the results are catastrophic for both the instution and the individual/companies whose transaction gets hijacked. SSR technology uses SVR along with Enhanced Security Key Management, allowing you to configure unparalelled security without the increased packet size, fragmentation, and increased transaction time [common with IPSec](about_svr_savings.md). This design creates maximum scale, avoids mid-network re-encryption, and provides the ability to rotate keys as required.
+As an example, let's look at the needs of a financial institution. They have to keep transaction traffic secure. If not, the results are catastrophic for both the institution and the individual/companies whose transaction gets hijacked. SSR technology uses SVR along with Enhanced Security Key Management, allowing you to configure unparalelled security without the increased packet size, fragmentation, and increased transaction time [common with IPSec](about_svr_savings.md). This design creates maximum scale, avoids mid-network re-encryption, and provides the ability to rotate keys as required.
 
 The following diagrams show simple examples of how Enhanced Security Key Management can be deployed. 
 
@@ -41,9 +42,9 @@ To understand the value of Enhanced Security Key Management, we can draw some co
 | Encrypt Original IP SA/DA	| ESP | Encrypted with AES-CBC-256 encrypted Metadata sent within first Payload packet using metadata key. | 
 | Secure Channel to exchange keys | IKEv2 | Diffie-Hellman. DH provides 4096-bit Peer key used to encrypt BFD Metadata. | 
 | Confidentiality | Payload is encrypted with the IPSec Tunnel key; however, all individual sessions with the same IPSec tunnel share the same key. There is no confidentiality between sessions sharing the same source and destination address. | Payload encrypted with Per-Flow Payload key; SVR Metadata (containing the Per-Flow Payload key) is encrypted with the SVR Metadata Key. Because each session has a separate key, each session has confidentiality, even between the same source and destination address. | 
-| Integrity	| ESP Authentication Header | HMAC SHA-384 signature signs all SVR Metadata and/or Payload in SVR packet. | 
+| Integrity	| ESP Authentication Header | HMAC SHA-384 nd HMAC-SHA-512 signature signs all SVR Metadata and/or Payload in SVR packet. | 
 | Authentication | IKEv2 PSK or x.509v3 certificates | SSR-signed x.509v3 certificate through root of trust to Intermediate CA installed on SSR| 
-| Data Origin Authentication | HMAC-SHA-384 | HMAC SHA-384 signature| 
+| Data Origin Authentication | HMAC-SHA-384 and HMAC-SHA-512 | HMAC SHA-384 and HMAC-SHA-512 signature | 
 | Replay Protection | Yes | Nonce added for Replay Protection.| 
 | Perfect Forward Secrecy | Yes	| Keys in DH are seeded by Salt. | 
 | IPv4 and IPv6	| Yes | Yes | 
@@ -179,7 +180,7 @@ The peer list of the router must also have the `peering-common-name` of that pee
 
 | Configuration Attributes | Description | 
 | --- | --- |
-| key-exchange-algorithm  | Configure Key Exchange Algorithm |
+| key-exchange-algorithm  | The algorithm to use for exchanging keys between peers. Algorithm types include: `diffie-hellman`, `ml-kem`, or `diffie-hellman-ml-kem`. |
 | payload-key-rekey-interval | Hours between payload security key regeneration. Range is 1-720, or never. Default is 24 hours.  |
 | peer-key-rekey-interval | Hours between security key regeneration for peer routers. Range is 1-720, or never. Default is 24 hours. |
 | peer-key-retransmit-interval | Seconds between security key retransmission for peer routers, when peer key establishment has not been acknowledged. Range is 5-3600. Default is 30 seconds. |
@@ -209,7 +210,7 @@ config
 
     authority
         enhanced-security-key-management  true
-		
+        
         router                  RTR_EAST_CONDUCTOR
             name                RTR_EAST_CONDUCTOR
 
@@ -232,6 +233,148 @@ config
             inter-node-security  internal
 ```
 
+#### Key Exchange Algorithm Router Override
+
+The key exchange algorithm is set at the Authority level, and all existing sessions and keys remain in use until the next key exchange cycle. Any change to the selected algorithm, such as the key-size, will impact the existing environment.
+
+If an administrator selects a new algorithm, you must be certain that all routers/peers in the authority are on the correct version, otherwise new session creation will fail.
+
+To address this use case, a router/peer-path override has been added to enable the transition to a new algorithm within authority. At the router level, configure `key-exchange-algorithm-override`:
+
+**ML-KEM Example**
+
+```
+configure
+    authority
+        router
+            key-exchange-algorithm-override
+                ml-kem
+                    ml-kem-key-size  1024
+                    exit
+                exit
+            exit
+        peer   
+            key-exchange-algorithm-override
+                ml-kem
+                    ml-kem-key-size  1024
+                    exit
+                exit
+            exit          
+        exit 
+    exit
+exit                   
+```
+
+**Hybrid Example**
+
+```
+configure
+    authority
+        router
+            key-exchange-algorithm-override
+                diffie-hellman-ml-kem
+                    ml-kem-key-size  1024
+                    exit
+                exit
+            exit    
+        peer
+            key-exchange-algorithm-override
+                diffie-hellman-ml-kem
+                    ml-kem-key-size  1024
+                    exit
+                exit
+            exit   
+        exit    
+    exit
+exit                
+```
+
+The `diffie-hellman-key-size` can also be specified, or it will use the default value of `2048`.
+
+## Post Quantum Cryptography Support
+
+ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) is a cryptographic protocol used in post-quantum cryptography to securely exchange keys over public channels. This level of protection offers security against both quantum and classical adversaries.
+
+For the SSR, ML-KEM can be used in conjuction with Diffie-Hellman as a hybrid approach to peer-key exchange and encryption. In this configuration, two peer keys are generated after key exchange. BFD metadata is the first encrypted by the DH key, followed by the ML-KEM key. The receiving SSR peer decrypts in reverse order as described below.
+
+In order to take advantage of ML-KEM Cryptography, all devices must be running SSR software that provides support for this feature. 
+
+### How It Works
+
+Each participant generates a public-private key pair for encryption and decryption. These keys are generated upon system startup, are stored securely, and are encrypted with the onboard TPM. 
+
+A Symmetric Key is generated using the [Nist-approved FIPS 203 ML-KEM algorithm](https://csrc.nist.gov/pubs/fips/203/final) and exchanged between the sender and the reciever. This is the shared, secret key used for encryption and decryption.
+
+The encapsulation process wraps the symmetric key in layers of encryption, and the decapsulation process removes the layers using the private key associated with the device. 
+
+Information can then be securely transmitted between devices. 
+
+### Configuration
+
+ML-KEM cryptography is configured under `key-exchange-algorithm` and has the following attributes.
+
+| Configuration Attributes | Description | 
+| --- | --- |
+| `key-exchange-algorithm`  | The algorithm to use for exchanging keys between peers. Algorithm types include: `diffie-hellman`, `ml-kem`, or `diffie-hellman-ml-kem`. |
+| `ml-kem` | Use the `ml-kem-key-size` parameter to define the key size to use. Possible values in order of increasing security strength and decreasing performance are 512, 768 or 1024. |
+| `diffie-hellman` | Use the diffie-hellman-key-size parameter to define the key size to use. Possible values in order of increasing security strength and decreasing performance are 1024, 2048 or 4096. |
+| `diffie-hellman-ml-kem` | Use this parameter if you require hybrid mode cryptography. This employs both methods of encryption for greater security. Be aware that there is a performance impact with this selection. The above values are used and set individually in the configuration. |
+
+**ML-KEM Example**
+
+The ML-KEM key size values are as follows:
+
+- 512: Smallest footprint, highest performance
+- 768: Balanced for most applications - **Default value**
+- 1024: Maximum security for long-lived systems
+
+```
+configure
+    authority
+        security-key-management
+            key-exchange-algorithm
+                ml-kem
+                    ml-kem-key-size 1024
+                exit
+            exit
+        exit
+```
+
+**Diffie-Hellman Example**
+
+The Diffie-Hellman key size values are as follows: 1024, 2048 or 4096
+
+- 1024: Smallest footprint, highest performance
+- 2048: Balanced for most applications - **Default value**
+- 4096: Maximum security
+
+```
+configure
+    authority
+        security-key-management
+            key-exchange-algorithm
+                diffie-hellman
+                    dh-key-size 2048
+                exit
+            exit
+        exit
+```
+
+**Diffie-Hellman ML-KEM Example**
+
+```
+configure
+    authority
+        security-key-management
+            key-exchange-algorithm
+                diffie-hellman-ml-kem
+                    dh-key-size 2048
+                    ml-kem-key-size 1024
+                exit
+            exit
+        exit
+```
+
 ## Troubleshooting
 
 The following Events, Alarms, and Show commands are available to troubleshoot issues encountered with Enhanced Security Key Management. 
diff --git a/docs/release_notes_128t_7.1.md b/docs/release_notes_128t_7.1.md
index 75e9c098a6..644bc9d5b6 100644
--- a/docs/release_notes_128t_7.1.md
+++ b/docs/release_notes_128t_7.1.md
@@ -61,6 +61,76 @@ An issue has been identified that may be observed in conductor deployments runni
 
 An issue has been identified when onboarding SSR routers installed with older versions of software (such as 5.4.4) to Conductors running 6.3.x, when running in offline-mode. In some cases, certain software packages are not available to be installed during onboarding. To work around this issue, import the **package-based** (the "128T" prefixed) ISO for the current conductor version onto the conductor. This provides the necessary software packages to complete the onboarding process. This issue will be resolved in a future release. 
 
+## Release 7.1.3-11r2
+
+**Release Date:** February 25, 2026
+
+### New Features
+
+- **I95-26081 Display negotiated BFD Interval:** The command `show peers bfd-interval` has been added to display  the negotiated bfd-interval in three columns, `Rx Timer`, `Tx Timer`, and `Multiplier`. See [Negotiated BFD Intervals](howto_tune_bfd.md#negotiated-bfd-intervals) for more information.
+------
+- **I95-48934 Configuration Integrity:** SSR Configuration Integrity protects authentication credentials, keys and certificates, network topology information, and other pieces of sensitive SSR configuration from unauthorized access when the system is powered off. It prevents network and SSR operations from executing when the system is determined to be in a compromised state. To learn more, see [Configuration Integrity](concepts-config-integrity.md). 
+------
+- **I95-54247 IMA - SSR Signed packages only execution:** IMA is Linux’s Integrity Measurement Architecture. The SSR400 and SSR440 support IMA validation using GPG Signatures. IMA validation is enabled by default for the root user, allowing the kernel to check the signature of each file before loading it for execution. If these checks fail, execution is denied with a Permission denied (EACCES) error code. For more information, see [Secure Boot - IMA](sec-secure-boot.md#ima).
+------
+- **I95-54248 Smart OS Download:** The SSR download process is now configurable, to provide better recovery and control over software downloads when a network connection fails. To improve resiliency against these network connectivity issues, the SSR queries available versions from all sources before beginning the download. If a request to a source fails, the SSR moves on to the next source. See [Smart OS Download](config-smart-download.md) for more information.
+------
+- **I95-56719 Conductor Scaling:** Several improvements have been made to increase the scale of conductor managed router/node deployments, as well as the reporting of router information, and the efficiency of the device communications. The conductor can now manage up to a combination of 5000 nodes and routers. It should be noted that there are scaling limitations, such as a reasonable configuration complexity. Improvements to web interface responsiveness and updates to the following pages: Peer Path table, Event history, and Peering Connections panel of the Topology view.
+------
+- **I95-58446 EoSVR Loop Prevention:** EoSVR A/S Loop Prevention has been added, allowing EoSVR traffic to pass Broadcast, unknown-unicast, and multicast traffic through a switch without causing the port to be shut down. 
+------
+- **I95-58959 Secure Conductor Onboarding:** Secure Conductor Onboarding (SCO) provides the ability to onboard a router to a conductor ensuring that each device proves possession of a private key, and that the connection is trusted and authenticated. For more information, see [Secure Conductor Onboarding](sec-conductor-onboard.md).
+------
+- **I95-59948 SHA-384 and SHA-512 Support:** Added support for CNSA 2.0 algorithms SHA-384 and SHA-512 to support US Federal government deployments. For additional information, see [`configure-authority-security-hmac-cipher`](config_command_guide.md#configure-authority-security-hmac-cipher).
+------
+- **I95-60209 ML-KEM support [FIPS-203]:** ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) is a cryptographic protocol used in post-quantum cryptography to securely exchange keys over public channels. This level of protection offers security against both quantum and classical adversaries. On the SSR, ML-KEM can be used alone, or in conjuction with Diffie-Hellman as a hybrid approach to peer-key exchange and encryption. For more information, see [Post Quantum Cryptography Support](enhanced-sec-key-mgmt.md#post-quantum-cryptography-support).
+------
+- **I95-61176 Multicast Failover Optimization:** Several internal improvements have been made to improve failover and convergence in both HA and non-HA scenarios for Multicast/PIM, as well as failover times in general.
+------
+- **I95-63476 Router/Peer path override for `key-exchange-algorithm`:** A router/peer-path override has been added to enable the transition to a new algorithm within authority. For more information, see [Key Exchange Algorithm Router Override](enhanced-sec-key-mgmt.md#key-exchange-algorithm-router-override). 
+
+### Resolved Issues
+
+<!---- **The following CVEs have been identified and resolved in this release:** CVE-2024-5642, CVE-2025-6069, CVE-2025-6075, CVE-2025-8291.
+------ --->
+- **I95-57605 BFD link-test-interval not accurate:** Resolved as part of I95-59720. Several modifications have been made to the BFD timers to improve accuracy. 
+------
+- **I95-60545 Attempting network interface lookup with invalid ID:** Resolved an issue where errors due to an invalid ID were flooding the logs. Error logs in highway regarding a failed interface lookup for an invalid interface are now suppressed.
+------
+- **I95-61823 Change `ESKM_DISABLED` to `ESKM_STANDBY` for HA router in standby state:** For routers configured as part of an HA Enhanced Security Key Management (ESKM) deployment, the standby state is now correctly identified as `ESKM_STANDBY`. 
+------
+- **I95-61856 Add `reload local certificates` command for ESKM:** The `reload local certificates` command has been added to allow the updating of local certificates. See [`reload local certificates`](cli_reference.md#reload-local-certificates) for more information. 
+------
+- **I95-62074 Highway requests metadata key from SKM when feature is disabled:** Resolved an issue where even when `enhanced-security-key-management` was disabled, it continued to attempt to get the key information. 
+------
+- **I95-62772 Add details to `show peers certificate` output:** The `show peers certificate` output no longer just shows PEM file output; the data has been rendered in a more friendly format.
+------
+- **I95-62859 Duplicate alarms created for duplicate asset IDs:** Resolved an issue where the Conductor created a duplicate asset ID alarm each time an asset with a duplicate ID tried to authenticate.
+------
+- **I95-63124 Harden HTTPS security:** HTTPS security has been improved and hardened by following best practices. Security headers and SSL algorithms have been updated so that browsers and external clients are only using strong algorithms. Users on older Windows/IE versions can choose to extend the SSR secuirty using `configure authority router <name> system services webserver ssl ciphers`  to allow older ciphers.
+------
+- **I95-63190 SSC process errors causing node disconnections from Conductor:** Resolved an issue where SSC process errors were filling the buffer queue, dropping messages, and causing node disconnections.
+------
+- **I95-63202 Unable to bind interfaces in Azure F8 flavor in West Europe region:** Resolved an issue where driver optimization on lower core count systems required more more memory usage, causing initialization failures.
+------
+- **I95-63292 Add upgrade timeout and rpm operation timeout:** Added the ability to configure the timeout for upgrades and for rpm download/install operations under `config authority router RouterName system software-update`. The defaults are 1 hour for SSR upgrade and 10 minutes for rpm operations.
+------
+- **I95-63356 Do not allow new sessions after peer's certificate expired/revoked:** Resolved an issue where sessions were one peer continued to send new sessions after the other peers' certificate was revoked. When the peer's certificate expires, the peer is now forced to re-initiate the key exchange. 
+------
+- **I95-63368 SSR400/SSR440 PMTU cannot exceed 8978:** Resolved an issue where SSR400/SSR440 PMTU discovery was lower than other platforms. The issue has been resolved, and SSR400/SSR440 PMTU now discovers at 9198.
+------
+- **I95-63422 Factory reset routers not re-onboarding when ESKM enabled:** Resolved an issue where if ESKM was initially started using invalid certificate on one node, it would be unable to onboard until the remote peering relationship is restarted.
+------
+- **I95-63675 Node page in the GUI appears to load indefinitely:** Resolved an issue where the GUI Node page would load infinitely.
+------
+- **I95-63676 Waypoints fail to allocate when the `service-path peer next-hop gateway` is off the subnet:** Resolved an issue where the first network-interface IP was selected as the local IP for waypoint allocation, even if that IP is not a valid waypoint. 
+------ 
+- **I95-63729 Asset state not accurately reported in conductor:** Resolved an issue where issue where the SSH authorized keys from one HA conductor node were deleted after restarting both HA conductor nodes.
+------
+- **I95-63817 Default peering certificates are unable to used configured peering-common-name:** Resolved an issue where the default peering certificates were generated before receiving the configuration. The default generated peering certificate now properly uses the `peering-common-name` SSR configuration element.
+------
+- **I95-63923 Redundant conductor fails to upgrade:** Resolved an issue where a minion disconnects from the conductor node and never attempts to reconnect. The minion watchdog process now restarts the salt minion if it is not connected to all conductor nodes.
+
 ## Release 7.1.0-50r1
 
 **Release Date:** December 4, 2025
diff --git a/docs/sec-cert-based-encrypt.md b/docs/sec-cert-based-encrypt.md
index fd03b16c45..848e217367 100644
--- a/docs/sec-cert-based-encrypt.md
+++ b/docs/sec-cert-based-encrypt.md
@@ -40,7 +40,7 @@ Periodic revocation checks of the base certificate are performed based on the co
 
 ## Certificate Revocation List
 
-Managing the Certificate Revocation List (CRL) includes the discovery, fetching, and periodic updates to CRLs. The SSR can be configured to either dynamically learn revoked and expired certificates and add them to the local CRL, or have the location or locations of the CRL assigned and poll that location at set intervals. The lists of known valid and revoked certificates are gathered and saved locally. The list is then shared with the configured routers.
+Managing the Certificate Revocation List (CRL) includes the discovery, fetching, and periodic updates to CRLs. The SSR can be configured to either dynamically learn revoked and expired certificates and add them to the local CRL, or have the location or locations of the CRL assigned and poll that location at set intervals. The lists of known valid and revoked certificates are gathered and saved locally. The list is then shared among the configured routers. In cases where a certificate has been revoked, the peer path is shut down and traffic from the peer associated with the certificate is rejected. 
 
 If the CRL cannot be retrieved, an alarm will fire and persist until such time as that CRL can be retrieved. 
 
diff --git a/docs/sec-conductor-onboard.md b/docs/sec-conductor-onboard.md
new file mode 100644
index 0000000000..0b12c5125f
--- /dev/null
+++ b/docs/sec-conductor-onboard.md
@@ -0,0 +1,203 @@
+---
+title: Secure Conductor Onboarding
+sidebar_label: Secure Conductor Onboarding
+---
+
+Secure Conductor Onboarding (SCO) provides the ability to onboard a router to a conductor ensuring that each device proves possession of a private key, and that the connection is trusted and authenticated. SCO employs asymmetric cryptography (RSA key pairs) to perform digital signatures and verification. The secure conductor onboarding process leverages the physical or virtual TPM module for mutual authentication. 
+
+When a router has SCO enabled, asset-id based onboarding is disabled. Ports 4505 and 4506 are disabled on the conductor, so any devices not using this feature will fail to onboard to the conductor. In addition, if an SCO enabled device attempts to onboard using the legacy method, the onboarding is rejected.
+
+### Prerequisites
+
+- The `secure-conductor-onboarding` must be enabled
+- The `secure-conductor-onboarding public-key` field must be configured
+- The `secure-conductor-onboarding ca-certificate` field must be configured
+- The conductor nodes must have asset-id's configured
+
+To provide a secure and mutually authenticated onboarding mechanism, the following information must be configured.
+
+- Pre-shared key: The onboarding pre-shared key is a 48-character alpha-numeric string, configured at the router level. This key is mandatory for the SCO process.
+- Conductor Public certificate: A public-private key certificate.
+- Conductor CA certificate: A public certificate signed by a preferred CA signing authority. 
+
+The public certificate and CA certificate are configured on the conductor at the Authority level.
+
+## Basic Configuration 
+
+The following information are the steps to configure and use Secure Conductor Onboarding. For details about any of the commands and steps, see [How It Works](#how-it-works)
+
+- Configure the Conductor where the router will onboard.
+    - Configure the conductor to accept the router.
+- Generate signed certs for the conductor and place the certificates in the appropriate location on the conductor. 
+    ```
+    mv myCA.key /etc/128technology/pki/myCA.key 
+    mv myCA.pem /etc/128technology/pki/myCA.pem 
+    mv server.key /etc/128technology/pki/server.key 
+    mv server.pem /etc/128technology/pki/server.pem 
+    ```
+:::note
+Only RSA keys are supported at this time. 
+::: 
+
+- Load the certificate for SCO configuration. 
+    ```
+    configure authority client-certificate server file server 
+    configure authority trusted-ca-certificate myCA file myCA 
+    ```
+
+- Enable ssh-only for asset resiliency. 
+    `configure authority asset-connection-resiliency ssh-only true `
+
+- On the conductor, enable SCO for each router. 
+    - For devices with a built-in dev-id certificate 
+    ```
+    config authority router router1 system secure-conductor-onboarding mode strong 
+    config authority router router1 system secure-conductor-onboarding pre-shared-secret  (removed)
+    ``` 
+    - For Public cloud VMs with vTPM  
+    ```
+    config authority router router1 system secure-conductor-onboarding mode strong 
+    config authority router router1 system secure-conductor-onboarding pre-shared-secret  (removed) 
+    config authority router router1 node node0 secure-conductor-onboarding endorsement-key  (text/plain) 
+    ```
+
+Configuring a pre-shared-secret is an optional parameter. If one is not specifically configured, it will be automatically generated.
+
+:::note
+To read the EK from the public cloud instance, run `tpm2_readpublic -c 0x81010001 -f DER -o /dev/stdout -Q | base64 -w0` and configure the contents in the endorsement-key field above. 
+:::
+
+:::note
+After SCO is enabled on the conductor and the conductor is restarted, ports 4505 and 4506 are automatically closed. 
+:::
+
+- Create the SCO token on the conductor. 
+    ```
+    create secure-conductor-onboarding token router-name <router> [expiration-timeout <1d>] 
+    ```
+
+- Enter the token and other onboarding details using CLI commands, or in the Onboarding interface. 
+
+    After the user generates an onboarding token, enter the token and other onboarding details in the onboarding UI or using CLI commands. There are two methods to onboard a router:
+
+    - Using the Command line: `create secure-conductor-onboarding token` command and `onboarding-config.json`.
+    - Mist Conductor Redirect: In the Mist interface, token information is entered with the conductor IP address. This information is sent to the router once SZTP has been completed and then passed to the router client to perform secure conductor onboarding.
+
+Once the process is initiated, the conductor CA certificate is loaded on the system as a trusted CA, allowing the device to trust the conductor in subsequent workflows.
+
+### Onboarding Workflow
+
+Once the Secure Conductor Onboarding workflow is initiated, the router performs the following:
+
+1. Establish a TLS connection to the conductor on port 933.
+2. Perform mutual authentication over TLS socket to ensure the client and server can trust one another.
+3. Once the connection is validated by both parties, the persistent SSH keys for establishing SSH tunnels between router and conductor are exchanged.
+4. The router connects to the conductor over port 930 using the SSH keys exchanged in previous steps.
+5. The router is prepped and initialized by the conductor. During this process, the system goes through the reboot cycle.
+
+Once the secure SSH tunnels are established, the SCO workflow concludes. All future communication between the router and conductor will occur over port 930.
+
+### Known Caveats 
+
+- Once SCO is enabled on the HA conductor, both conductor nodes must be restarted. 
+
+- Only RSA key-based certificates are supported on the conductor at this time. 
+
+## How It Works
+
+The following sections provide details about the commands and parameters used for Secure Conductor Onboarding. 
+
+### Router Level Configuration Parameters
+
+The following parameters are required, and are configured at the Router level.
+
+`configure authority router system secure-conductor-onboarding mode`
+
+- `disabled`: Default is true, must be false to enable.
+- `weak`: This setting enables SCO but allows the router to use a self-signed certificate, and can be used on devices with no TPM. Generates a self signed certificate per authentication attempt for non-TPM devices. For TPM devices, the certificate from the TPM is used. The conductor does not verify that these certificates are signed by a CA.
+- `strong`: On SSR devices manufactured with a device ID (SSR400/SSR440), `strong` mode ensures that the asset-id matches the serial number field in the subject line of the router’s public certificate. For vTPM workflows, the router’s endorsement key must match the `endorsement-key` configuration. 
+
+### Conductor Configuration
+
+To enable this feature on the conductor, verify the following:
+
+- The `secure-conductor-onboarding public-key` field must be configured.
+- The `secure-conductor-onboarding ca-certificate` field must be configured.
+
+When all routers have SCO enabled, the legacy asset-id based onboarding is disabled. Ports 4505 and 4506 are disabled on the conductor to prevent any devices not using this feature from onboarding. In addition, if a SCO enabled device attempts to onboard using the legacy method, the attempt will be rejected.
+
+To provide secure and mutually authenticated onboarding, the following additional information is required.
+
+- Pre-shared key
+- Conductor Public certificate
+- Conductor CA certificate
+
+The onboarding pre-shared key will be 48-character alpha-numeric string configured at the router level. This key is mandatory for SCO process to work successfully.
+The conductor is expected to contain a public-private key certificate with the additional option to sign the public certificate by the organization’s preferred CA signing authority. The public certificate and CA certificate will be configured in the conductor data model.
+
+## Token Creation
+
+Create a router level token:
+
+`create secure-conductor-onboarding token router <router> [expiration-timeout <1d>]`
+
+`expiration-timeout` is optionaL. Default is 1 day. 1 year (1y) is the maximum value.
+
+Token creation requires the following:
+
+- The fields `secure-conductor-onboarding ca-certificate` and `secure-conductor-onboarding public-certificate` must be configured, valid, and signed by the root CA of the conductor. 
+
+- SCO must be enabled on the conductor at the Authority or per router level (can be both).
+
+- The router and node must be configured with at least the minimum valid configuration. For example, a minimum configuration for a standalone node: 
+
+```
+router min-router
+    name min-router 
+    inter-node-security internal
+    node min-node 
+        name min-node 
+        asset-id test-id 
+        role combo 
+    exit
+exit
+```
+
+If any checks fail, the `create secure-conductor-onboarding token` command returns an error with an explanation. This command can be run as many times as needed for each router. All information to form the token is present in the configuration.
+
+The CA certificate is read from disk at the location given in `secure-conductor-onboarding ca-certificate`.  
+
+### Token Contents
+
+The next step in the process is to generate an onboarding token from the conductor Web interface, command line, or using APIs. The generated tokens are signed by the conductor’s private key so that they cannot be altered once generated. The SSR supports Router-specific tokens. These are mutually exclusive and are defined in the configuration.
+
+### Router-Specific Tokens
+
+For better control over distribution and re-use of tokens the user can request unique tokens per router. In this mode it is required that an `asset-id` be assigned to each node within the router before generating a token. 
+
+The onboarding-token uses the JSON Web Token format. Below is an example of the payload section. Additional information about the router configuration necessary for initialization can also be included in the token.
+
+```
+{
+    “conductor-public-cert": “<base64 encoded public cert >”,
+    “conductor-ca-cert": “<base64 encoded ca cert >”,
+    “secret”: “<base64 encoded 48 byte string>”,
+    “asset-id”: [“node0-asset-id”, “node1-asset-id”],
+    “exp”: 1234567
+}
+```
+
+### Invalid Tokens
+
+The onboarding tokens are stateless and self-contained. If a token is compromised or no longer necessary, they can be labeled as invalid, and removed. 
+
+- Expiration: Token automatically becomes invalid after the expiration date. Since the token is signed by the conductor, the expiration time cannot be modified by the end user. 
+
+:::note 
+The conductor’s current date/time is used to validate the expiration. If the conductor undergoes any significant time skew, it could result in accidental invalidation of user tokens. It is imperative that conductors use an external NTP source.
+:::
+
+- Change pre-shared key: To invalidate unexpired tokens, the user can change the pre-shared key in the conductor configuration. This is done at the authority or router level, based on the mode of operation.
+
+- Update conductor certificate: When the conductor certificate expires and a new certificate is installed, all existing tokens signed by the old certificate are no longer valid. The details of how to update the conductor certificate follow existing supported procedures.
+
diff --git a/docs/sec-disable-ports.md b/docs/sec-disable-ports.md
index 609989dfa9..c72c1316a4 100644
--- a/docs/sec-disable-ports.md
+++ b/docs/sec-disable-ports.md
@@ -3,6 +3,12 @@ title: Disable SSR4x0 Management Interfaces
 sidebar_label: Disable SSR4x0 Management Interfaces
 ---
 
+#### Version History
+
+| Release | Modification                |
+| ------- | --------------------------- |
+| 7.1.0   | Support for disabling SSR4x0 Managment interfaces added. |
+
 The following configuration fields have been added to node configuration, allowing you to control physical security features on the SSR4x0 series. A `true` setting enables the feature, `false` disables the feature. 
 
 ```
@@ -31,7 +37,7 @@ config authority router router1 node node1 reset-button-enabled true
 ![Disable ports from the GUI](/img/sec-disable-ports-gui.png)
 
 :::note
-Changes made and committed require a reboot to enable or disable.
+Changes made and committed require a reboot to take effect.
 :::
 
 ## How It Works
@@ -44,7 +50,7 @@ When disabled (set to **false**), the USB host controller is excluded from the `
 
 ### Disable Reset Pushbutton
 
-When disabled (set to **false**), the pushbutton interrupt is disabled, and no action will be taken by the operating system or applications in response to a button push. However, with the pushbutton disabled, device reboot is possible from either the command line or through Mist. 
+When disabled (set to **false**), the push button interrupt is disabled, and no action will be taken by the operating system or applications in response to a button push. However, with the push button disabled, device reboot is possible from either the command line or through Mist. 
 
 ### Disable Serial Console Port
 
@@ -54,7 +60,7 @@ See [Uninterruptable Boot Process](#uninterruptable-boot-process) below for impo
 
 ### Disable Firmware Recovery
 
-When disabled (set to **false**), the boot firmware `Press Esc to boot from USB` option and the image boot menu are prevented. The configured active boot image will be auto loaded; no recovery paths are available in the event of a boot failure.
+When disabled (set to **false**), the boot firmware `Press Esc to boot from USB` option and the image boot menu are prevented. The configured active boot image will be auto loaded; no recovery paths except system zeroization are available in the event of a boot failure.
 
 See [Uninterruptable Boot Process](#uninterruptable-boot-process) below for important information.
 
@@ -62,7 +68,9 @@ See [Uninterruptable Boot Process](#uninterruptable-boot-process) below for impo
 
 This feature is configured on the SSR400 and SSR440 by setting **both** the Serial Console Port and Firmware Recovery as **disabled**. When configured, it means that a failed upgrade will not allow the user to select the image on the other volume (since the Console port is disabled, no user input is possible).  
 
-If **both** the Serial Console Port and Firmware Recovery are disabled, and an incorrect or empty IP address is configured for one of the Ethernet ports (or system boot repeatedly fails for any other reason), use the Fail-Safe Restore process for recovery.
+If **both** the Serial Console Port and Firmware Recovery are disabled, and an incorrect or empty IP address is configured for one of the Ethernet ports (or system boot repeatedly fails for any other reason), use the push button to [Reset to the Rescue configuration](config-factory-reset.md#reset-to-the-rescue-configuration).
+
+If the Reset push button is also disabled, the [Zeroization process](config-factory-reset.md#ssr400-and-ssr-440-zeroization) or RMA to Juniper are the only methods available for recovery.
 
 **It is strongly recommended that recovery not be disabled on production units until post-deployment boot has been successfully validated.**
 
diff --git a/docs/sec-secure-boot.md b/docs/sec-secure-boot.md
index 49258db1bd..690ed6ddca 100644
--- a/docs/sec-secure-boot.md
+++ b/docs/sec-secure-boot.md
@@ -3,9 +3,27 @@ title: Secure Boot
 sidebar_label: Secure Boot
 ---
 
-SSR-400/SSR-440 are factory configured with a cryptographic public key that only allows an authenticated firmware image to run on the device. 
+#### Version History
+
+| Release | Modification                |
+| ------- | --------------------------- |
+| 7.1.0   | Secure Boot support added. |
+| 7.1.3   | IMA support added. |
+
+The SSR400 and SSR440 are factory configured with a cryptographic public key that only allows an authenticated firmware image to run on the device. 
 
 Secure boot ensures that only trusted (Juniper-signed) code will run from power-on through to linux OS boot. Kernel IMA ensures that only trusted (Juniper or Oracle signed) code will run in the Linux OS, kernel loadable driver modules, and the SSR application.
 
 If authentication fails due to corruption or tampering, the boot processes terminates and the system will reset.
 
+### IMA
+
+IMA is Linux’s Integrity Measurement Architecture. The SSR400 and SSR440 support IMA validation using GPG Signatures. IMA is not available on virtual machines or on the SSR1x0 and SSR1x00 series devices. 
+
+During the SSR software build process, every executable file (binaries, libraries, scripts, etc.) is signed. The signature is embedded into the root file system extended attributes of the file. 
+
+IMA validation is enabled by default for the root user, allowing the kernel to check the signature of each file before loading it for execution. Secondary kernels, and kernel loadable modules, are also validated before execution. If these checks fail, execution is denied with a **Permission denied** (EACCES) error code.
+
+:::important
+IDP is excluded from IMA.
+::: 
\ No newline at end of file
diff --git a/docs/ssr-chassis-manager.md b/docs/ssr-chassis-manager.md
index 15f5a7a541..158ecd1cd4 100644
--- a/docs/ssr-chassis-manager.md
+++ b/docs/ssr-chassis-manager.md
@@ -7,7 +7,7 @@ The SSR400 and SSR440 support an integrated Chassis Manager to help monitor conn
 
 ## Chassis Manager
 
-Interaction with the Chassis Manager is performed through CLI commands and button presses on the front of the SSR400/SSR440 chassis. Components include the LED Manager and Temperature Manager. 
+Interaction with the Chassis Manager is performed through CLI commands and button presses on the front of the SSR400 and SSR440 chassis. Components include the LED Manager and Temperature Manager. 
 
 ### LED Manager
 
@@ -22,15 +22,25 @@ The System LED displays the following colors to report system state:
 
 The presence of any major or critical alarms will cause degraded service, resulting in the system LED showing purple. If a Purple or Red LED is seen, use `show alarms` to view the details of the error or alarm. 
 
-Port LEDs have the following behavior to identify port status.
+### Port Status LEDs
 
-#### Left LED - Link Activity
+Port LEDs have the following behavior to identify port status. The following diagrams identify the port status LEDs for SFP and RJ-45 ports.
+
+**SFP Network Port Status LED Orientation**
+
+![SFP Port Status LEDs](/img/ssr-4x0-ports-g103129.png)
+
+**RJ-45 Network Port Status LED Orientation**
+
+![RJ-45 Port Status LEDs](/img/ssr-4x0-ports-g103131.png)
+
+#### Left LED (1) - Link Activity
 
 - Blinking Green: The port and the link are active, and there is link activity.
 - Green On Steadily: The port and the link are active, but there is no link activity.
 - Off: The port is not active.
 
-#### Right LED - Port Speed
+#### Right LED (2) - Port Speed
 
 Port speed is indicated with the following behavior.
 
@@ -83,4 +93,37 @@ The following commands are only available on the SSR400 and SSR440 platforms. Wh
 | [`show chassis temperature`](cli_reference.md#show-chassis-temperature) | Show chassis temperature sensor readings |
 | [`show chassis temperature-thresholds`](cli_reference.md#show-chassis-temperature-thresholds) | Show chassis temperature thresholds |
 
+### DC Power LEDs
+
+The DC Power LEDs are not managed by the Chassis Manager, but the LEDs are used to indicate status.
+
+- Steady Green: Receiving power
+- Off: Power failure or no power
+
+### HA Port Status LEDs
+
+The HA Port Status LEDs are located on the HA ports on the rear of the device, and are not managed by the Chassis Manager. However, the LEDs are used to indicate the Link Activity and Speed.
+
+![HA Port LEDs](/img/ssr-4x0-ports-g103130.png)
+
+**Left LED (1) - Port Activity**
+
+Port activity is indicated with the following behavior:
+
+- Blinking Green: The port and the link are active, and there is link activity.
+
+- Steady Green: The port and the link are active, but there is no link activity.
+
+- Off: The port is not active.
+
+**Right LED (2) - Port Speed**
+
+Port speed is indicated with the following behavior.
+
+- Blinking Green: 1000 Mbps (1 blink per second)
+
+- Steady Green: 100 Mbps
+
+- Unlit: 10 Mbps
+
 
diff --git a/sidebars.js b/sidebars.js
index 0657f07029..c7a5cb5199 100644
--- a/sidebars.js
+++ b/sidebars.js
@@ -124,6 +124,7 @@ module.exports = {
       "initialize_u-iso_device",
       "initialize_u-iso_adv_workflow",
       "sec-ztp-web-proxy",
+      "sec-conductor-onboard", 
     ],
     "Cloud / Hypervisor Installations": [
       "supported_cloud_platforms",
@@ -207,6 +208,7 @@ module.exports = {
       "intro_upgrading",
       "upgrade_ibu_conductor",
       "upgrade_router",
+      "config-smart-download",
       "upgrade_restricted_access",
       "upgrade-ssr-4x0-manual",
       "upgrade_legacy",
@@ -370,11 +372,13 @@ module.exports = {
           "sec_hardening_guidelines",
           "sec_security_policy",
           "sec_adaptive_encrypt",
-          "sec_firewall_filtering",          
+          "sec_firewall_filtering",  
+          "concept-tpm",        
           "sec-config-seim-syslog",          
           "sec-ddos-resilience",          
           "sec-usb-security",
           "sec-secure-boot",
+          "concepts-config-integrity",
           "sec-disable-console-output",
           "sec-disable-ports",
           "config-custom-certs",
diff --git a/static/img/config-smartdwnld-pause.png b/static/img/config-smartdwnld-pause.png
new file mode 100644
index 0000000000..decd4298fc
Binary files /dev/null and b/static/img/config-smartdwnld-pause.png differ
diff --git a/static/img/config-smartdwnld-resume-delete.png b/static/img/config-smartdwnld-resume-delete.png
new file mode 100644
index 0000000000..91d3ba250c
Binary files /dev/null and b/static/img/config-smartdwnld-resume-delete.png differ
diff --git a/static/img/ssr-4x0-ports-g103129.png b/static/img/ssr-4x0-ports-g103129.png
new file mode 100644
index 0000000000..fbcce789c7
Binary files /dev/null and b/static/img/ssr-4x0-ports-g103129.png differ
diff --git a/static/img/ssr-4x0-ports-g103130.png b/static/img/ssr-4x0-ports-g103130.png
new file mode 100644
index 0000000000..aa4eff6a33
Binary files /dev/null and b/static/img/ssr-4x0-ports-g103130.png differ
diff --git a/static/img/ssr-4x0-ports-g103131.png b/static/img/ssr-4x0-ports-g103131.png
new file mode 100644
index 0000000000..699c7c2130
Binary files /dev/null and b/static/img/ssr-4x0-ports-g103131.png differ