The L2 EVPN MPLS feature is available when configuring BGP in the multi-agent routing protocol model. Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers.

Support for AES GCM has been added as a method for storing symmetric secrets in EOS. This applies to secrets that must be

The default policy behavior is to permit/accept all routes when a BGP neighbor or peer group is configured with a route

BGP Non Stop Forwarding (NSF) aims to minimize the traffic loss when the the following scenarios occur:

This feature improves the switch behavior when it overheats. The feature can be configured using the CLI.

DHCPv6 relay supports Remote ID option (37) insertion in relay messages providing the Layer 3 interface name on which

Tagging traffic with a drop precedence is a method that can be used to differentiate traffic flows over a given

In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.

EVPN MPLS VPWS (RFC 8214) provides the ability to forward customer traffic to / from a given attachment circuit (AC) without any MAC lookup / learning. The basic advantage of VPWS over an L2 EVPN is the reduced control plane signalling due to not exchanging MAC address information. In contrast to LDP pseudowires, EVPN MPLS VPWS uses BGP for signalling. Port based and VLAN based services are supported.

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch, allowing you to determine which interfaces a packet would egress out of. Typical use cases include, but are not limited to, determining egress members for Port-Channels and ECMPs.

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch and allows

Traditionally, the OpenConfig gNMI service is based on a dial in model. A client sends a request to the gNMI server and

Prior to EOS 4.27.0F, MPLS tunnel egress counters could only be enabled for all MPLS tunnels present in the system

gNOI (gRPC Network Operations Interface) defines a set of gRPC based microservices for executing operational

Arista campus switches allow extensive and fine grained hardware based flow tracking and management features. They

IGP shortcuts enable traffic to get forwarded along traffic engineered paths computed by RSVP using a modified SPF

This document describes the support for interface policing counters on interfaces where interface policing feature is configured. Counters for this feature provide information on how many packets are being allowed or dropped on a given interface via the policers configured. The counters are only supported on interfaces where dedicated policers are configured.

IP Locking is an EOS feature configured on an Ethernet Layer 2 port.  When enabled, it ensures that a port will only

This feature allows configuration of the IS IS CSNP generation interval. The default CSNP interval is 10

IS-IS flexible algorithm (FlexAlgo) provides a lightweight, simplified mechanism for performing basic traffic engineering functions within a single IS-IS area. FlexAlgo requires the cooperation of all nodes within the IS-IS area but does not require an external controller. Paths are computed by each node within the area, resulting in an MPLS switched forwarding path to nodes that are advertising a node Segment Identifier (SID) for the algorithm. The results of the path computation are placed in the colored tunnel RIB or system tunnel RIB, which simplifies route resolution.

This feature provides support for multiple IS IS instances in the default VRF.  Multiple IS IS instances are only

This feature will allow the user to select whether port mirror destinations of type GRE tunnel include the optional “key” field in the GRE header on certain platforms. The key field allows the user to uniquely identify a particular packet flow. The feature also allows the user to specify the value of the 32 bit key field.

Normally, a switch traps L2 protocol frames to the CPU. However, certain use-cases may require these frames to be forwarded or dropped. And in cases where the L2 protocol frames are forwarded (eg: Pseudowire), we may require the frames to be trapped to the CPU or dropped. The L2 Protocol Forwarding feature provides a mechanism to control the behavior of L2 protocol frames received on a port or subinterface.

The LDP pseudowire feature provides support for emulating Ethernet connections over a Multiprotocol Label

Egress Peer Engineering (EPE) using BGP LU enables traffic engineering of the links between Autonomous Systems

Generic UDP Encapsulation (GUE) is a general method for encapsulating packets of arbitrary IP protocols within a UDP tunnel. GUE provides an extensible header format with optional data. In this release, the ability to encapsulate MPLS over GUE packets of variant 1 header format has been added. 

The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface. Clamping MSS value helps in avoiding IP fragmentation in tunnel scenarios by ensuring that MSS is small enough to accommodate the extra overhead of GRE and tunnel outer IP headers.

[L2 EVPN] and  [Multicast EVPN IRB] solutions allow for the delivery of customer BUM (Broadcast, Unknown unicast and Multicast) traffic in a L2VPN and L3VPNs respectively using multicast in the underlay network.

Non default VRF support is now available for Static unicast NAT. Twice NAT. Dynamic NAT. VRF support

A Link Aggregation Group (LAG) is used to aggregate/gather together multiple physical links into a single logical

Policing is typically done on the L2 packet size - that is, the size on the wire, excluding the Preamble, Start Frame Delimiter (SFD), and Interpacket Gap (IPG). To ensure that the policer polices the right amount of L2 packet size, a default packet size adjustment is configured, which is deducted from the size seen on wire. The default packet size adjustment corrects the size observed for every traffic type, except for L3 traffic on DCS-7280R, DCS-7280R2, DCS-7500R, and DCS-7500R2 series (see Description part for details).

The postcard telemetry (GreenT - GRE Encapsulated Telemetry) feature is used to gather per flow telemetry information like path and per hop latency. For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency and congestion information for flows at different times.

Power over Ethernet (PoE) is a way of delivering power and data over the same Ethernet wires. There have been multiple

This brief TOI describes a small update made to Arista’s implementation of the Best Master Clock Algorithm (BMCA),

RADIUS protocol specifies the existence of Dynamic Authorization messages which provides a mechanism to change the

Traffic steering enables traffic for a specified set of prefixes to get forwarded along traffic engineered paths

RSVP TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels

Segment Routing Traffic Engineering Policy (SR TE) aka SR Policy makes use of Segment Routing (SR) to allow a headend

This feature extends the existing functionality to set explicit next hop addresses for vpn ipv4 and vpn ipv6 routes.

The sFlow source IP address (also known as the agent IP address) is placed in the sFlow datagrams that the switch sends

This is an infrastructure that provides management of SSL certificates, keys and profiles. SSL/TLS is an application-layer protocol that provides secure transport between client and server through a combination of authentication, encryption and data integrity. SSL/TLS uses certificates and private-public key pairs to provide this security.

Stateful switchover is a redundancy mode available on systems with 2 supervisor cards. One supervisor card is active

Support for matching of DSCP / ECN is available under the QOS class map configuration on Arista switches.

In Dynamic Path Selection (DPS), it takes a fixed 5 seconds in order to detect failure in the path as the underlying

This feature adds support for CPU traffic policy capable of matching and acting on IP traffic which would otherwise

Dynamic NAT is a feature which dynamically allocates an IP address to an incoming or outgoing flow. This address will replace source or destination IP for all packets of the flow.

Nexthop groups is a routing mechanism where users can configure a set of nexthops by specifying their nexthop

IPv4 Unicast Reverse Path Forwarding (uRPF) can help limit malicious IPv4 traffic on a network. uRPF works by enabling the router to verify reachability (routing) of the source IP address (SIP) in the packet being forwarded. If the SIP is determined to not be a valid address, the packet is dropped.

IPv6 Unicast Reverse Path Forwarding (uRPF) can help limit malicious IPv6  traffic on a network. uRPF works by

This feature extends the capabilities of Tap Aggregation traffic steering to allow for using interface traffic policies. Initially, interface traffic policies only allowed packet drop, count, qos (set traffic class, set dscp) and log actions.