EOS 4.27.2F TOI

This document describes the configuration and behavior of physical interfaces on the 7388-series switches and Linecards (LC)

802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.

AAA accounting records can be enabled for OpenConfig gNMI/gNOI RPCs. Accounting records can be logged to the TACACS+ server, RADIUS server, or to syslog.

This feature adds support for sending and receiving BGP IPv6 labeled-unicast routes with IPv4-mapped IPv6 next hops. With this feature enabled, when a BGP speaker receives a next hop with IPv4-mapped IPv6 address,

BGP Non Stop Forwarding (NSF) aims to minimize the traffic loss when the the following scenarios occur:

Cable diagnostics is a feature to detect faults with twisted pair copper cables and measure the cable length.

EOS supports the DHCP Relay feature, which relays DHCP Requests/Responses between DHCP clients and DHCP servers in different subnets. 

DHCPv6 Prefix Delegation support enables a DHCP relay agent to program routes for addresses assigned by a DHCP server. The assigned prefixes could either be DHCPv6 IA_PD prefix delegation addresses, or DHCPv6 IA_NA global /128 addresses.

DirectFlow runs alongside the existing layer 2/3 forwarding plane, enabling a network architecture that incorporates new capabilities, such as TAP aggregation and custom traffic engineering, alongside traditional forwarding models. DirectFlow allows users to define flows that consist of match conditions and actions to perform that are a superset of the OpenFlow 1.0 specification. DirectFlow does not require a controller or any third party integration as flows can be installed via the CLI.

Multiprotocol Label Switching (MPLS) is a networking process that replaces complete network addresses with shortest path labels for directing data packets to network nodes.

Multiple dynamic counter features may be enabled simultaneously, primarily configured using the [no] hardware counter feature [feature] CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.

Interfaceful IP-VRF to IP-VRF communication uses a pair of routes to distribute IP subnet information, rather than a single EVPN type-5 route. 

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch, allowing you to determine which interfaces a packet would egress out of. Typical use cases include, but are not limited to, determining egress members for Port-Channels and ECMPs.

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch, allowing you to determine which interface(s) a packet would egress out of. This feature has been expanded upon with support for packets specified as a byte stream, allowing you to fully specify the packet.

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch and allows

This feature introduces hardware forwarding support for IPv4-over-IPv4 GRE tunnel interfaces on selected Arista

For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency, queue and congestion information for flows at different times. The inband telemetry feature(INT), based on Inband Flow Analyzer RFC draft -IFA 2.0 and IFA 1.0(on some platforms) , is used to gather per flow telemetry information like path, per hop latency and congestion. INT is supported for both IPv4 and IPv6 traffic.

In a typical switch deployment, multiple ports can have the same configuration, such as description and access VLAN.

This feature allows the user to match the 20 bit IPV6 flow label using the Qos Policy Map and allows to classify the flow-label controlled traffic.

This feature provides support for packet and byte ingress counters for IPv6 multicast routes.

This feature will allow the user to select whether port mirror destinations of type GRE tunnel include the optional “key” field in the GRE header on certain platforms. The key field allows the user to uniquely identify a particular packet flow. The feature also allows the user to specify the value of the 32 bit key field.

A L2 sub-interface is a logical bridging endpoint associated with traffic on an interface distinguished by 802.1Q tags, where each <interface, 802.1q tag> tuple is treated as a first class bridging interface.

LANZ adds support for configuring global thresholds for Ethernet ports on DCS 7020, DCS 7050TX, DCS 7050X2, DCS

LANZ is the EOS Latency and congestion ANalyZer. On DCS-7280, DCS-7020, DCS-7500 and DCS-7800 series, it allows monitoring congestion and transmit latencies on both front panel and CPU ports.

LDP per-neighbor authentication provides greater flexibility in the authentication of LDP routers in a network. Individual routers or groups of routers may be configured with different passwords to enhance security and to ensure certain routers do not exchange MPLS

This TOI describes the MAC limit per VLAN feature which can be used to limit the number of locally learned MAC addresses per VLAN.

This document explains how to configure and deploy Arista MSS-FW with Palo Alto Networks firewalls and Panorama in a Layer 3 deployment with HA (High Availability) support. The Panorama management server can be deployed as either a virtual or a hardware appliance.

Media Access Control Security (MACSec) is an industry standard encryption mechanism that protects all traffic flowing on the Ethernet links. MACSec is based on IEEE 802.1X and IEEE 802.1AE standards.

MAC security uses MACsec Key Agreement ( MKA ) protocol for negotiation between peers using pre-shared key or 802.1X based CAK/CKN and eventually derives Secure Association Key ( SAK ).

Multiprotocol Label Switching (MPLS) is a networking process that replaces complete network addresses with short

The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface. Clamping MSS value helps in avoiding IP fragmentation in tunnel scenarios by ensuring that MSS is small enough to accommodate the extra overhead of GRE and tunnel outer IP headers.

This command configures the default speed on all of the OSFP and QSFP-DD ports on a system. It can be applied on ports without any transceivers inserted.

This feature provides support for SPIFFE-ID in OpenConfig. The SPIFFE-ID will take precedence over any metadata usernames or common name username found. This username will be used for all AAA operations. 

IPv4 routes of certain prefix lengths can be optimized for enhanced route scale on 7500R, 7280R, 7500R2 and 7280R2

IPv4 routes of certain prefix lengths can be optimized for enhanced route scale using this feature. This feature is ideally suited to achieve route scale when route distribution has a large number of routes concentrated across the prefix-lengths 24, 23 and 22. EOS 4.27.2F offers 8-to-1 compression of routes as an enhancement.

This feature adds support for making the various OSPFv3 counters accessible via CLI.

This document describes a new CLI command to help debug how and why policy permits and denies paths. The aim of this CLI command is for the user to debug a route map or RCF (Routing Control Functions) function by specifying as input a prefix for which BGP has reachability for, either via a BGP peer or a redistribute source.

Policy-based routing (PBR) is a feature that is applied on routable ports, to preferentially route packets. Forwarding is based on a policy that is enforced at the ingress of the applied interface and overrides normal routing decisions. In addition to matches on regular ACLs, PBR policy-maps can also include “raw match” statements that look like a single entry of an ACL as a convenience for users.

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.

Routing Control Functions (RCF) is a language that can express route filtering and attribute modification logic in a powerful and programmatic fashion.The document covers: Configurations of a RCF function for BGP points of application

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion. 

RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.

The CCS-750X-48ZXP is a 48 port 10GBASE-T linecard, capable of several full-duplex link speeds to support connecting to a variety of compatible devices of varying capabilities. All supported linkup speeds on this card can be automatically selected during the linkup process using IEEE 802.3 Clause 28 auto-negotiation. Note that IEEE 802.3 also allows for speeds lower than 1Gbps to link up without clause 28 auto-negotiation.

This feature adds support for a selected set of configured interfaces to collect egress flow samples. Egress sFlow can be configured on ethernet and port-channel interfaces.

A L2 sub-interface is a logical bridging endpoint associated with traffic on an interface distinguished by 802.1Q tags, where each <interface, 802.1Q tag> tuple is treated as a first-class bridging interface. 

This TOI supplements the Ingress Traffic Policy applied on ingress interfaces. Please refer to that document for a description of Traffic Policies and field-sets. This TOI explains the Traffic Policies as applied in the egress direction on interfaces

Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.

Several customers have expressed interest in using IPv6 addresses for VxLAN underlay in their Data Centers (DC). Prior to 4.27.2F, only IPv4 addresses are supported for VxLAN underlay, i.e VTEPs are reachable via IPv4 addresses only. This feature enables a VTEP to send VxLAN Encapsulated packets using IPv6 underlay.

This feature introduces hardware forwarding support of IPv4 multicast traffic over IPv4 GRE tunnel interfaces in Arista Switches. Multicast source traffic can reach the receivers which are separated by an IP cloud which is not configured for IP multicast routing by utilizing a GRE tunnel.

This article describes the Tap Aggregation MAC Address Replacement feature. This feature provides the ability to configure user-specific values to replace the destination and source MAC addresses of packets forwarded by Tap Aggregation.