The primary challenge with using a switching ASIC as a load balancer has been how to deal with changes in the network topology without disrupting existing TCP connections.

The L2 EVPN MPLS feature is available when configuring BGP in the multi-agent routing protocol model. Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers.

802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.

The BGP-LS extension to be obsoleted allows IGP (OSPF/IS-IS) link state database information to be injected into BGP. This is typically used in deployments where some external component, (like a controller or Path Computation Engine) can do centralized path computations by learning the entire IGP topology through BGP-LS. The controller can then communicate the computed paths based on the BGP-LS updates to the head end device in the network. 

When a Provider Edge (PE) device loses BGP connectivity to the core (uplink) devices, it may be unable to forward any traffic from its downlink devices, typically CE (Customer Edge) devices. It is beneficial to indicate this connectivity loss to these CE devices so that they may find alternative paths to forward traffic.

This feature allows failover to backup path to occur in constant time per interface going down for features such as RSVP link protection, RSVP node protection, TI-LFA link protection, and BGP PIC. Without this feature enabled, it would take time proportional to the number of paths going over the interface experiencing the link down event to failover to the backup path. 

Routes covered by a resilient equal-cost multi-path (RECMP) prefix are types of routes that make use of hardware tables dedicated for equal-cost multi-path (ECMP) routing.

The “maximum-paths <m>” (default m=1) configuration that controls BGP’s multipath behavior, is available as a global knob, and not as a peer/peer-group knob today in EOS. When “maximum-paths” CLI is configured with m > 1, BGP starts forming ECMP groups for paths with similar attributes received from all configured neighbors.

In vEos/CloudEos deployed as a WAN router, when DPS (Dynamic Path Selection) is configured, all the user traffic coming from the LAN side and going to the WAN side gets load balanced on the DPS paths. This feature enables the automatic discovery of end to end Path MTU for a DPS Path through an internal probing mechanism. 

Egress traffic-policing can be applied on L3 Ethernet subinterfaces for outbound traffic.

This document describes the EOS SDK next hop group version number feature. The feature exposes a version number for each next hop group to clients interacting with EOS SDK. The version number is incremented when the next hop group is modified. 

For a wide range of features such as MPLS, MPLS-over-GRE, nexthop-groups, VPN, EVPN, BGP-LU, etc, the kernel injects CPU-generated packets into the hardware pipeline as a result of fwd*/txfwd kernel interfaces being used as next-hop devices on kernel routes.

In a typical 802.1X + MAC Security, CAK/CKN for Macsec Key Agreement (MKA) protocol are derived from the key material of a successful 802.1X session. Currently, if an 802.1X authenticator can’t authenticate 802.1X supplicant successfully because of an unreachable AAA Server/Radius server, by default, the authenticator blocks all traffic on the port and keeps the port as “unauthorized”.

Directed broadcast ACL allows inbound broadcast IP packets with source IP address as one of the permitted hosts and denies the rest of the directed broadcast traffic. Destination broadcast address of the IP packet should be the broadcast address of an interface with directed broadcast enabled. This feature gives a global command to configure sets of the permitted hosts via field-set. 

EOS supports the ability to match on a single VLAN tag (via encapsulation dot1q vlan 10)  or a VLAN tag pair (via

Flow control is a data transmission option that temporarily stops a device from sending data because of a peer data overflow condition. If a device sends data faster than the receiver can accept it, the receiver's buffer can overflow. The receiving device then sends a PAUSE frame, instructing the sending device to halt transmission for a specified period.

Hardware counter feature allows enabling counters for features using programmable hardware counter resources. This feature can be used to count the following feature specific counters.

For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency, queue and congestion information for flows at different times. The inband telemetry feature(INT), based on Inband Flow Analyzer RFC draft -IFA 2.0, is used to gather per flow telemetry information like path, per hop latency and congestion. INT is supported for both IPv4 and IPv6 traffic. 

This feature will allow the user to select whether port mirror destinations of type GRE tunnel include the optional “key” field in the GRE header on certain platforms.  The key field allows the user to uniquely identify a particular packet flow.  The feature also allows the user to specify the value of the 32 bit key field.  The format of the key field within the GRE header can be seen in RFC 1701 - Generic Routing Encapsulation (GRE).

The L2EVPN MPLS feature is available when configuring BGP in the multi agent routing protocol model.

In a multihomed EVPN MPLS configuration, BUM packets sent from a non-designated forwarder (Non-DF) PE to a designated forwarder (DF) PE must carry ESI label advertised by the egress DF PE.

The alternate LDP pseudowire feature enables users to configure an alternate pseudowire to the existing (primary) pseudowire for a given patch. Preference is initially given to the primary pseudowire.

Logical ports are hardware resources that are required to activate interfaces.

Media Access Control Security (MACSec) is an industry standard encryption mechanism that protects all traffic flowing on the Ethernet links. MACSec is based on IEEE 802.1X and IEEE 802.1AE standards.

Media Access Control Security (MACSec) is an industry standard encryption mechanism to protect all traffic flowing on Ethernet links. Mac Security is described in IEEE 802.1X and IEEE 802.1AE standards.

With the use of MAC ACL configuration, match on ethertype can be programmed under QoS class-map configuration which will help customers to classify the control traffic based on ethertype (e.g. PPPoE discovery (0x8863) / session (0x8864) stage ) along with match on sub protocol (LCP/IPCP/PAP/CHAP) which is present in the payload.

This feature enables the support of maximum SID depth advertisement by the IS-IS protocol in its LSPDB as defined in RFC8491, with this feature adding support for one type of MSD: Base MPLS Imposition (BMI-MSD).

MetaMux is an FPGA-based feature available on Arista’s 7130 platforms. It performs ultra-low latency Ethernet packet multiplexing with or without packet contention queuing. The port to port latency is a function of the selected MetaMux profile, front panel ingress port, front panel egress port, FPGA connector ingress port, and platform being used. Detailed and summarized latency measurements are provided in the accompanying MetaMux extension development guide available at the “7130 Downloads” section of the Arista Software Releases portal.

The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface. Clamping MSS value helps in avoiding IP fragmentation in tunnel scenarios by ensuring that MSS is small enough to accommodate the extra overhead of GRE and tunnel outer IP headers.

[L2 EVPN] and  [Multicast EVPN IRB] solutions allow for the delivery of customer BUM (Broadcast, Unknown unicast and Multicast) traffic in a L2VPN and L3VPNs respectively using multicast in the underlay network.

The NAT Flow feature is an unusual NAT feature that allows the translation of traffic streams in ways that go beyond the typical translations achieved with NAT. In that sense, the feature is not strictly a standard NAT feature; it can be seen as a combination of NAT and DirectFlow.

NAT Peer State Synchronization feature provides redundancy and resiliency for Dynamic NAT across a pair of devices in an attempt to mitigate the risk of single NAT device failure. Each switch advertises connection state updates to its peer.  State update consists of connection creation, connection state change (TCP mostly) or connection tear down

The per-CoS (Class of Service) discard counters allow the device to count discarded packets on the switch extender based on the packet COS. For ingress, there are three categories of traffic: regular traffic, control plane traffic, and flow-control traffic (used for end-to-end congestion control).

Priority Flow Control (PFC) Watchdog feature monitors interfaces for priority-flow-control Pause storm. If such a storm is detected on no-drop enabled priorities, it takes actions such as:

This document describes a new CLI command to help debug how and why policy permits and denies paths. The aim of this CLI command is for the user to debug a route map or RCF function by specifying as input a prefix for which BGP has reachability for, either via a BGP peer or a redistribute source.

Policy based routing (PBR) is a feature that is applied on routable ports, to preferentially route packets.

ITU-T G8275.1 is a PTP profile defined by ITU-T for telecommunication applications. It defines a set of functions from the IEEE 1588 to achieve phase/time synchronization with full timing support from the network (meaning, all of the network devices support PTP).

Private VLAN is a feature that segregates a regular VLAN broadcast domain while maintaining all ports in the same IP

This feature allows redistribution of bgp unicast routes into multicast address families. Specifically it allows redistribution of ipv4 unicast routes into the ipv4 multicast address family and ipv6 unicast routes into the ipv6 multicast address family.

RFC2544 defines a number of benchmark tests that may be used to describe the performance characteristics of a network interconnecting device(s). Starting from 4.28.1F, Arista switches support Throughput test belonging to a set of benchmark tests as defined in RFC2544.

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.
This document serves as a reference guide for

Routing Control Functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion. This document covers Configurations of a RCF function for BGP points of application, CLI show commands to provide visibility into operational status, and the protocol attributes supported for BGP points of application.

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion. 

RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.

RSVP TE applies the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), i.e., to distribute MPLS

This feature enables the BGP additional-path send configuration only for routes whose prefixes match a prefix list. The goal is to advertise multiple paths for a specific set of routes.

This feature gives users the ability to use Route Control Functions (RCFs) to create custom policies for deciding which routes with IP next-hops should be programmed into the kernel with fwd* next-hop devices so the associated kernel packets are inserted into the ingress pipeline of hardware forwarding instead of being software-forwarded by the kernel.

This feature introduces support for the SFP-10G-MRA-T SFP transceiver. This is a rate adapting transceiver, meaning it can convert the system side interface to a lower rate on the line side.

This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups. It is intended to help overcome the potential shortcomings of traditional hash-based load balancing by considering the traffic load of members of ECMP groups

Dynamic NAT is a feature which dynamically allocates an IP address to an incoming or outgoing flow. This address will replace source or destination IP for all packets of the flow.