- Written by Digvijay Gahlot
- Posted on April 20, 2021
- Updated on January 23, 2023
- 11930 Views
The L2 EVPN MPLS feature is available when configuring BGP in the multi-agent routing protocol model. Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers.
- Written by Tarun Jaswanth LNU
- Posted on August 24, 2020
- Updated on July 3, 2024
- 24585 Views
802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.
- Written by Pawel Kurdybacha
- Posted on August 23, 2022
- Updated on September 12, 2022
- 5281 Views
Feature provides a way to set the Passive role in BFD session initialization. A system taking the Passive role does not begin sending BFD control packets for a particular session until it has received a BFD packet for that session, and thus has learned the remote system's discriminator value.
- Written by Pauric Ward
- Posted on August 23, 2022
- Updated on September 12, 2022
- 5461 Views
Stale routes are learned routes from adjacent BGP neighbors whose neighborship has been interrupted by session instability. This feature adds a mechanism to specify a stale policy route-map for which the stale routes from a gracefully restarting, or depending on the configuration of the feature, a non-gracefully restarting BGP peer will be processed.
- Written by Joseph Swaminathan
- Posted on August 23, 2022
- Updated on September 6, 2022
- 4955 Views
This feature allows customers to make the status of a MPLS static route dependent on the state of a BGP peer. When this feature is enabled for a static route, it will be programmed only if the monitored BGP peer session is up.
- Written by Vu Nguyen
- Posted on August 23, 2022
- Updated on November 22, 2023
- 7045 Views
EOS currently supports BGP message authentication via the TCP MD5 Signature (TCP MD5) option (RFC 2385) to protect the BGP sessions from spoofed TCP segments. However, research has shown many concerns that the TCP MD5 algorithm is cryptographically ineffective with a just simple keyed hash for authentication.
- Written by Arup Raton Roy
- Posted on November 2, 2020
- Updated on July 21, 2023
- 10526 Views
This document presents Arista Macro-Segmentation Service - Firewall (MSS-FW) deployment in a network with multiple Virtual Routing and Forwarding (VRF) instances.
- Written by Deepak Sebastian
- Posted on August 18, 2022
- Updated on June 7, 2023
- 6809 Views
Arista’s DCS-7130LBR series of switches are powerful network devices designed for ultra latency applications along with a wealth of networking features.
- Written by Huong Nguyen
- Posted on November 13, 2019
- Updated on October 12, 2023
- 12964 Views
Support for DHCPv4 (RFC 2131) and DHCPv6 Server (RFC 8415) was added to EOS-4.22.1 and EOS-4.23.0 respectively. EOS DHCP server leverages ISC Kea as backend. The router with DHCP Server enabled acts as a server that allocates and delivers network addresses with desired configuration parameters to its hosts.
- Written by Jammala Vinod Kumar
- Posted on August 23, 2022
- Updated on September 12, 2022
- 5670 Views
This feature allows users to change the scale of IPV6 and MAC subinterface ACLs by changing the port qualifier size (range used for ACL label allocation) through the tcam profile. Increasing the port qualifier size increases the ACL label range, thus allowing more number of ACLs vice versa.
- Written by Krzysztof Gongolewski
- Posted on September 11, 2022
- Updated on August 30, 2024
- 6383 Views
Dynamic NAT connection limit is a feature which allows to limit the number of dynamic NAT connections.
- Written by Alfaz Ahmed
- Posted on August 23, 2022
- Updated on August 24, 2022
- 5556 Views
The SRTE Policy metric is used as a tie-breaker when picking two policies with the same cost value, otherwise the cost determines the preferred policy, currently there are commands to manually configure metrics for each SRTE Policy as described in Configurable IGP Preference and Metric for SR-TE Policies
- Written by Kulwinder Singh
- Posted on August 16, 2018
- Updated on September 12, 2024
- 7674 Views
The feature allows to create a named TC to DSCP mapping that can be applied on an interface.DSCP of routed packets egressing out of the interface will be rewritten according to the map.
- Written by Jeevan Kamisetty
- Posted on August 23, 2022
- Updated on November 30, 2023
- 9201 Views
NDR switch sensor aka “monitor security awake” feature provides deep network analysis by doing deep packet inspection of some or all packets of traffic that's forwarded by the switch.
- Written by Joseph Swaminathan
- Posted on August 18, 2022
- Updated on August 22, 2022
- 5692 Views
This feature allows BGP speakers that support L2 EVPN to exchange system router MAC addresses of virtual gateway IP addresses configured on a SVI interface. The receiving device will treat these MAC addresses as local system router MAC addresses, if it has the same IP addresses configured as virtual IP addresses on the corresponding (Bridge ID) SVI interfaces.
- Written by Aaron Bamberger
- Posted on April 23, 2020
- Updated on February 13, 2024
- 9464 Views
E-Tree is an L2 EVPN service (defined in RFC8317) in which each attachment circuit (AC) is assigned the role of Root or Leaf. Once roles are assigned, the following forwarding rules are enforced:
- Written by Christoph Schwarz
- Posted on August 23, 2022
- Updated on October 21, 2022
- 8069 Views
Flexible cross-connect service is an extension of EVPN MPLS Virtual Private Wire Service (VPWS) (RFC 8214). It allows for multiplexing multiple attachment circuits across different Ethernet Segments and physical interfaces into a single EVPN VPWS service tunnel while still providing single-active and all-active multi-homing.
- Written by Edwin Tambi
- Posted on August 19, 2020
- Updated on July 3, 2024
- 19188 Views
EOS supports the ability to match on a single VLAN tag (example: encapsulation dot1q vlan 10) or a VLAN tag pair (example: encapsulation dot1q vlan 10 inner 20) to map matching packets to an interface. In this case, the encapsulation string is considered consumed by the mapped interface before forwarding, which means that the tags are effectively removed from the incoming packet for the purposes of any downstream forwarding.
- Written by James Shephard
- Posted on August 25, 2019
- Updated on July 5, 2023
- 10414 Views
Forwarding destination prediction enables visibility into how a packet is forwarded through the switch, allowing you to determine which interfaces a packet would egress out of. Typical use cases include, but are not limited to, determining egress members for Port-Channels and ECMPs.
- Written by Vishal Bandekar
- Posted on August 23, 2022
- Updated on August 21, 2024
- 5698 Views
This document is an extension to the decap group feature, that allows IPv4 addresses to be configured and used as part of a group. Now we will be able to configure IPv4 prefixes as a decap group.
- Written by Marc Laprade
- Posted on November 3, 2021
- Updated on June 13, 2023
- 9786 Views
This feature will allow the user to select whether port mirror destinations of type GRE tunnel include the optional “key” field in the GRE header on certain platforms. The key field allows the user to uniquely identify a particular packet flow. The feature also allows the user to specify the value of the 32 bit key field.
- Written by Athichart Tangpong
- Posted on October 22, 2018
- Updated on October 1, 2024
- 13063 Views
A L2 sub-interface is a logical bridging endpoint associated with traffic on an interface distinguished by 802.1Q tags, where each <interface, 802.1q tag> tuple is treated as a first class bridging interface.
- Written by Trevor Yu
- Posted on February 23, 2022
- Updated on August 12, 2024
- 12731 Views
Media Access Control Security (MACSec) is an industry standard encryption mechanism that protects all traffic flowing on the Ethernet links. MACSec is based on IEEE 802.1X and IEEE 802.1AE standards.
- Written by Jeff Chan
- Posted on June 16, 2022
- Updated on August 24, 2022
- 7002 Views
Media Access Control Security (MACSec) is an industry standard encryption mechanism to protect all traffic flowing on Ethernet links. Mac Security is described in IEEE 802.1X and IEEE 802.1AE standards.
- Written by John Clarke
- Posted on December 20, 2021
- Updated on March 19, 2024
- 10588 Views
Arista's 7130 Connect Series of Layer 1+ switches are powerful network devices designed for ultra low latency and offer a wealth of integrated management features and functionalities.
- Written by Alejandro Schwoykoski
- Posted on December 22, 2021
- Updated on November 6, 2023
- 10863 Views
MetaMux is an FPGA-based feature available on Arista’s 7130 platforms. It performs ultra-low latency Ethernet packet multiplexing with or without packet contention queuing. The port to port latency is a function of the selected MetaMux profile, front panel ingress port, front panel egress port, FPGA connector ingress port, and platform being used.
- Written by David Mirabito
- Posted on December 30, 2021
- Updated on July 30, 2024
- 14134 Views
MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.
- Written by Shriprama Rao
- Posted on August 23, 2022
- Updated on June 21, 2023
- 6363 Views
This feature allows users to preserve IP TTL and MPLS EXP (also known as TC) value on MPLS routers, as well as add a user-specified TTL/EXP value when pushing new MPLS labels in pipe mode.
- Written by Xuan Qi
- Posted on August 23, 2022
- Updated on April 4, 2024
- 8639 Views
This feature extends the multi-domain EVPN VXLAN feature introduced to support interconnect with EVPN MPLS networks. The following diagram shows a multi-domain deployment with EVPN VXLAN in the data center and EVPN MPLS in the WAN. Note that this is the only supported deployment model, and that an EVPN MPLS network cannot peer with an EVPN MPLS network.
- Written by Nikhil Goyal
- Posted on August 18, 2022
- Updated on August 19, 2022
- 5243 Views
This feature adds streaming support for the IS-IS Link State Database OpenConfig model via gNMI. The current implementation supports a limited number of IS-IS TLVs and subTLVs.
- Written by Terence Hui
- Posted on August 18, 2022
- Updated on August 19, 2022
- 5560 Views
Configure trust mode for trusting traffic from phone’s, but not any other traffic coming from the same interface.
- Written by Rahul Kumar Singh
- Posted on August 18, 2022
- Updated on February 7, 2024
- 7640 Views
This article is intended to discuss how to configure the Phone VLAN on an Arista switch.
- Written by Shelly Chang
- Posted on August 23, 2022
- Updated on August 29, 2022
- 5615 Views
This feature allows PIMv4 to work with Multiprotocol BGP (MP-BGP), where IPv4 prefix routes are reachable via IPv6 next-hops.
- Written by Akanksha Gottipati
- Posted on August 23, 2022
- Updated on September 2, 2022
- 5549 Views
Allows the user to configure explicit QoS trust settings viz. trust mode, default cos and default dscp on subinterfaces, which may or may not be the same as the parent interface.
- Written by Fathima Thasneem
- Posted on June 20, 2022
- Updated on September 27, 2024
- 7398 Views
RFC2544 defines a number of benchmark tests that may be used to describe the performance characteristics of a network interconnecting device(s). Starting from 4.28.1F, Arista switches support throughput test belonging to a set of benchmark tests as defined in RFC2544. Starting from 4.29.0F, Arista switches support frame loss rate test.
- Written by Arun Ajith S
- Posted on August 18, 2022
- Updated on August 23, 2022
- 5164 Views
The original IPv6 Neighbor Discovery specification in RFC4861 instructs all devices to discard any neighbor-advertisement (NA) message received from a neighbor, if there is no existing entry already present in the neighbor cache.
- Written by David Cronin
- Posted on March 3, 2022
- Updated on September 20, 2024
- 17428 Views
Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.
- Written by David Cronin
- Posted on March 3, 2022
- Updated on September 20, 2024
- 10862 Views
Routing Control Functions (RCF) is a language that can express route filtering and attribute modification logic in a powerful and programmatic fashion.The document covers: Configurations of a RCF function for BGP points of application
- Written by Kalash Nainwal
- Posted on December 14, 2020
- Updated on July 31, 2024
- 11674 Views
RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.
- Written by Tanuj Kumar Jhamb
- Posted on December 16, 2021
- Updated on September 2, 2022
- 7659 Views
This feature allows the user to configure upto 1023 unique QoS Policy-maps per chip.
- Written by Philip Bradish
- Posted on August 18, 2022
- Updated on August 23, 2022
- 5922 Views
This document describes the support for authenticating users using SSH certificates and the authorized principals command in EOS. SSH certificate authentication was previously restricted to just using the authorized principals file. This file is populated by configuring authorized principals for each user. In order to login with a SSH certificate a user must present a certificate that includes at least one of their configured principals. The authorized principals command allows this list of configured principals to be generated by an executable dynamically at runtime. This provides a more flexible and scalable way to perform SSH certificate authentication.
- Written by Fathima Thasneem
- Posted on August 23, 2022
- Updated on May 30, 2024
- 5937 Views
Interface reflectors are useful to make sure a service provided to customers is working as expected and it's within SLA constraints. Now, we are extending the support to configure subinterfaces as ethernet reflector. The Subinterface Interface Reflector feature allows performing certain actions (such as source/destination MAC address swap) on packets reaching subinterfaces patched to Pseudowire that are reflected back to the source interface. It is useful to test properties and SLAs before deploying the service for a customer.
- Written by Kaustav Majumdar
- Posted on August 23, 2022
- Updated on September 12, 2022
- 5895 Views
Support for Media Access Control Security ( MACsec ) was added in EOS-4.15.4. MACsec defines a secure channel ( SC ) from one peer to another peer as a security relationship which provides security guarantees for the frames transmitted from the first peer to the second peer.
- Written by Kundan Sen
- Posted on August 18, 2022
- Updated on August 22, 2022
- 5291 Views
This feature adds support for configuring multiple area addresses in an IS-IS instance.
- Written by Harsis Yadav
- Posted on August 18, 2022
- Updated on August 22, 2022
- 5774 Views
The feature allows the user to determine the rate of ingress packets on a class-map over a span of a specified interval. This specified interval is the global load-interval (default value is 5 minutes).
- Written by Gaofeng Yue
- Posted on December 20, 2021
- Updated on September 7, 2022
- 7352 Views
Currently EOS supports redistribution into BGP at the global (instance) level. Also EOS supports redistribution in
- Written by Prateek Mali
- Posted on August 19, 2020
- Updated on September 25, 2024
- 19790 Views
Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.
- Written by Kallol Mandal
- Posted on April 25, 2022
- Updated on September 25, 2024
- 7821 Views
Overlay IPv6 routing over VXLAN tunnel using an anycast gateway (direct routing) has been previously supported using the “ipv6 virtual-router” configuration for both the data-plane and EVPN (or CVX) control-plane learning environments.
- Written by Xiaoman Chu
- Posted on August 18, 2022
- Updated on June 6, 2023
- 10592 Views
This feature allows customers to configure BFD intervals on a per BGP neighbor basis. We also have existing support for the configuration of BFD intervals on a per interface basis and the configuration of BFD intervals globally on the entire device.
- Written by James Brinkley
- Posted on April 25, 2022
- Updated on January 5, 2023
- 9297 Views
SWIM (SWI Modularized) is a change to the format of EOS.swi. It is a feature that is mostly internal, but has a few customer visible side-effects one should be mindful of.