802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.

Prior to this feature, when the multi-agent routing protocol model was in use, the BGP agents (Bgp and, starting with 4.22.1F, BgpCliHelper) were always running, even if BGP was not configured. With this feature, these two BGP agents do not start up until BGP configuration is created with “router bgp <asn>”. 

This feature enables Flowspec rules to be leaked from one VRF to another. When combined with the ability to apply Flowspec rules from one VRF to interfaces in another VRF, this feature makes it possible to combine rules from different source VRFs into a target VRF, and apply the target VRF’s rules on the interfaces of the source VRFs.

The BGP-LS extension allows IGPs (OSPF/IS-IS) link state database information to be injected into BGP. This is typically used in deployments where some external component, (like a controller or Path Computation Engine) can do centralized path computations by learning the entire IGP topology through BGP-LS. The controller can then communicate the computed paths based on the BGP-LS updates to the head end device in the network. The mechanism used by the controller to communicate the computed TE paths is outside the scope of this document. Using BGP-LS instead of an IGP peering with the controller to distribute IGP link state information has the following advantages.

BGP Monitoring Protocol (BMP) allows a monitoring station to connect to a router and collect all of the BGP announcements received from the router’s BGP peers. The announcements are sent to the station in the form of BMP Route Monitoring messages generated from path information in the router’s BGP Adj-Rib-In tables.

Arista switches mentioned in below platform compatibility section have two chip profiles. ADNA is the default chip profile in which the system boots up starting from 4.31.2F release.

Custom (per-port) Cos To Traffic-Class Qos Map on DCS-7280R3, DCS7800R3, DCS-7500R3 .This feature allows the user to define a custom COS-To-TC map and apply to an interface. The custom COS-To-TC map would only be applicable when the interface is in CoS trust mode.

Multiple dynamic counter features may be enabled simultaneously, primarily configured using the [no] hardware counter feature [feature] CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.

EOS SDK and its RPC counterpart traditionally offer two separate calls for configuring static routes. These calls are ip_route_set/ip_route_via_set and mpls_route_set/mpls_route_via_set. When calling the SDK API directly the calling latency is negligible, since it is a simple function call. However, the time of each of those calls can become a considerable factor with the adoption of RPC. To reduce the overall latency associated with creating and updating numerous routes, EOS SDK RPC now supports bulk calls.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.

In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.

Administrative Groups (AG) provide a way to associate certain attributes or policies with links, enabling network administrators to control the routing decisions based on specific criteria. Extended Administrative Groups (EAG) are an extension of AG which allow a larger range of admin groups to be utilized for various Traffic Engineering (TE) purposes within a network.

EOS supports the ability to match on a single VLAN tag (example: encapsulation dot1q vlan 10)  or a VLAN tag pair (example: encapsulation dot1q vlan 10 inner 20) to map matching packets to an interface. In this case, the encapsulation string is considered consumed by the mapped interface before forwarding, which means that the tags are effectively removed from the incoming packet for the purposes of any downstream forwarding.

The EOS implementation of OSPF uses an alternate Area Border Router (ABR) behavior as specified in the IETF draft document. This is implemented as an optimization over the standard OSPF so that the packets would not be dropped when a router loses Active backbone connection which could otherwise be successfully forwarded.

The Inline Pipeline Integrity Checker (IPIC) feature is used to verify that internal packet processing pipelines are not inadvertently corrupting packets or causing what is commonly referred to as a “bit flip.”

Several customers have expressed interest in using IPv6 addresses for VXLAN underlay in their Data Centers (DC). Prior to 4.24.1F, EOS only supported IPv4 addresses for VXLAN underlay, i.e., VTEPs were reachable via IPv4 addresses only.

SPF Timers can be used in IS-IS to throttle the frequency of shortest-path-first (SPF) computations. In networks with a lot of churn, using these timers will help in containing the effect of network disruptions arising out of frequent SPF runs.

At a high level, L1 profiles are a set of configurations which allow EOS users to change the numbering scheme and default L1 configurations of all front panel interfaces across their network switch.

Introduced in EOS-4.20.1F, “selectable hashing fields” feature controls whether a certain header’s field is used in the hash calculation for LAG and ECMP.

Loop protection is a loop detection and prevention method which is independent of Spanning Tree Protocol (STP) and is not disabled when the switch is in switchport backup mode or port is in discarding state. The LoopProtect agent has a method to detect loops and take action based on the configuration by the user. In order to find loops in the system, a loop detection frame is sent out periodically on each interface that loop protection is enabled on. The frame carries broadcast destination MAC address, bridge MAC source address, OUI Extended EtherType 0x88b7 as well as information to specify the origins of the packet.

The macsec scheduler compensation feature is used to automatically make adjustments to the packet size seen by the scheduler for macsec encrypted traffic, based on mac security configuration. This feature is useful when macsec is configured on an interface. When a packet egresses out of the macsec enabled interface, the packet gets encrypted by adding additional macsec headers.

The main motivation for the feature is to provide high availability to the ManagementActive interface (Management0) via multiple redundant paths in the modular system. The ManagementActive interface(Management0) is a virtual interface pointing to the active supervisor.

Arista's 7130 Connect Series of Layer 1+ switches are powerful network devices designed for ultra low latency and offer a wealth of integrated management features and functionalities.

MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.

Mirror on drop is a network visibility feature which allows monitoring of MPLS or IP flow drops occurring in the ingress pipeline. When such a drop is detected, it is sent to the control plane where it is processed and then sent to configured collectors. Additionally, CLI show commands provide general and detailed statistics and status.

This feature serves as a valuable tool for pinpointing the nature of network traffic at a device under congestion. By mirroring packets from congested queues to a designated mirror destination or CPU for analysis and monitoring, it provides network administrators and operators with the capability to gain an understanding of the traffic contributing to the congestion.

MPLS over GUE (Generic UDP Encapsulation) is a tunneling mechanism for encapsulating MPLS IP traffic in a UDP header. This feature adds support for MPLS over GUE encapsulation for BGP VPN routes resolving over IPv4 next hops. 

This feature allows the packets to be VxLAN encapsulated after NAT translation, Reverse NAT translation applied on VxLAN tunnel terminated packets

For Macro Segmentation Service Group (MSS-G) configurations, if only the segmentation model for OpenConfig is required, then it is possible to disable all other models for OpenConfig. This feature allows access to only the /segmentation path in the OpenConfig YANG tree. This significantly reduces the OpenConfig agent’s memory usage.

This feature adds configuration support for the OSPFv2 OpenConfig model via gNMI. Currently, only a limited set of config paths are supported and no state paths are supported. Supported paths can be found at OpenConfig Path Support

This feature allows a compatible SSH client to authenticate to EOS via a FIDO2-anchored SSH key via the “This email address is being protected from spambots. You need JavaScript enabled to view it.” or “This email address is being protected from spambots. You need JavaScript enabled to view it.” key types. In OpenSSH this was introduced in version 8.2p1. This feature is not compatible with the Federal Information Processing Standards (FIPS)restrictions mode in EOS; if both are configured, this feature will take precedence.

If two or more streams of packets are subjected to the same policer, the policing may not be fair, that is, the policer might exhibit bias towards one of the streams. Fair policing across all the streams is not guaranteed. Policer fairness provides a way to reduce this bias and maintain fair distribution of policer bandwidth among the input streams proportional to the ingress rate.

This document describes a new CLI command to help debug how and why policy permits and denies paths. The aim of this CLI command is for the user to debug a route map or RCF (Routing Control Functions) function by specifying as input a prefix for which BGP has reachability for, either via a BGP peer or a redistribute source.

Policy-based routing (PBR) is a feature that is applied on routable ports, to preferentially route packets. Forwarding is based on a policy that is enforced at the ingress of the applied interface and overrides normal routing decisions. In addition to matches on regular ACLs, PBR policy-maps can also include “raw match” statements that look like a single entry of an ACL as a convenience for users.

This TOI describes a set of enhancements made to the existing Port Security: Protect Mode (PortSec-Protect) feature. Please see the existing TOI for this feature here:Port Security: Protect Mode

The postcard telemetry (GreenT - GRE Encapsulated Telemetry) feature is used to gather per flow telemetry information like path and per hop latency. For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency and congestion information for flows at different times.

RADIUS proxy feature enables proxying RADIUS requests from a RADIUS client and forwarding it to a remote RADIUS server. Similarly, RADIUS proxy receives the reply from remote RADIUS server and forwards it to the client.

In a Service Provider (SP) network, a Provider Edge (PE) device learns virtual private network (VPN) paths from remote PEs and uses the Route Target (RT) extended communities carried by those paths to determine which customer Virtual Routing and Forwarding (VRF) the paths should be imported into (from where they can be subsequently advertised to Customer Edge (CE) devices).

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.

Routing Control Functions (RCF) is a language that can express route filtering and attribute modification logic in a powerful and programmatic fashion.The document covers: Configurations of a RCF function for BGP points of application

RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.

RSVP-TE applies the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), i.e., to distribute MPLS labels for steering traffic and reserving bandwidth.

Segment Routing Traffic Engineering Policy (SR-TE) aka SR Policy makes use of Segment Routing (SR) to allow a headend to steer traffic along any path without maintaining per flow state in every node. A headend steers traffic into an SR Policy.

sFlow is a technology for monitoring traffic in data networks containing switches and routers. This document details supported platforms for the sFlow Version 5 specification, as well as which platforms are supported for various flow_data and sample_data types.

Smart System Upgrade (SSU) provides the ability to upgrade the EOS image with minimal traffic disruption. This is an existing feature on many fixed system products. This resource will outline the SSU feature in reference to CCS-720DP, CCS-722XPM, CCS-720XP-96ZC2 and DCS-7010TX.

This TOI describes details and limitations of Stateful Switchover on Modular chassis with 7500R3, 7800R3, 7800R3A based line cards.

NAT has been supported in DCS-7150 for many years. Starting at EOS 4.21.6F, NAT functionality is supported on certain 7050X3 platforms.

The CCS-750X-48ZXP is a 48 port 10GBASE-T linecard, capable of several full-duplex link speeds to support connecting to a variety of compatible devices of varying capabilities. All supported linkup speeds on this card can be automatically selected during the linkup process using IEEE 802.3 Clause 28 auto-negotiation. Note that IEEE 802.3 also allows for speeds lower than 1Gbps to link up without clause 28 auto-negotiation.

In EOS-4.31.2F ipv6 link-local next-hops can now be configured in BGP through RCF (Routing Control Functions). On the advertising BGP agent an ipv6 link-local next-hop is configured on the outbound policy function. The receiving BGP agent reads this link-local next-hop and automatically assigns the interface from which the BGP path was sent.

Dot1q (802.1Q) is a tunneling protocol that encapsulates traffic from multiple customer (c-tag) VLANs in an additional single outer service provider (s-tag) VLAN for transit across a larger network structure that includes traffic from all customers. Tunneling eliminates the service provider requirement that every VLAN be configured from multiple customers, avoiding overlapping address space issues.