The primary challenge with using a switching ASIC as a load balancer has been how to deal with changes in the network

4.24.0F

4.24.0F adds Accelerated Software Upgrade (ASU) support to the 7170 series.  Accelerated Software Upgrade

ASU 4.24.0F Barefoot 7170

RPKI provides a mechanism to validate the originating AS of an advertised prefix.

This change adds a global toggle to BGP communities that allow for community sharing to be enabled/disabled for all

BGP 4.24.0F

Segment Routing Traffic Engineering Policy (SR TE) aka SR Policy makes use of Segment Routing (SR) to allow a headend

4.24.0F

Add support for configuring admin distance for OSPFv3 external routes, without this OSPFv3 would always install

DirectFlow is a feature that allows the user to steer traffic by matching on packet headers and/or metadata using the

Security MAC ACLs can be used to permit and/or deny ethernet packets on the egress port by matching on the following

E-Tree is an L2 EVPN service (defined in RFC8317) in which each attachment circuit (AC) is assigned the role of Root or Leaf. Once roles are assigned, the following forwarding rules are enforced:

EVPN MPLS VPWS (RFC 8214) provides the ability to forward customer traffic to / from a given attachment circuit (AC) without any MAC lookup / learning. The basic advantage of VPWS over an L2 EVPN is the reduced control plane signalling due to not exchanging MAC address information. In contrast to LDP pseudowires, EVPN MPLS VPWS uses BGP for signalling. Port based and VLAN based services are supported.

This feature adds support for offloading BFD Transmit path to hardware (ASIC) for specific types of BFD sessions.

The hardware based implementation of the firewall uses a segment security model. In the segment security model,

On network devices, when a route is programmed, a certain portion of hardware resources is allocated and associated

IP Locking is an EOS feature configured on an Ethernet Layer 2 port.  When enabled, it ensures that a port will only permit IP and ARP packets with IP source addresses that have been authorized. As of EOS-4.25.0F release update, IP Locking can run in two modes - IPv4 Locking (which will be referred to as IP Locking) and IPv6 Locking, which can be configured using the commands mentioned in the below sections. IP Locking prevents another host on a different interface from claiming ownership of an IP address through either IP or ARP spoofing.

The IS IS maximum LSP size feature provides the ability to configure the maximum LSP size that the IS IS protocol will

IS-IS 4.24.0F Keywor

Level 1 2 routers set attached bit in their Level 1 LSPs to indicate their reachability to the rest of the network. A

L2 protocol packets - LLDP, LACP and STP are trapped to the CPU by default. This feature allows for disabling the per protocol trap on a given set of interfaces.

MAP T is a double stateless NAT64 translation technology. It allows an internet service provider to share IPv4

Network address translation (NAT) is a common method used to remap one IP address space into another by modifying the

4.24.0F

When there are multiple VRFs on the device and there is a need to share routes between them, typically for shared

VRF Route leaking can be used when routes from one VRF are required in another VRF (e.g. in case of shared services). If VrfLeak Agent is being used to leak routes, the leaked routes (in destination VRF) can be redistributed into IGPs.

In addition to aliasing only the first token in a CLI command, EOS now supports full command aliasing using regular

Alias 4.24.0F Regex

This article describes the support for specifying User Defined Fields (UDF) in Router ACLs including IPv4 and IPv6

UDF 4.24.0F Router ACL

Support for negotiating and receiving IPv6 unicast and IPv6 labeled unicast (6PE) updates from a BGP peer.

This article describes the support for specifying User Defined Fields (UDF) in Sub interface ACLs including IPv4 and

In the ribd routing protocol model, the “maximum paths … ecmp …” command allows restricting the number of BGP