- Written by Digvijay Gahlot
- Posted on April 20, 2021
- Updated on January 23, 2023
- 12699 Views
The L2 EVPN MPLS feature is available when configuring BGP in the multi-agent routing protocol model. Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers.
- Written by Tarun Jaswanth LNU
- Posted on August 24, 2020
- Updated on October 17, 2024
- 26505 Views
802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.
- Written by Pawel Kurdybacha
- Posted on August 23, 2022
- Updated on September 12, 2022
- 5838 Views
Feature provides a way to set the Passive role in BFD session initialization. A system taking the Passive role does not begin sending BFD control packets for a particular session until it has received a BFD packet for that session, and thus has learned the remote system's discriminator value.
- Written by Pauric Ward
- Posted on August 23, 2022
- Updated on September 12, 2022
- 6022 Views
Stale routes are learned routes from adjacent BGP neighbors whose neighborship has been interrupted by session instability. This feature adds a mechanism to specify a stale policy route-map for which the stale routes from a gracefully restarting, or depending on the configuration of the feature, a non-gracefully restarting BGP peer will be processed.
- Written by Joseph Swaminathan
- Posted on August 23, 2022
- Updated on September 6, 2022
- 5485 Views
This feature allows customers to make the status of a MPLS static route dependent on the state of a BGP peer. When this feature is enabled for a static route, it will be programmed only if the monitored BGP peer session is up.
- Written by Vu Nguyen
- Posted on August 23, 2022
- Updated on November 22, 2023
- 7784 Views
EOS currently supports BGP message authentication via the TCP MD5 Signature (TCP MD5) option (RFC 2385) to protect the BGP sessions from spoofed TCP segments. However, research has shown many concerns that the TCP MD5 algorithm is cryptographically ineffective with a just simple keyed hash for authentication.
- Written by Arup Raton Roy
- Posted on November 2, 2020
- Updated on July 21, 2023
- 11127 Views
This document presents Arista Macro-Segmentation Service - Firewall (MSS-FW) deployment in a network with multiple Virtual Routing and Forwarding (VRF) instances.
- Written by Deepak Sebastian
- Posted on August 18, 2022
- Updated on October 9, 2024
- 7436 Views
Arista’s DCS-7130LBR series of switches are powerful network devices designed for ultra latency applications along with a wealth of networking features.
- Written by Huong Nguyen
- Posted on November 13, 2019
- Updated on October 12, 2023
- 13710 Views
Support for DHCPv4 (RFC 2131) and DHCPv6 Server (RFC 8415) was added to EOS-4.22.1 and EOS-4.23.0 respectively. EOS DHCP server leverages ISC Kea as backend. The router with DHCP Server enabled acts as a server that allocates and delivers network addresses with desired configuration parameters to its hosts.
- Written by Jammala Vinod Kumar
- Posted on August 23, 2022
- Updated on September 12, 2022
- 6227 Views
This feature allows users to change the scale of IPV6 and MAC subinterface ACLs by changing the port qualifier size (range used for ACL label allocation) through the tcam profile. Increasing the port qualifier size increases the ACL label range, thus allowing more number of ACLs vice versa.
- Written by Krzysztof Gongolewski
- Posted on September 11, 2022
- Updated on August 30, 2024
- 7002 Views
Dynamic NAT connection limit is a feature which allows to limit the number of dynamic NAT connections.
- Written by Alfaz Ahmed
- Posted on August 23, 2022
- Updated on August 24, 2022
- 6100 Views
The SRTE Policy metric is used as a tie-breaker when picking two policies with the same cost value, otherwise the cost determines the preferred policy, currently there are commands to manually configure metrics for each SRTE Policy as described in Configurable IGP Preference and Metric for SR-TE Policies
- Written by Kulwinder Singh
- Posted on August 16, 2018
- Updated on September 12, 2024
- 8280 Views
The feature allows to create a named TC to DSCP mapping that can be applied on an interface.DSCP of routed packets egressing out of the interface will be rewritten according to the map.
- Written by Jeevan Kamisetty
- Posted on August 23, 2022
- Updated on November 30, 2023
- 9835 Views
NDR switch sensor aka “monitor security awake” feature provides deep network analysis by doing deep packet inspection of some or all packets of traffic that's forwarded by the switch.
- Written by Joseph Swaminathan
- Posted on August 18, 2022
- Updated on August 22, 2022
- 6322 Views
This feature allows BGP speakers that support L2 EVPN to exchange system router MAC addresses of virtual gateway IP addresses configured on a SVI interface. The receiving device will treat these MAC addresses as local system router MAC addresses, if it has the same IP addresses configured as virtual IP addresses on the corresponding (Bridge ID) SVI interfaces.
- Written by Aaron Bamberger
- Posted on April 23, 2020
- Updated on November 7, 2024
- 10257 Views
E-Tree is an L2 EVPN service (defined in RFC8317) in which each attachment circuit (AC) is assigned the role of Root or Leaf. Once roles are assigned, the following forwarding rules are enforced:
- Written by Christoph Schwarz
- Posted on August 23, 2022
- Updated on October 21, 2022
- 8768 Views
Flexible cross-connect service is an extension of EVPN MPLS Virtual Private Wire Service (VPWS) (RFC 8214). It allows for multiplexing multiple attachment circuits across different Ethernet Segments and physical interfaces into a single EVPN VPWS service tunnel while still providing single-active and all-active multi-homing.
- Written by Edwin Tambi
- Posted on August 19, 2020
- Updated on July 3, 2024
- 20534 Views
EOS supports the ability to match on a single VLAN tag (example: encapsulation dot1q vlan 10) or a VLAN tag pair (example: encapsulation dot1q vlan 10 inner 20) to map matching packets to an interface. In this case, the encapsulation string is considered consumed by the mapped interface before forwarding, which means that the tags are effectively removed from the incoming packet for the purposes of any downstream forwarding.
- Written by James Shephard
- Posted on August 25, 2019
- Updated on July 5, 2023
- 11108 Views
Forwarding destination prediction enables visibility into how a packet is forwarded through the switch, allowing you to determine which interfaces a packet would egress out of. Typical use cases include, but are not limited to, determining egress members for Port-Channels and ECMPs.
- Written by Vishal Bandekar
- Posted on August 23, 2022
- Updated on August 21, 2024
- 6268 Views
This document is an extension to the decap group feature, that allows IPv4 addresses to be configured and used as part of a group. Now we will be able to configure IPv4 prefixes as a decap group.
- Written by Marc Laprade
- Posted on November 3, 2021
- Updated on June 13, 2023
- 10380 Views
This feature will allow the user to select whether port mirror destinations of type GRE tunnel include the optional “key” field in the GRE header on certain platforms. The key field allows the user to uniquely identify a particular packet flow. The feature also allows the user to specify the value of the 32 bit key field.
- Written by Athichart Tangpong
- Posted on October 22, 2018
- Updated on October 1, 2024
- 13855 Views
A L2 sub-interface is a logical bridging endpoint associated with traffic on an interface distinguished by 802.1Q tags, where each <interface, 802.1q tag> tuple is treated as a first class bridging interface.
- Written by John Clarke
- Posted on December 20, 2021
- Updated on October 9, 2024
- 11363 Views
Arista's 7130 Connect Series of Layer 1+ switches are powerful network devices designed for ultra low latency and offer a wealth of integrated management features and functionalities.
- Written by Alejandro Schwoykoski
- Posted on December 22, 2021
- Updated on November 14, 2024
- 11817 Views
MetaMux is an FPGA-based feature available on Arista’s 7130 platforms. It performs ultra-low latency Ethernet packet multiplexing with or without packet contention queuing. The port to port latency is a function of the selected MetaMux profile, front panel ingress port, front panel egress port, FPGA connector ingress port, and platform being used.
- Written by David Mirabito
- Posted on December 30, 2021
- Updated on December 12, 2024
- 15712 Views
MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.
- Written by Shriprama Rao
- Posted on August 23, 2022
- Updated on June 21, 2023
- 7034 Views
This feature allows users to preserve IP TTL and MPLS EXP (also known as TC) value on MPLS routers, as well as add a user-specified TTL/EXP value when pushing new MPLS labels in pipe mode.
- Written by Xuan Qi
- Posted on August 23, 2022
- Updated on April 4, 2024
- 9386 Views
This feature extends the multi-domain EVPN VXLAN feature introduced to support interconnect with EVPN MPLS networks. The following diagram shows a multi-domain deployment with EVPN VXLAN in the data center and EVPN MPLS in the WAN. Note that this is the only supported deployment model, and that an EVPN MPLS network cannot peer with an EVPN MPLS network.
- Written by Nikhil Goyal
- Posted on August 18, 2022
- Updated on August 19, 2022
- 5775 Views
This feature adds streaming support for the IS-IS Link State Database OpenConfig model via gNMI. The current implementation supports a limited number of IS-IS TLVs and subTLVs.
- Written by Terence Hui
- Posted on August 18, 2022
- Updated on August 19, 2022
- 6107 Views
Configure trust mode for trusting traffic from phone’s, but not any other traffic coming from the same interface.
- Written by Rahul Kumar Singh
- Posted on August 18, 2022
- Updated on October 11, 2024
- 8425 Views
This article is intended to discuss how to configure the Phone VLAN on an Arista switch.
- Written by Shelly Chang
- Posted on August 23, 2022
- Updated on August 29, 2022
- 6165 Views
This feature allows PIMv4 to work with Multiprotocol BGP (MP-BGP), where IPv4 prefix routes are reachable via IPv6 next-hops.
- Written by Akanksha Gottipati
- Posted on August 23, 2022
- Updated on September 2, 2022
- 6105 Views
Allows the user to configure explicit QoS trust settings viz. trust mode, default cos and default dscp on subinterfaces, which may or may not be the same as the parent interface.
- Written by Fathima Thasneem
- Posted on June 20, 2022
- Updated on September 27, 2024
- 8077 Views
RFC2544 defines a number of benchmark tests that may be used to describe the performance characteristics of a network interconnecting device(s). Starting from 4.28.1F, Arista switches support throughput test belonging to a set of benchmark tests as defined in RFC2544. Starting from 4.29.0F, Arista switches support frame loss rate test.
- Written by Arun Ajith S
- Posted on August 18, 2022
- Updated on August 23, 2022
- 5708 Views
The original IPv6 Neighbor Discovery specification in RFC4861 instructs all devices to discard any neighbor-advertisement (NA) message received from a neighbor, if there is no existing entry already present in the neighbor cache.
- Written by Kalash Nainwal
- Posted on December 14, 2020
- Updated on July 31, 2024
- 12468 Views
RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.
- Written by Tanuj Kumar Jhamb
- Posted on December 16, 2021
- Updated on September 2, 2022
- 8229 Views
This feature allows the user to configure upto 1023 unique QoS Policy-maps per chip.
- Written by Philip Bradish
- Posted on August 18, 2022
- Updated on August 23, 2022
- 6520 Views
This document describes the support for authenticating users using SSH certificates and the authorized principals command in EOS. SSH certificate authentication was previously restricted to just using the authorized principals file. This file is populated by configuring authorized principals for each user. In order to login with a SSH certificate a user must present a certificate that includes at least one of their configured principals. The authorized principals command allows this list of configured principals to be generated by an executable dynamically at runtime. This provides a more flexible and scalable way to perform SSH certificate authentication.
- Written by Yongxiang Chen
- Posted on February 19, 2021
- Updated on June 26, 2023
- 9337 Views
Storm control enables traffic policing on floods of packets on L2 switching networks. The documentation describes
- Written by Fathima Thasneem
- Posted on August 23, 2022
- Updated on May 30, 2024
- 6518 Views
Interface reflectors are useful to make sure a service provided to customers is working as expected and it's within SLA constraints. Now, we are extending the support to configure subinterfaces as ethernet reflector. The Subinterface Interface Reflector feature allows performing certain actions (such as source/destination MAC address swap) on packets reaching subinterfaces patched to Pseudowire that are reflected back to the source interface. It is useful to test properties and SLAs before deploying the service for a customer.
- Written by Kaustav Majumdar
- Posted on August 23, 2022
- Updated on September 12, 2022
- 6464 Views
Support for Media Access Control Security ( MACsec ) was added in EOS-4.15.4. MACsec defines a secure channel ( SC ) from one peer to another peer as a security relationship which provides security guarantees for the frames transmitted from the first peer to the second peer.
- Written by Kundan Sen
- Posted on August 18, 2022
- Updated on August 22, 2022
- 5824 Views
This feature adds support for configuring multiple area addresses in an IS-IS instance.
- Written by Harsis Yadav
- Posted on August 18, 2022
- Updated on August 22, 2022
- 6352 Views
The feature allows the user to determine the rate of ingress packets on a class-map over a span of a specified interval. This specified interval is the global load-interval (default value is 5 minutes).
- Written by Gaofeng Yue
- Posted on December 20, 2021
- Updated on September 7, 2022
- 7893 Views
Currently EOS supports redistribution into BGP at the global (instance) level. Also EOS supports redistribution in
- Written by Prateek Mali
- Posted on August 19, 2020
- Updated on November 14, 2024
- 21391 Views
Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.
- Written by Xiaoman Chu
- Posted on August 18, 2022
- Updated on June 6, 2023
- 11335 Views
This feature allows customers to configure BFD intervals on a per BGP neighbor basis. We also have existing support for the configuration of BFD intervals on a per interface basis and the configuration of BFD intervals globally on the entire device.
- Written by Prasanna Parthasarathy
- Posted on December 23, 2021
- Updated on October 28, 2024
- 13200 Views
SwitchApp is an FPGA-based feature available on Arista’s 7130LB-Series and 7132LB-Series platforms. It performs ultra low latency Ethernet packet switching. Its packet switching feature set, port count, and port to port latency are a function of the selected SwitchApp profile. Detailed latency measurements are available in the userguide on the Arista Support site.
- Written by Daria Tsaregorodtseva
- Posted on August 23, 2022
- Updated on July 13, 2023
- 5981 Views
A QoS Policy-maps policer is said to be shared when “set-policer” action is present under the qos features ( qos ip, qos ipv6, qos mac ) of a TCAM profile. When such shared QoS policy-map with policer action is configured on multiple interfaces, the policer instance is shared among all the interfaces, the policy-map is applied on. If in case, a unique policer instance is required per interface, a duplicate policy-map needs to be created for each interface, which will require additional TCAM resources.
- Written by Bharadwaj Gosukonda
- Posted on June 20, 2022
- Updated on February 15, 2024
- 6621 Views
Unicast Reverse Path Forwarding (uRPF) can help limit malicious IPv4/IPv6 traffic on a network. uRPF works by enabling the router to verify reachability (routing) of the source IP address (SIP) in the packet being forwarded. If the SIP is determined to be an invalid address, the packet is dropped.
- Written by Isidor Kouvelas
- Posted on February 28, 2022
- Updated on July 29, 2024
- 14717 Views
Virtual Private LAN Service (VPLS) appears in (almost) all respects as an Ethernet type service to customers of a Service Provider (SP). A VPLS glues together several individual LANs across a packet switched network to appear and function as a single bridged LAN. This is accomplished by incorporating MAC address learning, flooding, and forwarding functions in the context of pseudowires that connect these individual LANs across the packet switched network. LDP signaling is used for the setup and teardown of the mesh of pseudowires that constitute a given VPLS instance.
- Written by Nikhil Satish Pai
- Posted on August 18, 2022
- Updated on August 22, 2022
- 5692 Views
The feature will provide the ability to error disable local interfaces in a BGP VPWS pseudowire when the remote interface is shutdown or whenever we do not receive a response from BGP.