Tag :: EOS 4.31.1F

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion. 

RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.

RSVP-TE applies the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), i.e., to distribute MPLS labels for steering traffic and reserving bandwidth.

Network administrators require access to flow information that passes through various network elements, for the purpose of analyzing and monitoring their networks. This feature provides access to IP flow information by sampling traffic flows in ingress and/or egress directions on the interfaces on which it is configured.

Some configurations in NAT may have some trade-offs and even cause problems. The Show Configuration Consistency NAT CLI can check these configurations, and provide hints to change the configuration or the trade-offs to be considered. 

Smart System Upgrade (SSU) provides the ability to upgrade the EOS image with minimal traffic disruption. This is an existing feature on many fixed system products. This resource will outline the SSU feature in reference to CCS-720DP, CCS-722XPM, CCS-720XP-96ZC2 and DCS-7010TX.

gNSI (gRPC Network Security Interface) defines a set of gRPC-based microservices for executing security-related operations on network devices.

IPsec is a standard for enabling secure network communication between two devices using the Internet Protocol (IP) by way of an encrypted packet tunnel.Previous versions of Arista EOS have required that IPsec tunnels use the default VRF for underlay traffic.Starting with the release 4.31.0, this restriction is removed and EOS now supports IPsec tunnel interfaces using one or more non-default VRFs.

IPv4 Unicast Reverse Path Forwarding (uRPF) can help limit malicious IPv4 traffic on a network. uRPF works by enabling the router to verify reachability (routing) of the source IP address (SIP) in the packet being forwarded. If the SIP is determined to not be a valid address, the packet is dropped.

When MPLS (Multiprotocol Label Switching) LFIB (Label Forwarding Information Base) lookup fails, typical forwarding behavior is to drop such packets. This feature allows fallback IP lookup when MPLS lookup fails and forwards traffic to an IP path by looking up the packet’s destination IP address in the route table if the network topologies have labeled paths programmed & IP based routes are also available for the same destination. 

IPv6 Unicast Reverse Path Forwarding (uRPF) can help limit malicious IPv6  traffic on a network. uRPF works by

Segment Routing provides a mechanism to define end-to-end paths within a topology by encoding paths as sequences of sub-paths or instructions. These sub-paths or instructions are referred to as “segments”. OSPF Segment Routing (henceforth referred to as OSPF SR) provides means to advertise such segments through OSPF protocol.

This feature allows for the configuration of password requirements when creating or modifying local user accounts. Specifically, policies can necessitate that passwords meet the following requirements:

This feature will enable the configuration of IPv6 static routes with IPv4 next-hops and a MPLS label value where the IPv4 next-hop is allowed to resolve only through tunnel RIB. This will allow users to install 6PE routes using static route configuration thereby connecting IPv6 islands over IPv4 MPLS cloud.

This TOI supplements the Ingress Traffic Policy applied on ingress interfaces. Please refer to that document for a description of Traffic Policies and field-sets. This TOI explains the Traffic Policies as applied in the egress direction on interfaces

This TOI supplements the Ingress Traffic Policy applied on ingress port interfaces. Please refer to that document for a description of Traffic Policies and field-sets. This TOI explains the Traffic Policies as applied in the ingress direction on VLAN interfaces.

In STP Rapid-PVST mode, when multiple VLANs are assigned to different interfaces using switchport mode access and these interfaces are interconnected, the VLANs perceive each other as part of the same VLAN, thereby forming a large single VLAN network.

This feature introduces hardware forwarding support of IPv4 multicast traffic over IPv4 GRE tunnel interfaces in Arista Switches. Multicast source traffic can reach the receivers which are separated by an IP cloud which is not configured for IP multicast routing by utilizing a GRE tunnel.

This feature is disabled by default. It can be enabled by a CLI toggle "logging transceiver communication" under the "monitor layer1" config mode. Note that “logging transceiver” will enable SMBus communication failure and digital optical monitoring syslogs.  See under Resources for more information on digital optical monitoring syslogs.

In TAP Aggregation mode, when receiving a packet whose Frame Check Sequence (FCS) is corrupted, the default behavior is to replace the bad FCS with the correct value and forward it.

The Unified Forwarding Table (UFT) is memory that is shared between Layer2 and Layer3 lookup tables with capabilities for variable partitions. Rather than separate Layer2 and Layer3 lookup tables of fixed size, the UFT may be partitioned to support user-requested combinations of Layer2 and Layer3 lookup table sizes. The new UFT partitioning CLI has capabilities to reconfigure individual forwarding table scales (Layer2, Layer3 Unicast, Layer3 Multicast) according to the user’s input. The CLI provides an interface for granular control of the underlying UFT resources.

Unicast reverse-path forwarding (uRPF) is a security feature that validates the source IP address of an incoming packet to ensure that the incoming packet has originated from a legitimate/valid source.  If validation of the source IP address fails, then the packet is dropped, thus preventing IP spoofing from illegitimate/invalid sources.

Unicast Reverse Path Forwarding (uRPF) can help limit malicious IPv4/IPv6 traffic on a network. uRPF works by enabling the router to verify reachability (routing) of the source IP address (SIP) in the packet being forwarded. If the SIP is determined to be an invalid address, the packet is dropped.

This feature allows Unicast Reverse Path Forwarding (uRPF) to be enabled along with Routes in Exact Match Table( REM/FlexRoute ). One prefix length can be selected to be in the Large Exact Match table (LEM) along with uRPF support.

This article describes how to configure a TCAM ( Ternary Content Addressable Memory ) profile for ingress filtered mirroring sessions. This profile allows mirroring sessions to use less TCAM resources by individually selecting the allowable match criteria.

Virtual Private LAN Service (VPLS) appears in (almost) all respects as an Ethernet type service to customers of a Service Provider (SP). A VPLS glues together several individual LANs across a packet switched network to appear and function as a single bridged LAN.

With a static configured import and export route-target for a given vlan-aware-bundle, all its VLAN members share the same route-target value.  For example, EVPN uses the same route-target in the Type2 EVPN route advertisements for hosts residing in two different VLAN of the same bundle.  

VRF redirection often requires matching packets’ source addresses against one or more sets of IP prefixes.  This can become difficult to manage when the prefix sets need to be consistently maintained on several devices and either change too frequently or are very large.  When the prefixes for the prefix sets are learned by BGP, this feature provides an alternative to maintaining unwieldy sets of statically configured IP prefixes.

This document describes the VRF selection policy and VRF fallback feature. A VRF selection policy contains match rules that specify certain criteria (e.g. DSCP, IP protocol) as well as a resulting action to select a VRF in which to do the FIB lookup.

WRED ( Weighted Random Early Detection ) is one of the congestion management techniques.