Tag :: EOS 4.34.1F

Destination based RTBH (remote triggered blackholing) is used on edge devices in a network to prevent DOS attack on a target network (IP/prefix) by blackholing/dropping the traffic destined towards this target. One of the ways to achieve this is through a trigger router sending a routing update for the prefix under attack to the edge routers configured for black hole filtering. The next-hop of such routing updates ends up getting resolved to a null/drop interface on the edge device, which results in blackholing all traffic destined towards this target network. 

When this feature is enabled, responses to gNMI subscribe requests contain the default values for YANG leafs if those leafs do not have any other value.

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion. This document serves as a reference guide for: Routing protocol attributes, Operators for comparing and modifying attributes, built-in functions provided in RCF

Routing Control Functions (RCF) is a language that can express route filtering and attribute modification logic in a powerful and programmatic fashion.

RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.

RSVP-TE applies the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), i.e., to distribute MPLS labels for steering traffic and reserving bandwidth.

RSVP-TE P2MP LER adds ingress and egress support for Point-to-Multipoint (P2MP) LSPs to be used in Multicast Virtual Private Network (MVPN) as an extension to the LSR support which adds transit support.

Network administrators require access to flow information that passes through various network elements, for the purpose of analyzing and monitoring their networks. This feature provides access to IP flow information by sampling traffic flows in ingress and/or egress directions on the interfaces on which it is configured. The samples are then used to create flow records, which are exported to the configured collectors in the IPFIX format. Egress Flow tracking is supported from EOS-4.29.0F on the DCS-7170B-64C series and supported on 7280, 7500 and 7800 series platforms from EOS-4.31.1"

VXLAN UDP-ESP support allows the customer to encrypt traffic between two VXLAN VTEPs. The frame format looks like: NOTE, Secure VXLAN is s~upported with both the sectag2 and UDP-ESP format in 4.27.1, where sectag2 is the default encapsulation format. However, the sectag2 format is deprecated and should not be used.

The Dynamic Load Balancing (DLB) feature is currently supported in the DCS-7060 Arista switches in order to provide an alternative to the hash-based ECMP load balancing, which selects the next hop for routed packets using a static hash algorithm. DLB considers the state and quality of the port while assigning egress ports to packets, resulting in a more even flow. The state of each port member is determined by measuring the amount of data transmitted from a given port and the total number of packets enqueued to a given port.

Priority-based flow control (PFC) buffer counters track ingress port buffer usage for each packet priority. This feature displays the high watermark buffer usage over two time intervals: a polling interval (by default 2 seconds) and the encompassing interval since the counters were cleared. The PFC buffer counter watermarks can be used to expose bursty and transient ingress buffer resource usage. High watermark values indicate congestion conditions that could explain packet loss.

The support for configurable dynamic authorization port for different clients has been added to proxy the radius dynamic authorization (CoA) requests. By default, all radius dynamic authorization requests are only proxied to clients at port 3799, which is configurable now.

This feature adds support for CPU traffic policy capable of matching and acting on IP traffic which would otherwise

This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups.

gNSI (gRPC Network Security Interface) defines a set of gRPC-based microservices for executing security-related operations on network devices. Some of the RPCs that gNSI exposes are used to rotate security configurations on the switch.

This feature provides a CLI command showing the list of mac addresses that could not be learned due to hash collision in the hardware table. A hash collision occurs when two or more distinct pieces of data map to the same entry ( or slot ) in the hardware table. It can happen when the hash function used to calculate the index for a given mac address results in the already occupied index, resulting in the failure of inserting the later mac address to the hardware table.

Private VLAN is a feature that segregates a regular VLAN broadcast domain while maintaining all ports in the same IP subnet. There are three types of VLAN within a private VLAN

This feature adds the support for tracking the number of syslog messages sent to the server and the number of syslog messages received on the server, along with other log forwarding action statistics, continuously within the existing syslog logging mechanism.

This feature terminates GTP packets arriving on a tap port of a TapAgg switch by stripping the GTP header. The decapsulated (inner) packets then proceed through the normal TapAgg path. This functionality allows a GTPv1 tunnel to transmit tapped traffic to the TapAgg switch over an L3 network, significantly extending the available use cases for TapAgg.

Topology Independent Fast Reroute, or TI-LFA, uses IS-IS SR to build loop-free alternate paths along the post-convergence path. These loop-free alternates provide fast convergence.

Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. The number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.

This feature introduces the ability to define matching rules to configure transceiver tuning on a switch. This is useful when a particular collection of transceivers are known to require tuning values which differ from EOS defaults.

 The "forwarding action trap" feature allows you to divert all incoming network traffic for an interface directly to the switch’s CPU for inspection and analysis. This feature is useful for advanced network testing, gaining deeper visibility into specific traffic flows, and potentially emulating existing network behaviors. Be aware that directing a high volume of network traffic to the CPU via this feature can overwhelm it.

Overlay IPv6 routing over VXLAN tunnel using an anycast gateway (direct routing) has been previously supported using the “ipv6 virtual-router” configuration for both the data-plane and EVPN (or CVX) control-plane learning environments. 

This feature allows the export of IP FIB (Forwarding Information Base) through the OpenConfig AFT YANG models.

This feature allows configuring a static IS-IS neighbor to have a full adjacency on an interface, without needing an IS-IS peer at the other end.. The adjacency state will depend on the BGP session with a single hop eBGP peer presen t on the same interface: when the BGP session is established, the IS-IS adjacency will be up; in any other state, it will be down. This allows advertising an interface's traffic engineering information—like bandwidth and admin groups—within IS-IS without needing an IS-IS neighbor adjacency on the remote end.

SwitchApp is an FPGA-based feature available on Arista’s 7130LB-Series and 7132LB-Series platforms. It performs ultra low latency Ethernet packet switching. Its packet switching feature set, port count, and port to port latency are a function of the selected SwitchApp profile. Detailed latency measurements are available in the user guide on the Arista Support site.

BGP routing information often contains more than one path to the same destination network. The BGP best-path selection algorithm determines which of these paths should be considered as the best path to that network

The feature introduces a CLI command for transceiver reinitialization, simulating a physical removal and reinsertion of the transceiver. This is a great feature for remote troubleshooting, when physical access is not possible or convenient. To configure, issue the CLI command "transceiver reinitialize slot" in exec mode. The command takes effect immediately, toggles the reset pin and initiates a transceiver initialization sequence.

This feature provides the capability to configure transceiver SERDES electrical tuning parameters. The ability to

This feature makes IGMP Snooping aware of VXLAN endpoints. Without this feature, multicast data traffic is flooded to all the VXLAN endpoints in case of a VXLAN VLAN. This increases the underlay network utilization. It is desirable to forward multicast traffic to only those VXLAN endpoints that are attached to receivers. To identify interested VXLAN endpoints, this feature snoops IGMP reports that are coming from the remote VXLAN endpoints. Note: EVPN control plane is not required when using this feature.

The VXLAN VTEP and VNI counters feature allows the device to count VXLAN packets received and sent by the device on a per VTEP and per VNI basis. Specifically, it enables the device to count bytes and packets that are encapsulated and decapsulated as they are passing through.

The primary purpose of the ZTX Node in Monitor Mode is to provide visibility into app-to-app traffic in the network and to develop non-intrusive MSS policies that are aligned with applications requirements. Deploying group-based MSS policies is essential to secure Data Center and Campus environments, the ZTX Monitor Node provides the visibility needed to build such policies. The below diagram depicts how ZTX Node fits into a network to provide visibility.