Tag :: TOI

When the system exhausts ECMP resources, the Transient ECMP feature enables route programming through a single available next-hop from the original ECMP route. Once the system can program the full ECMP route, the transient ECMP route is removed after successfully installing the ECMP route.

The following describes LAG hashing for L2GRE and VXLAN transit traffic on Arista 7050X4 platforms: For L2GRE transit traffic, LAG hashing uses only the encapsulated (inner) packet header fields. There is no option to use underlay (outer) packet header fields. When the encapsulated packet is IP, the system uses the IP parameters configured with hash ipv4 or hash ipv6 for hashing.

UDF is an important DMF feature that matches customized fields in packet payloads for network traffic filtering on the Arista 7050X4 Series. Only supports IPv4 traffic UDF filtering, Maximum UDFs per rule: 6 UDFs.

As of EOS 4.15.2F, the support for the tuning of tunable DWDM 10G SFP+ transceivers (10GBASE DWDM) is added.

DMF 8.7.0 introduces an updated dashboard for viewing tunnel traffic. The widgets display traffic distribution by tunnel type using sFlow traffic categorized by a combination of Ethernet Type, Protocol, and L4 ports. Recognized tunnels include:

4.21.3F introduces support for the feature on the platforms listed below. The TOI describing the feature support on different versions/platforms is available here. 

The BGP labeled unicast (LU) RFC is used to advertise BGP routes with a stack of MPLS labels, thereby allowing

Trident2 is a Switch on Chip (SoC) single chip with support for up to 1280Gbps of forwarding capacity (oversubscribed

This feature provides a configuration option to disable egress IPv4 RACL sharing allowing for uRPF to be configured.

Unidirectional links is a feature that configures an Ethernet interface transmit and receive paths to be independent. Specifically, the transmit path can be up or down independent of the receive path being up or down.

The Unified Forwarding Table (UFT) is a group of memories that is shared between Layer2 and Layer3 lookup tables with capabilities for variable partitions. Rather than separate Layer2 and Layer3 lookup tables of fixed size, the UFT may be partitioned to support user-requested combinations of Layer2 and Layer3 lookup tables of varying sizes. The new UFT partitioning CLI has capabilities to reconfigure individual forwarding table scales (Layer2, Layer3 Unicast, Layer3 Multicast) according to the user’s input. The CLI provides an interface for granular control of the underlying UFT resources.

With the 13.0 release, CloudVision Cognitive Unified Edge (CV-CUE) lets you configure Unique PSK (UPSK) for client authentication. UPSKs allow users  to connect to the same SSID using a unique PSK which is user specific. UPSK provides added security as compared to single PSK because single PSKs are easily compromised.

With the 15.0 release, CloudVision Cognitive Unified Edge (CV-CUE) introduces the following enhancements to the Unique-PSK(UPSK) workflow:

With the 12.0 release, you can check for available upgrades and upgrade your server to the latest version of CloudVision Cognitive Unified Edge (CV-CUE).  Only a Superuser  can initiate a server upgrade.

CVA 6.x may be upgraded to CVA 7.0 with an upgrade launcher. The launcher is an interactive executable that is run on the CVA system that is to be upgraded, and performs several functions Staging of an appropriate upgrade image for autoinstall

With the 16.0 release, you can authenticate edge devices from a centrally managed network access control server using the 802.1X authentication. As a network administrator, you want to authenticate the access points (APs), before the APs connect to the network. To enable the authentication, you need to first configure the uplink port on the AP using CV-CUE.

This feature adds the capability to import as path access-list from a URL, in release 4.20.1F. The file specified by the URL can contain one or more as-path access-list entries. All the entries that are in the file are added to the as-path access-list being configured. This feature gives the advantage of using one EOS CLI command to configure many as-path access-list entries, instead of adding each one of them line by line in the CLI.

Role based access control (RBAC) is an approach to regulating access to network resources based on the roles of

Packets which exceed the L2 Maximum Transmission unit (MTU) in EOS are dropped. The value of the L2 MTU is configurable for each Ethernet or Port-channel interface.

This article describes how to customize TCAM ( Ternary Content Addressable Memory ) lookup for each feature which uses TCAM.

User-defined TPIDs allows an arbitrary TPID (Tag Protocol Identifier) to be used with a FlexEncap specification. A TPID is used in Ethernet frames to identify the encapsulation protocol, where standard values like 0x8100 (for IEEE 802.1q VLAN tagging) and 0x88a8 (for IEEE 802.1ad Q-in-Q) are commonly used. However, some network equipment may use non-standard or legacy values such as 0x9100. This feature allows FlexEncap subinterfaces to be configured with an arbitrary TPID to allow interfacing with networking equipment that uses values besides 0x8100 and 0x88a8.

This feature expands Multi Domain EVPN VXLAN to support an Anycast Gateway model as the mechanism for gateway

EOS 4.15.0F added support for a CLI knob to determine whether the L3 forwarding agent (responsible for programming FECs and routes into hardware) would react to BFD status events for an interface to update next-hop programming for FECs programmed in hardware. This required two events, one for the BFD session to transition to an “Up” status and a subsequent transition to a “Down” status. This is identical to how various protocols in EOS (i.e. BGP, IS-IS) leverage BFD for faster down detection, and is useful to allow the L3 forwarding agent to preemptively remove next hops that would later be deprogrammed due to protocol session status state.

This feature enables exchanging IPv4 NLRI using MP BGP over an IPv6 TCP connection.  Additionally, this feature

The vertical navigation bar is an update to the layout of CloudVision. It replaces the existing horizontal header with a vertical navigation menu that lines the left side of the page. This allows for a cleaner horizontal header where key functions of CloudVision sections are highlighted.

Virtual Private LAN Service (VPLS) can be used when one wishes to connect several LANs dispersed across a packet switched network. VPLS can allow the dispersed LANs to act like a single bridged LAN by providing a service to connect the LANs. The service will appear like an Ethernet LAN (in almost all regards). VPLS achieves this by creating a mesh of pseudowires that connect the dispersed LANs, while also processing the traffic that moves through the pseudowires in a similar way to how a L2 service would. For example, MAC address learning, flooding and forwarding functions are applied to the pseudowire traffic in a VPLS. This allows  VPLS to mimic the functionality of an any-to-any L2 service when connecting dispersed LANs.

This article describes the support of a VLAN filter for IP, IPV6 and MAC ACLs on the ingress ports. The users will be able to filter the packets by specifying a VLAN id in the ACL rule. VLAN id specified in the ACL rule is internal broadcast domain VLAN id. 

The Tap Aggregation Traffic Steering feature provides support for filtering data streams received on tap ports and directing flows to tool ports based on user-configurable match rules, using either class maps and policy maps or traffic policies.

The VLAN mapping or translation feature provides the ability to map an arbitrary VLAN tag to a particular bridging VLAN on the switch. This mapping can be either bidirectional or applied only in one direction (incoming/outgoing).

This feature is available in the VLAN configuration mode. When a switch receives a packet with unknown destination MAC address on a VLAN, L2 miss happens. The current behavior for L2 miss packets is to flood the packet on all ports of the VLAN. In certain cases, there may be a preference to drop or log L2 miss packets instead of flooding them across the VLAN.

VLAN Pooling is a list of VLAN IDs defined by the Network Administrator. The Access Point (AP) distributes the VLAN IDs from this pool of VLAN to the clients connecting to the SSID.VLAN Pooling offers better scalability and optimized load-balancing of traffic.

As of EOS 4.15.2F, VM Tracer adds support for VMware NSX V. This includes supporting NSX V specific features, improved

CloudVision now creates VRF system tags in order to name devices in a VRF. This allows you to identify devices by VRF using the Tag Query Editor, like in Dashboards.

This document describes how to use the new feature, VRRP IPv6 using VRRP IPv4 MAC prefixes. RFC 5798 defines a specific

Traceroute and tracert are widely available diagnostic command-line interface commands for displaying possible routes (paths) and transit delays of packets across an Internet Protocol (IP) network. This enhancement applies to IPv4 and IPv6 overlay. The VTEP overlay ICMPs for “time-to-live expired” (aka TTL-expired) are sourced with the VTEP IP which results in the traceroute output to display the VTEP IPs on the overlay packet’s path from source to destination.

This feature allows the VRRP MAC to be advertised via EVPN MAC-only routes when VRRP is configured on the VTEP.

When a frame gets bridged from an edge port to a VXLAN core port, it is necessary to encode the QOS fields in the outer

This feature allows an operator to configure a centralized routing topology with an IPv6 VXLAN underlay. This is useful for customers who want to use an anycast (VARP) gateway for routing over an IPv6 control plane. VARP allows multiple switches to simultaneously route packets from a common IP address in an active-active router configuration. Each switch is configured with the virtual IP address and a common virtual MAC address.

The VXLAN Control Service (VCS) provides a mechanism by which hardware VTEPs share states between each other in order

This feature allows selecting Differentiated Services Code Point (DSCP) and Traffic Class (TC) values for packets at VTEPs along VXLAN encapsulation and decapsulation directions respectively. DSCP is a field in IP Header and TC is a tag associated with a packet within the switch, both influence the Quality of Service the packet receives. This feature can be enabled via configuration as explained later in this document.

Hardware Head End Replication (HW HER) optimizes flooding of inter VTEP broadcast, unknown unicast and broadcast

In EOS 4.18.0F, VXLAN direct routing was introduced on the 7500R and 7280E/R series platforms. VXLAN routing

VXLAN multicast decapsulation enables VTEPs that only support HER (Head End Replication) to terminate multicast

VXLAN is a Layer 2 technology that helps you to create a virtual Layer 2 network (overlay network) on top of a physical

VXLAN ARP and IPv6 Neighbor Discovery (NDP) packet headend replication capability via VxlanSwFwd matches the COPP rate limit for these packets for the supported platforms regardless of the size of the VXLAN flood VTEP list. However, there still remains a case where the handling capacity is limited by CPU: the handling of ARP broadcast and NS multicast that result from Glean traffic (post routing).

With the 12.0 release, CloudVision Cognitive Unified Edge (CV-CUE) supports a new tunnel type —  VXLAN over IPSec. You need to specify a tunnel type when you create an SSID.

VxLAN bridging enables stretching Layer 2 domains across a Layer 3 cloud. VxLAN routing provides the capability to

The 7500 and 7280 switch series platforms have previously supported VXLAN bridging, which enables stretching of

Vxlan routing in multichip systems uses the different modules to do different portions of the packet processing.

MLAG provides Layer2 active/active redundancy. VXLAN is supported over an MLAG setup by having the two switches