Tag :: TOI

Destination based RTBH (remote triggered blackholing) is used on edge devices in a network to prevent DOS attack on a target network (IP/prefix) by blackholing/dropping the traffic destined towards this target. One of the ways to achieve this is through a trigger router sending a routing update for the prefix under attack to the edge routers configured for black hole filtering. The next-hop of such routing updates ends up getting resolved to a null/drop interface on the edge device, which results in blackholing all traffic destined towards this target network. 

This feature provides protocol independent UCMP support for all the routes which follow the IGP path provided there is no UCMP computation done at the protocol level itself. This feature optimizes bandwidth utilization by weighting next-hop members according to their link capacity.

Provisioning Settings allows you to configure CloudVision's default behavior when pushing configuration and image changes to devices. Each setting relates to an action used in Change Control. Ordinarily you should only need to use the default settings, but you can alter them for more control over CloudVision and EOS interactions for devices in your network. 

Proxy node segment helps in advertising segments in a segment-routing domain for prefixes that are originated outside the segment-routing domain.  Node B in the SR domain can advertise proxy-segments to node A for the loopacks of C and D which are not present in the SR domain. This feature will help in creating mpls routes for those loopbacks on node B. Note that if C and D loopbacks have LDP enabled and if they have exchanged the LDP labels with B then B can by default create a SR to LDP stitched mpls route even without enabling this feature. This feature is specific to the case where such stitched routes cannot be created.

This feature allows a customer to configure a whitelist of acceptable grandmaster clocks per switch. When such a list is configured, announce messages from only the acceptable clocks are accepted and announce messages from all other clocks are rejected. If there is no such list configured, the default behaviour kicks in i.e. all potential grandmaster clocks are considered.

This document describes the enhancements to Arista's IEEE 1588 PTP implementation introduced in EOS 4.15.0F.

CloudVision provides more than 20 overlay options to help you visualize the properties of network devices, interfaces, and links. Use the PTP overlay to visualize the topology of PTP enabled devices and their links. At a glance, you can see which device in a PTP domain is the grandmaster and which devices belong to a PTP domain.

The`ptp forward-v1` command configures the switch to forward Precision Time Protocol version 1 packets as regular multicast traffic. By default, when PTP is enabled and PTPv1 packets are received on the PTP enabled interfaces, these packets are trapped by the CPU, logged and discarded. The feature is already supported on various Arista platforms, this article highlights added support on the 7280R/7280R2/7020R/7500R/7500R2 platforms in EOS 4.26.0F and on the 7280R3/7500R3/7800R3/7289 platforms in EOS 4.29.0F. It highlights some differences in support for 7280/7500/7800 R/R2 platforms versus 7280/7500/7800 R3 platforms.

This feature keeps the configured hostname for a managed appliance and the actual hostname on the managed appliance aligned. Before this change, the configured hostname for a managed appliance on the controller and the actual hostname on the managed appliance could be different.

This feature makes ARP and ND packets use a higher priority output queue when software forwarded on the switch. Doing

Since, now there can be multiple inputs, conflicts may arise. Non conflicting configurations are when non default

QSFP+ modules that support TX power DOM will now display the reported TX power value via show interfaces transceiver.

Forward Error Correction (FEC) is required with some QSFP100 media to achieve error free operation of the link when

The current behaviour on R series products is to drop all packets marked for drop by the chip Packet Processor in the

RACL divergence enables the optimization of the utilization of hardware resources by installing ACLs only on the

TCAM sharing between different VLAN Interfaces when they have same ACL attached : Configurable via CLI

RADIUS Pooling lets you assign a pre-defined list of RADIUS Servers that Access Points (AP) can use to authenticate, authorize, and maintain clients' accounts. It offers better load-balancing capabilities and improved scalability.You do not have to specify the order of the RADIUS servers as Primary or Secondary. Every AP randomly chooses the RADIUS servers from the pool, and then independently decides the sequence of the RADIUS servers and follows the order. Two APs sharing the same RADIUS pool may not share the same order for the RADIUS servers. APs automatically distribute the client load based on an intelligent algorithm.

RADIUS proxy feature enables proxying RADIUS requests from a RADIUS client and forwarding it to a remote RADIUS server. Similarly, RADIUS proxy receives the reply from the remote RADIUS server and forwards it to the client.

With the 13.0 release, CloudVision Cognitive Unified Edge (CV-CUE) can redirect onboarding clients to a dynamic URL defined by the RADIUS. If the  RADIUS access-accept request has a role and a redirection URL for a client, access points (AP) can redirect such client’s HTTP or HTTPS requests. 

This feature adds support for “Randomized Load Balancing (RLB) on ECMP groups”. RLB enables per-packet load balancing, randomly distributing each incoming packet among the members of an ECMP group.

The SFP-10G-RA-1G-LX and SFP-10G-RA-1G-SX transceivers are rate adapting SFP+ transceivers with internal clause 37 auto-negotiation (AN) support. The transceiver host interface is 10G XFI and the module rate adapts in the egress direction from 10G to 1G before transmitting data on the attached fiber. In the ingress direction it rate adapts the received 1G data to 10G before sending to the host switch. This allows 1000BASE-LX and 1000BASE-SX support on switches which do not natively support 1G operation.

The rate watermark counters feature allows for the capturing of microbursts within a configured interval based on the fast interface counters. The rate watermark counters feature is built on top of the high frequency fast poll counters which allows for increased visibility of microbursts that may happen within a short time window.

Some data plane features on some switch platforms may require packets to be recirculated through the switch chip in

The new 96TB Recorder Node SKU (DCA-DM-RN760), primarily designed as a lower-cost model, meets lower data retention and recording performance requirements and is supported starting from DMF 8.7.0.

The Analytics Node (AN) enables the correlation of 5-tuple data from Flows and DMF metadata with the corresponding packets retrieved from the Recorder Node (RN). Previously, the system displayed Egress sFlow® to indicate potentially recorded flow packets.

The Recorder Node (RN) supports being managed by CloudVision (CV) on-prem starting DMF 8.7.0. This feature extends support to CVaaS starting DMF 8.8.0. Recorder Node was not supported with CVaaS before 8.8.0 because of an RN requirement to store the query results file in CV while archiving the query results. However, this was not permitted on CVaaS as these files might contain data that cannot be stored in a cloud service. This feature supports CVaaS by allowing the RN to store query result files.

This document provides a comprehensive overview of the redesigned Alerts page, detailing its features and how to use them to monitor and manage Fabric health effectively. The new design improves clarity, usability, and the efficiency of alert management.

This feature allows to advertise routes learnt via BGP into IS IS network or IS IS routes into BGP network. It also

The regex-session action enables matching of Regular Expression patterns against packet content. When a packet matches the specified pattern, its session is tracked based on configured timeouts and other parameters including, anchor, offset, and ip-proto.

With the 18.0 release, you can prevent clients using locally-administered MAC addresses from accessing your network. Network administrators can ensure that only clients using their device’s globally unique MAC addresses are able to connect to the network. By making sure that only devices with globally unique MAC addresses connect to the network, you can mitigate potential security threats associated with spoofing or unauthorized access by having control over device identification.

In the BGP Update message’s AS_PATH, routers have the capability to perform route aggregation and combine the ASes an update has traversed, merging the discrete entries into an  AS_SET. Routers can also do this within the local confederation with member AS numbers, using an AS_CONFED_SET. Route aggregation can be problematic as it blurs the semantics of what it means to originate a route. RFC 6472 recommends not using AS_SET or AS_CONFED_SET in BGP, and further justifies reasoning as to why, as well as provides a recommended way to handle updates with these messages.

This feature removes an ARP entry when the physical port, on which the ARP entry's MAC address is learned, goes down.

This document describes the workflow for renaming a Group Name in DMF. Navigate to Security → Groups and select Groups.

When this feature is disabled, the dst_vlan field in the switch extension always equals to the src_vlan field for L2 traffic. When this feature is enabled, the dst_vlan field will be the 802.1Q VLAN ID of the outgoing frame for L2 traffic.

In the 14.0 release, CloudVision Cognitive Unified Edge (CV-CUE) introduces a new Report, WiFi-Radios Instantaneous.

Arista WM gathers a wealth of data about the wireless deployment. The data gathered includes Wireless Intrusion

Even if the LEM table is exhausted and the routes are being added to LPM due to LEM overflow, the reserved amount of entries in LEM should persist.

Equal Cost Multi-path (ECMP) provides the ability to load-share traffic across multiple next-hops. When a next-hop fails or is deleted all flows are affected. This is due to the nature of the load-balancing algorithm which re-calculates a new hash for the flows based on the remaining active next-hops.

When this feature is enabled, responses to gNMI get requests as well as NETCONF get-config responses will contain the default values for YANG leafs if those leafs do not have any other value. This means that where a leaf value would normally be returned in a response, its default value (as defined in the YANG model) will be returned if the leaf does not have any other value assigned to it. Before this change, leafs that had a default value would not have been included in gNMI get responses.

When this feature is enabled, responses to gNMI subscribe requests contain the default values for YANG leafs if those leafs do not have any other value.

The transmit power configured on UI is now treated as EIRP (Equivalent Isotropically Radiated Power) instead of

The BGP labeled unicast (LU) RFC is used to advertise BGP routes with a stack of MPLS labels, thereby allowing

This feature provides support for advertising IPv4 unicast Network Layer Reachability Information (NLRI) with

EOS 4.17.0F adds support for IPv4 address family in OSPFv3 (multiple address family support) based on RFC5838.

Multi Agent, Platform independent. This feature supports RFC 7606, which  provides improved security and

This feature provides support for advertising VPN-IPv4 Network Layer Reachability Information (NLRI) with IPv6 next-hops over IPv6 peering sessions described as the Extended Next Hop Encoding capability in RFC8950. Extended Next Hop Encoding capability can be supported for IPv4 unicast, IPv4 Labeled Unicast, and IPv4 VPN address and sub-address families (1/1, 1/4, 1/128 respectively) per RFC. The Extended Next Hop support for IPv4 unicast is described in RFC 5549 .

RIB Route Control is a collection of mechanisms for controlling how IP routing table entries get used. Next hop resolution policy adds support for preventing recursive resolution of next hops based on route map evaluation of resolving routes.

With the 16.0 release, CloudVision Cognitive Unified Edge (CV-CUE) introduces the Client Roaming Explorer. It provides a graphical and tabular view of a client’s roaming events from one access point (AP) to another AP.

RDMA over converged ethernet version 2 (RoCEv2) is a UDP protocol for transferring memory blocks between compute nodes. It is used for AI applications. RoCEv2 aware sampled flow tracking with IPFIX export is an enhancement that allows customers access to RoCEv2 flow information, for the purposes of analyzing and monitoring traffic associated with AI workloads.

Creating a scope, or attribute, for your SAML provider allows you to pass CloudVision roles from the corresponding identity provider to CloudVision. This allows CloudVision user accounts to be automatically created with these roles when a new user logs in with that provider.