Tag :: TOI

Policy-based routing (PBR) is a feature that is applied on routable ports, to preferentially route packets. Forwarding is based on a policy that is enforced at the ingress of the applied interface and overrides normal routing decisions. In addition to matches on regular ACLs, PBR policy-maps can also include “raw match” statements that look like a single entry of an ACL as a convenience for users.

This document covers the usage of port-breakout CLI to break a port evenly into multiple interfaces. In the context of this document, a port is a logical entity that holds a list of interfaces, in most cases this is equivalent to the front panel transceiver cage.

In previous versions, the DMF Controller had a hidden CLI command to change the log level from INFO to WARN for a particular port down log in the DMF Controller. This hidden command has been removed in DMF 8.7.0. The following is an example of the hidden command:

Port mirroring is used to send a copy of packets seen on one port to a network monitoring connection on another switch port. Port mirroring is commonly used with network probes or other monitoring devices; examples include intrusion detection devices, latency analyzers, or packet capture and protocol analysis tools.

Persistent port security is a feature which ensures that port-security MAC cache is preserved across link flap and system reload. The feature is useful when it is desired to have the same set of already allowed secure MAC addresses on a particular interface after system reload or link flaps. There are separate global configurations to enable persistent port-security for shutdown and protect mode. A command to clear the MAC entries and secure MAC cache for interfaces with port-security configured has been added.

Port Security: Protect mode (PortSec Protect) is newly added to the Port Security feature and is designed to restrict

Introduced in the 4.34.0F release, the maximum links feature allows users to specify the number of active members in both LACP and static port-channels. If active members become inactive due to configuration changes or link failure, previously restricted members can become active. This ensures the port-channel remains operational, preventing disruptions even if all initial active members fail.

Port Channel member status logging on Arista switches allows logging of Ethernet interfaces joining or leaving a

The postcard telemetry (GreenT - GRE Encapsulated Telemetry) feature is used to gather per flow telemetry information like path and per hop latency. For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency and congestion information for flows at different times.

Power management is a way to limit the total available power to be used for Power over Ethernet (PoE) ports. Without power management, the total amount of power that the power supply units (PSU) are able to provide is used. Power management can be used to create power redundancies. For example, if a system has 2 1050W PSUs, the feature can set the total available power to be 800W for PoE. With this configuration, 1 PSU is sufficient to power the system and the unused PSU acts as a backup source, thus giving the system a 1+1 redundancy.

View PTP counters to identify the types of messages being sent and received by PTP-enabled devices. Use this to troubleshoot issues with your network PTP configuration and connectivity. When announce and sync messages are present but delay request messages are missing, for instance, it may suggest that a host is having trouble locking to the boundary clock.

This article provides a general introduction to Precision Time Protocol (PTP) supported within EOS. PTP is aimed at distributing time with sub-microsecond accuracy. PTP support is based on the IEEE-1588 specification for version 2 of the protocol. 

Precision Time Protocol (PTP) is a protocol aimed at distributing time between devices with sub-microsecond accuracy. PTP support is based on the IEEE-1588 specification for version 2 of the protocol. cEOS-lab is a containerised image which provides a portable way to run EOS in a virtualised environment. With this support, multiple virtual labs can be spun up to be used for testing and learning of the PTP feature.

Precoding is used to help reduce the burst error length of DFE (Decision Feedback Equalizer) error events with PAM-4 modulation

Starting EOS 4.15.0F, a BGP route reflector can preserve the BGP attributes (next hop, local preference and metric)

Forwarding destination prediction allows users to determine which interface a given packet will egress out. This feature is enhanced to identify the TCAM bank and rule offset for the matched ACL rule responsible for the forwarding decision. This allows network operators to trace the egress result back to the exact rule that triggered the action.

Priority Flow Control is a link-layer flow control mechanism which may be used by an overwhelmed network node to ask its transmitters to stop transmission for a specified period of time. It does so by using special frames known as PFC frames, thus, relieving congestion at the receiver node. With respect to this behavior, PFC is very similar to Link Layer Flow Control ( LLFC ), however, unlike LLFC, PFC allows the overwhelmed node to specify which 802.1Q Class of Service ( CoS ) it wants to stop receiving traffic for. Thus, allowing differentiated treatment of traffic based on CoS.

Destination based RTBH (remote triggered blackholing) is used on edge devices in a network to prevent DOS attack on a target network (IP/prefix) by blackholing/dropping the traffic destined towards this target. One of the ways to achieve this is through a trigger router sending a routing update for the prefix under attack to the edge routers configured for black hole filtering. The next-hop of such routing updates ends up getting resolved to a null/drop interface on the edge device, which results in blackholing all traffic destined towards this target network. 

This feature provides protocol independent UCMP support for all the routes which follow the IGP path provided there is no UCMP computation done at the protocol level itself. This feature optimizes bandwidth utilization by weighting next-hop members according to their link capacity.

Provisioning Settings allows you to configure CloudVision's default behavior when pushing configuration and image changes to devices. Each setting relates to an action used in Change Control. Ordinarily you should only need to use the default settings, but you can alter them for more control over CloudVision and EOS interactions for devices in your network. 

Proxy node segment helps in advertising segments in a segment-routing domain for prefixes that are originated outside the segment-routing domain.  Node B in the SR domain can advertise proxy-segments to node A for the loopacks of C and D which are not present in the SR domain. This feature will help in creating mpls routes for those loopbacks on node B. Note that if C and D loopbacks have LDP enabled and if they have exchanged the LDP labels with B then B can by default create a SR to LDP stitched mpls route even without enabling this feature. This feature is specific to the case where such stitched routes cannot be created.

This feature allows a customer to configure a whitelist of acceptable grandmaster clocks per switch. When such a list is configured, announce messages from only the acceptable clocks are accepted and announce messages from all other clocks are rejected. If there is no such list configured, the default behaviour kicks in i.e. all potential grandmaster clocks are considered.

This document describes the enhancements to Arista's IEEE 1588 PTP implementation introduced in EOS 4.15.0F.

CloudVision provides more than 20 overlay options to help you visualize the properties of network devices, interfaces, and links. Use the PTP overlay to visualize the topology of PTP enabled devices and their links. At a glance, you can see which device in a PTP domain is the grandmaster and which devices belong to a PTP domain.

The`ptp forward-v1` command configures the switch to forward Precision Time Protocol version 1 packets as regular multicast traffic. By default, when PTP is enabled and PTPv1 packets are received on the PTP enabled interfaces, these packets are trapped by the CPU, logged and discarded. The feature is already supported on various Arista platforms, this article highlights added support on the 7280R/7280R2/7020R/7500R/7500R2 platforms in EOS 4.26.0F and on the 7280R3/7500R3/7800R3/7289 platforms in EOS 4.29.0F. It highlights some differences in support for 7280/7500/7800 R/R2 platforms versus 7280/7500/7800 R3 platforms.

This feature keeps the configured hostname for a managed appliance and the actual hostname on the managed appliance aligned. Before this change, the configured hostname for a managed appliance on the controller and the actual hostname on the managed appliance could be different.

This feature makes ARP and ND packets use a higher priority output queue when software forwarded on the switch. Doing

Since, now there can be multiple inputs, conflicts may arise. Non conflicting configurations are when non default

QSFP+ modules that support TX power DOM will now display the reported TX power value via show interfaces transceiver.

Forward Error Correction (FEC) is required with some QSFP100 media to achieve error free operation of the link when

The current behaviour on R series products is to drop all packets marked for drop by the chip Packet Processor in the

RACL divergence enables the optimization of the utilization of hardware resources by installing ACLs only on the

TCAM sharing between different VLAN Interfaces when they have same ACL attached : Configurable via CLI

RADIUS Pooling lets you assign a pre-defined list of RADIUS Servers that Access Points (AP) can use to authenticate, authorize, and maintain clients' accounts. It offers better load-balancing capabilities and improved scalability.You do not have to specify the order of the RADIUS servers as Primary or Secondary. Every AP randomly chooses the RADIUS servers from the pool, and then independently decides the sequence of the RADIUS servers and follows the order. Two APs sharing the same RADIUS pool may not share the same order for the RADIUS servers. APs automatically distribute the client load based on an intelligent algorithm.

RADIUS proxy feature enables proxying RADIUS requests from a RADIUS client and forwarding it to a remote RADIUS server. Similarly, RADIUS proxy receives the reply from the remote RADIUS server and forwards it to the client.

With the 13.0 release, CloudVision Cognitive Unified Edge (CV-CUE) can redirect onboarding clients to a dynamic URL defined by the RADIUS. If the  RADIUS access-accept request has a role and a redirection URL for a client, access points (AP) can redirect such client’s HTTP or HTTPS requests. 

This feature adds support for “Randomized Load Balancing (RLB) on ECMP groups”. RLB enables per-packet load balancing, randomly distributing each incoming packet among the members of an ECMP group.

The SFP-10G-RA-1G-LX and SFP-10G-RA-1G-SX transceivers are rate adapting SFP+ transceivers with internal clause 37 auto-negotiation (AN) support. The transceiver host interface is 10G XFI and the module rate adapts in the egress direction from 10G to 1G before transmitting data on the attached fiber. In the ingress direction it rate adapts the received 1G data to 10G before sending to the host switch. This allows 1000BASE-LX and 1000BASE-SX support on switches which do not natively support 1G operation.

The rate watermark counters feature allows for the capturing of microbursts within a configured interval based on the fast interface counters. The rate watermark counters feature is built on top of the high frequency fast poll counters which allows for increased visibility of microbursts that may happen within a short time window.

Some data plane features on some switch platforms may require packets to be recirculated through the switch chip in

The new 96TB Recorder Node SKU (DCA-DM-RN760), primarily designed as a lower-cost model, meets lower data retention and recording performance requirements and is supported starting from DMF 8.7.0.

The Analytics Node (AN) enables the correlation of 5-tuple data from Flows and DMF metadata with the corresponding packets retrieved from the Recorder Node (RN). Previously, the system displayed Egress sFlow® to indicate potentially recorded flow packets.

The Recorder Node (RN) supports being managed by CloudVision (CV) on-prem starting DMF 8.7.0. This feature extends support to CVaaS starting DMF 8.8.0. Recorder Node was not supported with CVaaS before 8.8.0 because of an RN requirement to store the query results file in CV while archiving the query results. However, this was not permitted on CVaaS as these files might contain data that cannot be stored in a cloud service. This feature supports CVaaS by allowing the RN to store query result files.

This document provides a comprehensive overview of the redesigned Alerts page, detailing its features and how to use them to monitor and manage Fabric health effectively. The new design improves clarity, usability, and the efficiency of alert management.

This feature allows to advertise routes learnt via BGP into IS IS network or IS IS routes into BGP network. It also

The regex-session action enables matching of Regular Expression patterns against packet content. When a packet matches the specified pattern, its session is tracked based on configured timeouts and other parameters including, anchor, offset, and ip-proto.

With the 18.0 release, you can prevent clients using locally-administered MAC addresses from accessing your network. Network administrators can ensure that only clients using their device’s globally unique MAC addresses are able to connect to the network. By making sure that only devices with globally unique MAC addresses connect to the network, you can mitigate potential security threats associated with spoofing or unauthorized access by having control over device identification.

In the BGP Update message’s AS_PATH, routers have the capability to perform route aggregation and combine the ASes an update has traversed, merging the discrete entries into an  AS_SET. Routers can also do this within the local confederation with member AS numbers, using an AS_CONFED_SET. Route aggregation can be problematic as it blurs the semantics of what it means to originate a route. RFC 6472 recommends not using AS_SET or AS_CONFED_SET in BGP, and further justifies reasoning as to why, as well as provides a recommended way to handle updates with these messages.

This feature removes an ARP entry when the physical port, on which the ARP entry's MAC address is learned, goes down.

This document describes the workflow for renaming a Group Name in DMF. Navigate to Security → Groups and select Groups.