The primary challenge with using a switching ASIC as a load balancer has been how to deal with changes in the network topology without disrupting existing TCP connections.

802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.

Filtered Mirroring allows certain packets to be selected for mirroring, rather than all packets ingressing or egressing a particular port.

This feature adds support for user configured BGP Nexthop Resolution RIB profiles for various BGP based services

RPKI provides a mechanism to validate the originating AS of an advertised prefix.

Currently, there is a global knob for configuring the preference of all SR TE policies, that affects the comparison

Configurable Voq Tail Drop Thresholds provides flexibility to change default voq tail drop based on speed of the

EOS DHCP relay agent forwards all the DHCP requests from the clients using the primary IP address of the interface as

Dot1x Web authentication feature authenticates a supplicant via a web page, generally referred to as a captive

This article describes Dynamic NAT profile options that are configurable in EOS on DCS 7050X3 and CCS 720XP systems.

This feature supports counting ECN-marked packets (ECN = Explicit Congestion Notification) on a per egress port per tx-queue basis. The feature can be used to gather these packet counts via CLI or SNMP. There are two cases when an ECN-marked (congestion) packet is counted on the egress port/queue:

This feature provides the capability to count the number of packets hitting rules associated with egress ACLs

Egress Sflow sampling feature allows to sample unicast packets based on the egress interface. The

Egress traffic-policing can be applied on L3 Ethernet subinterfaces for outbound traffic.

From 4.25.1F, Dot1x Modes to MBA Hosts is supported.With this feature enabled MBA hosts will be considered for Dot1x

In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.

Starting with EOS release 4.22.0F, the EVPN VXLAN L3 Gateway using EVPN IRB supports routing traffic from IPV6 host to

Fair Adaptive Dynamic Thresholds (FADT) provides efficient allocation of shared packet buffer resources amongst

EOS-4.24.0 adds support for hardware-accelerated sFlow on R3 systems. Without hardware acceleration, all sFlow processing is done in software, which means performance is heavily dependent on the capabilities of the host CPU. Aggressive sampling rates also decrease the amount of processing time available for other EOS applications.

In VXLAN networks, broadcast DHCP requests are head-end-replicated to all VXLAN tunnel endpoints (VTEP). If a DHCP relay helper address is configured on more than one VTEP, each such VTEP relays the DHCP request to the configured DHCP server. This could potentially overwhelm the DHCP server as it would receive multiple copies of broadcast packets originated from a host connected to one of the VTEPs.

IGP shortcuts enable traffic to get forwarded along traffic engineered paths computed by RSVP using a modified SPF

The document describes the support for dedicated and group ingress policing on interfaces without using QoS policy-maps to match on the traffic and apply policing.

IP Locking is an EOS feature configured on an Ethernet Layer 2 port.  When enabled, it ensures that a port will only permit IP and ARP packets with IP source addresses that have been authorized. As of EOS-4.25.0F release update, IP Locking can run in two modes - IPv4 Locking (which will be referred to as IP Locking) and IPv6 Locking, which can be configured using the commands mentioned in the below sections. IP Locking prevents another host on a different interface from claiming ownership of an IP address through either IP or ARP spoofing.

IS IS area proxy allows the creation of more scalable networks. IS IS already has hierarchical mechanisms for

A L2 sub-interface is a logical bridging endpoint associated with traffic on an interface distinguished by 802.1Q tags, where each <interface, 802.1q tag> tuple is treated as a first class bridging interface.


The L2EVPN MPLS feature is available when configuring BGP in the multi agent routing protocol model. Ethernet VPN

This feature is available when configuring BGP in the multi agent routing protocol model. Ethernet

Subinterfaces divide a single ethernet or port channel interface into multiple logical L3 interfaces based on the

Introduced in EOS-4.20.1F, “selectable hashing fields” feature controls whether a certain header’s field is used in the hash calculation for LAG and ECMP.

This solution allows the delivery of customer BUM (Broadcast, Unknown unicast and Multicast) traffic in a VLAN using

LSPs formed by LDP normally follow IGP routing. The LDP speaker selects the downstream LSR for a particular prefix as

The LDP pseudowire feature provides support for emulating Ethernet connections over a Multiprotocol Label

For various peering applications, there is a need to support the assignment of a MAC address on routed interfaces.

This document presents how Arista Macro Segmentation Service (MSS) can be deployed in a brownfield environment with

If MACsec is enabled on an interface, it tries to establish MACsec Key Agreement (MKA) session(s) with its peer.

MRU (maximum receive unit) enforcement provides the ability to drop frames that exceed a configured threshold on the ingress interface.

[L2 EVPN] and  [Multicast EVPN IRB] solutions allow for the delivery of customer BUM (Broadcast, Unknown unicast

This solution allows delivery of multicast traffic in an IP VRF using multicast in the underlay network. It builds on

EOS supports reading and streaming various OpenConfig configuration and state models over gNMI (gRPC Network Management Interface), RESTCONF, and NETCONF transports. A subset of the configuration models may also be modified over these transports

This feature introduces the support for OSPF routes over GRE tunnels under default as well as non default VRFs. The

This feature provides isolation and allows segregating/dividing the link state database based on interface. 

In campus network deployments, classification of the devices connected to a switch port is required. Based on the

ITU-T G8275.1 is a PTP profile defined by ITU-T for telecommunication applications. It defines a set of functions from the IEEE 1588 to achieve phase/time synchronization with full timing support from the network (meaning, all of the network devices support PTP).

Since the introduction of PTP Monitoring feature[1], PTP is capable of recording recent metrics for offset from

This document describes the feature that allows the redistribution of VRF leaked BGP routes into OSPFv2 and OSPFv3.

This feature allows a Service Provider (SP) or an Enterprise to provide the service of interconnecting

This is an extension to BGP MPLS VPNs that allows us to use iBGP as the PE CE protocol. This feature also provides a way to

This feature adds support for the match ospf instance <instanceID> clause under the route map config.

In a Service Provider (SP) network, a Provider Edge (PE) device learns virtual private network (VPN) paths from remote PEs and uses the Route Target (RT) extended communities carried by those paths to determine which customer Virtual Routing and Forwarding (VRF) the paths should be imported into (from where they can be subsequently advertised to Customer Edge (CE) devices).

RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.