EOS 4.34.2F TOI

By default, when an SVI is configured on a VXLAN VLAN, then broadcast, unknown unicast, and unknown multicast (BUM) traffic received from the tunnel are copied to CPU. However, sending unknown unicast and unknown multicast traffic to CPU is unnecessary and could have negative side effects. Specifically, these packets take the L2Broadcast CoPP queue to the CPU. When there is a lot of unknown unicast and unknown multicast traffic, important broadcast traffic such as ARP may get dropped in the L2Broadcast CoPP queue. Further, this might also disrupt other control plane protocols such as BFD, BGP, etc.

IPv4 routes of certain prefix lengths can be optimized for enhanced route scale using this feature. This feature is ideally suited to achieve route scale when route distribution has a large number of routes concentrated across the prefix-lengths 24, 23 and 22. EOS 4.27.2F offers 8-to-1 compression of routes as an enhancement.

On MLAG devices, flood traffic over the peer link follows split-horizon rules to avoid duplicate delivery of packets on MLAG interfaces. However, when one of the MLAG devices becomes inactive, peer-link flooding can cause double delivery or Layer 2 loops. To mitigate this risk, peer-link forwarding restriction was introduced. As of 4.34.0F, support was added for peer-link forwarding restriction when MLAG is enabled but not fully formed to the primary or secondary role. In this transitional state, only MLAG VLANs carrying MLAG control (PDU) traffic are allowed over the peer link. As of 4.34.2F, peer-link forwarding restriction is enabled by default. Users may still disable the feature manually as needed.

This feature introduces per-nexthop MPLS label allocation for the IPv4-unicast default-route and the IPv6-unicast default-route. Previously, BGP-VPN VRFs only supported a per-VRF label scheme. With a per-VRF label scheme, each BGP-VPN supported AFI-SAFI (i.e. IPv4-unicast and IPv6-unicast) in the BGP-VPN VRF is allocated a single "per-VRF" label that will be shared by all the AFI-SAFI’s routes. When the routes are exported as BGP-VPN routes, all the routes will be exported with the same "per-VRF" VPN label. In the Label FIB (LFIB), each allocated "per-VRF" label is associated with an ip-lookup action inside their corresponding BGP-VPN VRF.

The PHY test pattern CLI can be used to check the quality of the physical layer for an Ethernet interface. This is done by

EOS provides support for the use of IPsec to establish and maintain IPsec tunnels. This feature adds support for redirecting traffic matching on traffic policy rules to an IPSec tunnel.

This document covers the usage of port-breakout CLI to break a port evenly into multiple interfaces. In the context of this document, a port is a logical entity that holds a list of interfaces, in most cases this is equivalent to the front panel transceiver cage.

Persistent port security is a feature which ensures that port-security MAC cache is preserved across link flap and system reload. The feature is useful when it is desired to have the same set of already allowed secure MAC addresses on a particular interface after system reload or link flaps. There are separate global configurations to enable persistent port-security for shutdown and protect mode. A command to clear the MAC entries and secure MAC cache for interfaces with port-security configured has been added.

The postcard telemetry (GreenT - GRE Encapsulated Telemetry) feature is used to gather per flow telemetry information like path and per hop latency. For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency and congestion information for flows at different times.

Even if the LEM table is exhausted and the routes are being added to LPM due to LEM overflow, the reserved amount of entries in LEM should persist.

This feature provides support for advertising VPN-IPv4 Network Layer Reachability Information (NLRI) with IPv6 next-hops over IPv6 peering sessions described as the Extended Next Hop Encoding capability in RFC8950. Extended Next Hop Encoding capability can be supported for IPv4 unicast, IPv4 Labeled Unicast, and IPv4 VPN address and sub-address families (1/1, 1/4, 1/128 respectively) per RFC. The Extended Next Hop support for IPv4 unicast is described in RFC 5549 .

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.This document serves as a reference guide for Routing protocol attributes, Operators for comparing and modifying attributes, built-in functions provided in RCF

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.This document serves as a reference guide for Bgp agent points of application:

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion. 

RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.

Network administrators require access to flow information that passes through various network elements, for the purpose of analyzing and monitoring their networks. This feature provides access to IP flow information by sampling traffic flows in ingress and/or egress directions on the interfaces on which it is configured. The samples are then used to create flow records, which are exported to the configured collectors in the IPFIX format. Egress Flow tracking is supported from EOS-4.29.0F on the DCS-7170B-64C series and supported on 7280, 7500 and 7800 series platforms from EOS-4.31.1"

VXLAN UDP-ESP support allows the customer to encrypt traffic between two VXLAN VTEPs. The frame format looks like: NOTE, Secure VXLAN is s~upported with both the sectag2 and UDP-ESP format in 4.27.1, where sectag2 is the default encapsulation format. However, the sectag2 format is deprecated and should not be used.

The sFlow VLAN forwarding feature adds support for providing the VLAN by which the packet is bridged as opposed to the VLAN that is decoded from the Ethernet frame. The VLANs are reported in the sFlow extended switch header’s input VLAN and output VLAN fields, as defined in the sFlow extended switch data.

"Micro segment" (SRv6 uSID or uSID for short) is an extension of SRv6 architecture, specifically designed to represent SRv6 SIDs in an extremely compact way. It addresses the overhead of using full 128-bit IPv6 SIDs for routing. Instead of using a 128-bit address for single SID, multiple uSIDs are packed into a single 128-bit address. Each 128-bit address comprises a block value representing the domain followed by multiple uSIDs, each of the same bit length. If there are bits left they are filled with trailing zeros. This allows for a complete SRv6 path to be represented by a 128-bit IPv6 address. Like a regular SID, each uSID is associated with a specific behavior on the SRv6 capable node. SRv6 uN refers to the End behavior with uSIDs.

Storm control enables traffic policing on floods of packets on L2 switching networks. Support was enabled for Front panel ports and Lag in eos-4-25-2f with storm-control-speed-rate-support. Now, storm control will be supported per subinterfaces( both ethernet and port-channel). Scale of subinterfaces is 4095. 

This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups.

gNOI (gRPC Network Operations Interface) defines a set of gRPC-based microservices for executing operational commands on network devices.

In the realm of network service level agreements (SLAs), a customer often commits to a certain level of service for their clients. This may necessitate limiting bandwidth at the Layer 3 sub-interface level. Currently, egress service policies can achieve bandwidth control, but ingress control lacks a similar mechanism.

MIBs are used in SNMP (Simple Network Management Protocol) to monitor and manage network devices. IS-IS MIB provides structured information to track IS-IS protocol performance, routing table status, and link-state information.

This feature allows configuring backup nexthop group entries to be used if their corresponding primary entries are unable to forward traffic due to being unresolved or with outgoing interfaces that are marked as down. By default, any configured backup entries will not be activated to forward traffic until all primary nexthop group entries are unavailable. Backup nexthop group entries are a tool used to achieve fast failover when forwarding traffic via nexthop groups.

Port isolation is a feature that segregates the ports in a VLAN broadcast domain into isolated and non-isolated ports and facilitates blocking traffic between ports marked as isolated. Isolated ports in a VLAN are the ports that cannot send/receive traffic from other isolated ports in the same VLAN. However, they should still be able to communicate with non-isolated ports

Private VLAN is a feature that segregates a regular VLAN broadcast domain while maintaining all ports in the same IP subnet. There are three types of VLAN within a private VLAN

User Defined Fields (UDFs) are access-list (ACL) filters that consist of an offset into a packet and a pattern to match at the given offset. It can be used to match non-standard fields in a packet that don’t have existing well-defined filter criteria. An example of a non-standard field is bytes at an arbitrary offset within a UDP payload.

Topology Independent Fast Reroute, or TI-LFA, uses IS-IS SR to build loop-free alternate paths along the post-convergence path. These loop-free alternates provide fast convergence.

The Traffic Generator is an EOS feature that allows network traffic generation on Arista switches. It provides a simple and effective way to create high-speed traffic for testing and validation purposes. It can send a continuous stream of custom-defined packets at full speed to one or more destination interfaces

Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. The number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.

This TOI supplements the Ingress Traffic Policy applied on ingress interfaces. Please refer to that document for a description of Traffic Policies and field-sets. This TOI explains the Traffic Policies as applied in the egress direction on interfaces.

This feature allows the export of IP FIB (Forwarding Information Base) through the OpenConfig AFT YANG models.

SwitchApp is an FPGA-based feature available on Arista’s 7130LB-Series and 7132LB-Series platforms. It performs ultra low latency Ethernet packet switching. Its packet switching feature set, port count, and port to port latency are a function of the selected SwitchApp profile. Detailed latency measurements are available in the user guide on the Arista Support site.

Leaf Smart System Upgrade (SSU) provides the ability to upgrade the EOS image with minimal traffic disruption.

The Unified Forwarding Table (UFT) is a group of memories that is shared between Layer2 and Layer3 lookup tables with capabilities for variable partitions. Rather than separate Layer2 and Layer3 lookup tables of fixed size, the UFT may be partitioned to support user-requested combinations of Layer2 and Layer3 lookup tables of varying sizes. The new UFT partitioning CLI has capabilities to reconfigure individual forwarding table scales (Layer2, Layer3 Unicast, Layer3 Multicast) according to the user’s input. The CLI provides an interface for granular control of the underlying UFT resources.

Arista currently posts separate EOS images for different CPU architectures: i686 (EOS.swi), x86_64 (EOS64.swi), and aarch64-based (EOSarm.swi, starting with EOS-4.35.0F). The universal SWI (EOSuni.swi) is a single file containing support for all CPU architectures, meant to simplify image management and provisioning. The universal SWI will be posted in addition to the existing architecture-specific SWIs and is not meant to fully replace them.

Arista’s DCS-7130LBR series of switches are capable of supporting SwitchApp, which is an FPGA-based L2/L3 switch. However, as the switch would then contain two switch ASICs (one traditional switch ASIC, and one FPGA-based switch) physically upon loading the SwitchApp application, there are certain limitations and nuances along with its usage. This document intends to explain some of the details.

VRF redirection often requires matching packets’ source addresses against one or more sets of IP prefixes.  This can become difficult to manage when the prefix sets need to be consistently maintained on several devices and either change too frequently or are very large.  When the prefixes for the prefix sets are learned by BGP, this feature provides an alternative to maintaining unwieldy sets of statically configured IP prefixes.

The VXLAN VTEP and VNI counters feature allows the device to count VXLAN packets received and sent by the device on a per VTEP and per VNI basis. Specifically, it enables the device to count bytes and packets that are encapsulated and decapsulated as they are passing through.

WAN Routing system network comprises multiple routers interconnected using Dynamic Path Selection (DPS) tunnels. Prior to EOS-4.34.2F, the High Availability solution used a static hash to assign flow ownership to an HA peer. This peer was then responsible for Deep Packet Inspection (DPI) and subsequent Advanced Virtualization Technology (AVT) selection based on the DPI results.

WRED ( Weighted Random Early Detection ) is one of the congestion management techniques. It works at queue level to drop packets randomly after crossing the given queue threshold even before the queue is full. Without WRED, all newly arriving packets get tail dropped once the queue is full, which creates TCP global synchronization issues. WRED helps to avoid TCP global synchronization.

Support for matching of DSCP,ECN,VLAN is available under the QOS class-map configuration on Arista switches.