EOS 4.35.2F TOI

802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network. We support dot1x protocol standard 802.1X-2004 (version=2)

This feature adds the support for a standby server to the existing syslog logging mechanism for UDP syslog servers. The user can specify a logging group and specify remote syslog servers. The first host configured will be the “active” server, which means syslogs will be forwarded to that host whenever it is reachable via ICMP. The second host will be the “standby” server, which will receive syslogs if the active server goes down. This provides more robustness for setups with multiple potential syslog servers.

Adjacency sharing is a feature which deduplicates FEC to avoid installing identical FECs in hardware. Often this applies to Equal Cost Multi Path (ECMP) FECs, which are generally a much more scarce resource. Hierarchical FECs are not supported with adjacency sharing.

Data center switches and servers have traditionally been managed by separate teams using different tools creating complexity in setting up and maintaining the end to end network in the datacenter. In an AI network, the nature of the workload amplifies the effect of a single server’s network failure or network misconfiguration impacting the work of large numbers of machines in the network. This is costly both in lost productivity and in the high level of support required to fix network errors that can occur in the compute and network domains.

This feature introduces support for sending long command arguments in TACACS+ accounting messages.

Arista VESPA or Arista Virtual Ethernet Segment with Proxy ARP and associated features offer a campus solution for wireless deployment. Please note that all references to the keyword VESPA in this document refer to Arista VESPA.

BGP Monitoring Protocol (BMP) allows a monitoring station to collect information about a router’s BGP sessions, such as BGP announcements received from peers (Adj-RIB-In),  monitoring the Loc-Rib (as defined by RFC9096), and BGP announcements advertised from the router (Adj-RIB-Out). The announcements are sent to the station in the form of BMP Route Monitoring messages generated from the router’s BGP internal tables.

This feature introduces support for BGP wildcard-AS route targets specifically for route import into VRFs.

Arista’s CCS-710XP series of ethernet switches consist of CCS-710XP-12TH-2S SKU. CCS-710XP-12TH-2S is a 12 port 1000BASE-T PoE & 2-port SFP+ fanless switch device rich with networking features suited for campus deployments.

This document describes the supported IPFIX functionality on platforms that make use of the SFE forwarding agent.

Cluster Load Balancing is a feature designed to ensure optimal load balancing of flows used as part of GPU based cluster communication. When this feature is enabled, a TOR router monitors RoCE traffic flowing between the GPU servers and spine uplinks and ensures optimal load balancing in the network.

A policy-map defines a set of rules that prioritize network traffic, ensuring critical data isn't delayed by less important packets. Each policy-map aggregates multiple class-maps, which are associated with specific match criteria such as VLAN, DSCP, or IP ACLs. Actions — including DSCP marking, traffic-class assignment, and policing — can be applied to each policy-map and class-map pair. This allows specific QoS actions to be executed on every incoming packet based on defined parameters.

The feature adds support for dynamic prefix-list to match on all protocol routes, and not just BGP. Dynamic prefix-list policy construct is similar to the traditional IP and IPv6 prefix-list, except that they have an additional state associated. This state associated with the dynamic prefix-lists, is determined on the basis of the route entries in FIB, and hence as and when the FIB changes, the state also changes dynamically. 

By default EOS does not perform Overlay ECMP for hosts connecting to a Multihoming Ethernet segment in an Asymmetric-IRB setup. Instead it picks one of the paths statically for sending the traffic. This feature enables ECMP for the multihomed hosts connected in an EVPN VXLAN all active multihoming Asymmetric-IRB setup.

This feature supports counting ECN-marked packets (ECN = Explicit Congestion Notification) on a per egress port per tx-queue basis. The feature can be used to gather these packet counts via CLI or SNMP.

Explicit Congestion Notification (ECN) is an extension to the Internet Protocol and to the Transmission Control Protocol which allows end-to-end notification of network congestion without dropping packets. ECN is an optional feature that is only used when both endpoints support it and are willing to use it. ECN operates over an active queue management algorithm.

Multiple dynamic counter features may be enabled simultaneously, primarily configured using the ‘[no] hardware counter feature [feature]’ CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.

RFC 5837 describes extensions to the Internet Control Message Protocol (ICMP) that enable network devices to identify incoming and outgoing interfaces and next-hop addresses via extensions to specific ICMP error messages. These extensions are particularly useful for network diagnostics and troubleshooting applications.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge.

This feature stores events describing changes to IS-IS IP routes into a SQL. These events are intended to be used to debug convergence issues and understand the impact changes elsewhere in the network have on an EOS device. When an IS-IS IP route changes due to an IS-IS SPF calculation and this feature is enabled, the feature tracks the time the route change is reflected at various "layers" of the route processing pipeline.

This feature is available when configuring Layer2 EVPN or EVPN IRB.As described in RFC7432 section 15 [1], “MAC Mobility” or “MAC move” occurs when a Customer Edge (CE) moves from one Ethernet segment to another, resulting in two EVPN MAC/IP (Type 2) routes being advertised -- one route with the previous Ethernet segment ID (ESI) and the other with the new Ethernet segment ID. MAC mobility also happens when a CE moves from a single-homed provider edge (PE) to a different PE.

Fair Adaptive Dynamic thresholds (FADT) provides efficient allocation of shared packet buffer resources amongst various virtual output queues. FADT is useful when queues are getting congested and buffer resources should be allocated in a way tdat prioritizes certain queues while avoiding starvation of lower priority queues. the scheme works on each incoming packet by calculating instantaneous queue threshold based on available free resources. Queue buffer threshold is calculated as:

This document describes the Fec Dampening feature. When hardware FEC / ECMP resources usage go above the platform limit, Ale (HW Abstraction layer ) deletes some routes in the anticipation of freeing up some more hardware FEC resources to allow newly created FEC to get programmed. The above logic of deleting/unprogramming the route may lead to unnecessary traffic drop in the following cases of transient FEC resources overflow.

Systems with support for Arista secure boot protect against tampering of the BIOS firmware & Aboot by write-protecting the BIOS SPI flash before EOS is loaded (refer to the “Security model” section in the secure boot TOI for details). While effective at protecting against unauthorized changes made from EOS, such a mechanism has limitations. For example, it is ineffective at protecting against physical reprogramming of the contents of the BIOS SPI flash, tampering through privileged serial console access, undiscovered security vulnerabilities in BIOS upgrade mechanism, etc.

Flow control is a data transmission option that temporarily stops a device from sending data because of a peer data overflow condition. If a device sends data faster than the receiver can accept it, the receiver's buffer can overflow. The receiving device then sends a PAUSE frame, instructing the sending device to halt transmission for a specified period.

This feature introduces hardware forwarding support for IPv4-over-IPv4 GRE tunnel interfaces on selected Arista Switches. The GRE tunnel interface acts as a logical interface which performs the GRE encapsulation or decapsulation.

gRIBI (gRPC Routing Information Base Interface) defines an interface through which OpenConfig AFT (Abstract Forwarding Table) entries can be injected from an external client to a network element.

IFA Latency Analyzer feature measures round trip time(RTT) and per-hop latency( residence time) between source and destination switches by sending IFA(Inband Flow Analyzer) probes. On Switch A, in this version of script, packet is first redirected to an internal loopback interface and latency is measured as time duration between the time the packet ingresses internal loopback port to time it egresses out of the interface connected Switch B in the chip pipeline.

This feature optimizes the utilization of hardware resources by sharing the hardware resources between different VLAN interfaces when they have the same ACL attached in the ingress direction. This is particularly useful for larger deployments where the ACL is applied to multiple VLANs and with the RACL sharing capability, lesser hardware resources are used irrespective of the number of VLANs.

With this feature, IPv4 or IPv6 packets matching a static nexthop-group route can be encapsulated within an IP-in-IP tunnel and forwarded

This feature addresses a restriction on the combination of IKE and IPSec algorithms that can be used in a security configuration. The National Information Assurance Partnership (NIAP) Common Criteria certification requires that:

IPv4 routes of certain prefix lengths can be optimized for enhanced route scale. This document describes the enhancements done to IPv4 route scale in subsequent EOS releases.

MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.

EOS supports Multicast Source Discovery Protocol (MSDP) peering over TCP. Previously, MSDP sessions in EOS did not provide a built-in TCP-level authentication mechanism, leaving the MSDP TCP connection susceptible to spoofed or injected TCP segments (e.g., forged FIN/ACK/RSTs).

The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface. Clamping MSS value helps in avoiding IP fragmentation in tunnel scenarios by ensuring that MSS is small enough to accommodate the extra overhead of GRE and tunnel outer IP headers. One of the most common use cases for this feature is connectivity towards Cloud providers via GRE which require asymmetric routing (for example DDoS protection).

[L2 EVPN] and  [Multicast EVPN IRB] solutions allow for the delivery of customer BUM (Broadcast, Unknown unicast and Multicast) traffic in a L2VPN and L3VPNs respectively using multicast in the underlay network.

Measured boot is a tamper-detection mechanism that records a system's boot process. It calculates cryptographic hashes of system components and configurations, which are then securely stored in the Platform Configuration Registers (PCRs) of a Trusted Platform Module (TPM) chip.

An introduction to Nexthop-groups can be seen in the Nexthop-Group section of EOS. With this feature, IP packets matching a static Nexthop-Group route can be encapsulated with a GRE tunnel and forwarded.

Support for matching of DSCP,ECN,VLAN is available under the QOS class-map configuration on Arista switches.

Customers currently leverage the event-handler for automated remediation such as auto-drain of nodes during specific triggers (blackholing scenarios, hardware failures). However, there are scenarios where the automation becomes counterproductive or risky during active incidents or anomalies.

Packet trimming is a novel method for end-to-end congestion notification. When a packet is dropped in the MMU due to congestion, the dropped packet is trimmed and forwarded to the intended receiver with a new configured DSCP value. Upon receiving a trimmed packet, the receiver can perform appropriate handling to reduce transmission rate or retransmit any lost packets. The feature supports matching criteria via ingress traffic policy for selecting which packets should be trimmed when they get dropped in the MMU. Similarly, the rewritten DSCP is specified on a per egress port basis for trimmed packets egressing out of the switch to the intended destination. This per egress port DSCP overrides the global rewrite DSCP if configured. This feature is supported for protocols IPv4, IPv6 and SRv6.

Per VLAN MAC Learning is a feature to enable/disable mac learning per-vlan instead of per-port. Using this feature with VxLAN could provide a poor-man version of Point-to-Point VxLAN Pseudowire services.

The Per-MAC ACL feature provides the functionality to apply an IPv4/IPv6 ACL to a 802.1x supplicant instead of applying them on the port that the supplicant is behind. This allows for more flexible and specific traffic policies to be defined for supplicants trying to access certain resources on the network.

Policy-based routing (PBR) is a feature that is applied on routable ports, to preferentially route packets. Forwarding is based on a policy that is enforced at the ingress of the applied interface and overrides normal routing decisions. In addition to matches on regular ACLs, PBR policy-maps can also include “raw match” statements that look like a single entry of an ACL as a convenience for users.

This article provides a general introduction to Precision Time Protocol (PTP) supported within EOS. PTP is aimed at distributing time with sub-microsecond accuracy. PTP support is based on the IEEE-1588 specification for version 2 of the protocol. 

Priority Flow Control is a link-layer flow control mechanism which may be used by an overwhelmed network node to ask its transmitters to stop transmission for a specified period of time. It does so by using special frames known as PFC frames, thus, relieving congestion at the receiver node. With respect to this behavior, PFC is very similar to Link Layer Flow Control ( LLFC ), however, unlike LLFC, PFC allows the overwhelmed node to specify which 802.1Q Class of Service ( CoS ) it wants to stop receiving traffic for. Thus, allowing differentiated treatment of traffic based on CoS.

RADIUS proxy feature enables proxying RADIUS requests from a RADIUS client and forwarding it to a remote RADIUS server. Similarly, RADIUS proxy receives the reply from the remote RADIUS server and forwards it to the client.

This feature adds support for “Randomized Load Balancing (RLB) on ECMP groups”. RLB enables per-packet load balancing, randomly distributing each incoming packet among the members of an ECMP group.

RIB Route Control is a collection of mechanisms for controlling how IP routing table entries get used. Next hop resolution policy adds support for preventing recursive resolution of next hops based on route map evaluation of resolving routes.