- Written by Tarun Jaswanth LNU
- Posted on 8月 24, 2020
- Updated on 10月 17, 2024
- 26294 Views
802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.
- Written by Ajay Kini
- Posted on 6月 21, 2020
- Updated on 2月 15, 2024
- 8797 Views
Accumulated IGP Metric (AIGP) is an optional non-transitive BGP attribute used to carry an IGP metric with BGP route advertisements. The AIGP attribute is useful for tie-breaking in BGP bestpath selection so that routing decisions can be made on the basis of shortest path/lowest IGP cost path amongst multiple BGP paths. This is particularly applicable in scenarios where a single administration is subdivided into multiple Autonomous Systems (AS) each with similar routing policies and the same IGP in use such that the IGP metric for a route can be propagated usefully between the ASes so as to let receiving BGP speakers make routing decisions based on the cumulative IGP cost of the route. This set of ASes in a common administrative domain in the context of advertising and receiving the AIGP attribute are referred to as an AIGP administrative domain.
- Written by Ian McCloghrie
- Posted on 1月 30, 2024
- Updated on 1月 30, 2024
- 3664 Views
The multicast boundary specifies subnets where the source traffic entering an interface is filtered to prevent the creation of mroute states on the interface. The multicast boundary can be specified through one standard ACL. However, when providing multicast services via a range of groups per service, an interface could potentially join arbitrary groups and, hence, need arbitrary combinations of ACL rules.
- Written by Dileep Ramesh
- Posted on 2月 6, 2024
- Updated on 2月 6, 2024
- 2923 Views
Support for offloading BFD sessions to hardware. This helps in achieving a high scale of BFD sessions (up to 16000) with aggressive intervals. Highlights of the feature include:
- Written by Jason Shamberger
- Posted on 3月 11, 2020
- Updated on 11月 14, 2024
- 16212 Views
EOS 4.21.3F introduces support for BGP Flowspec, as defined in RFC5575 and RFC7674. The typical use case is to filter or redirect DDoS traffic on edge routers.
- Written by Nandan Saha
- Posted on 8月 24, 2020
- Updated on 5月 22, 2024
- 11492 Views
The BGP-LS extension allows IGPs (OSPF/IS-IS) link state database information to be injected into BGP. This is typically used in deployments where some external component, (like a controller or Path Computation Engine) can do centralized path computations by learning the entire IGP topology through BGP-LS. The controller can then communicate the computed paths based on the BGP-LS updates to the head end device in the network. The mechanism used by the controller to communicate the computed TE paths is outside the scope of this document. Using BGP-LS instead of an IGP peering with the controller to distribute IGP link state information has the following advantages.
- Written by Jason Shamberger
- Posted on 4月 20, 2020
- Updated on 2月 19, 2024
- 10920 Views
RPKI provides a mechanism to validate the originating AS of an advertised prefix.
- Written by Bhavin Patel
- Posted on 3月 24, 2020
- Updated on 2月 15, 2024
- 10067 Views
This feature allows failover to the backup path to occur in constant time per interface going down for features such as RSVP link protection, RSVP node protection, TI-LFA link protection, and BGP PIC. Without this feature enabled, it would take time proportional to the number of paths going over the interface experiencing the link down event to failover to the backup path. With this feature enabled, the failover time would be constant regardless of the number of paths.
- Written by Vivek Subbarao
- Posted on 1月 3, 2023
- Updated on 2月 6, 2024
- 5367 Views
Network Address Translation (NAT) is a feature used to obfuscate private internal addresses to the external world. The feature makes sure that private internal addresses are translated into a publicly visible address which is used by all external hosts and it also does the reverse translation of the public address to the private internal address.
- Written by Vikas Hegde
- Posted on 11月 22, 2017
- Updated on 11月 15, 2024
- 17343 Views
Connectivity Monitor is an EOS feature that allows users to monitor their network resources from their Arista switches. The resources being monitored may or may not be Arista devices. Connectivity monitoring is unidirectional in nature.
- Written by Kaustubh Pimparkar
- Posted on 1月 24, 2024
- Updated on 1月 30, 2024
- 3212 Views
When multiple IPv6 addresses are assigned to an interface, the source address selection is based on the rules in RFC6724. However, when the matching criteria is the same for all addresses, the selection address depends on the Kernel, which is likely to be the address that is added last. This feature allows addresses to be configured as least preferred so that source addresses can be selected in a more deterministic manner.
- Written by Devon McAvoy
- Posted on 10月 4, 2019
- Updated on 7月 31, 2024
- 10799 Views
DirectFlow runs alongside the existing layer 2/3 forwarding plane, enabling a network architecture that incorporates new capabilities, such as TAP aggregation and custom traffic engineering, alongside traditional forwarding models. DirectFlow allows users to define flows that consist of match conditions and actions to perform that are a superset of the OpenFlow 1.0 specification. DirectFlow does not require a controller or any third party integration as flows can be installed via the CLI.
- Written by Nitin Karkhanis
- Posted on 1月 31, 2024
- Updated on 1月 31, 2024
- 3059 Views
DirectFlow allows you to define flows consisting of conditions to match, and actions to perform. This enhancement adds to the packet match conditions by allowing for matching on a subset of http methods.
- Written by Sourabh Bollapragada
- Posted on 12月 22, 2020
- Updated on 1月 29, 2024
- 8424 Views
This feature supports counting ECN-marked packets (ECN = Explicit Congestion Notification) on a per egress port per tx-queue basis. The feature can be used to gather these packet counts via CLI or SNMP. There are two cases when an ECN-marked (congestion) packet is counted on the egress port/queue:
- Written by Tanuj Kumar Jhamb
- Posted on 2月 7, 2024
- Updated on 2月 7, 2024
- 2985 Views
sFlow is a sampling technique which monitors incoming traffic on all interfaces without affecting network performance. Egress sFlow is a feature which samples the packets in the egress pipeline for analytical purposes. Currently egress sFlow is only software based on Arista switches.
- Written by Jacob Sword
- Posted on 2月 16, 2022
- Updated on 3月 7, 2024
- 9617 Views
Multiple dynamic counter features may be enabled simultaneously, primarily configured using the [no] hardware counter feature [feature] CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.
- Written by Eric He
- Posted on 2月 7, 2024
- Updated on 2月 7, 2024
- 3080 Views
This feature extends the capabilities of event monitor to include NAT logging. The tracked events are NAT translations creations, NAT translations updates, NAT translations deletions and NAT translations deletion reasons (aging deletion, aging deletion(hw not programmed), peer deletion)
- Written by Aaron Bamberger
- Posted on 4月 23, 2020
- Updated on 11月 7, 2024
- 10181 Views
E-Tree is an L2 EVPN service (defined in RFC8317) in which each attachment circuit (AC) is assigned the role of Root or Leaf. Once roles are assigned, the following forwarding rules are enforced:
- Written by Ayush
- Posted on 1月 31, 2024
- Updated on 1月 31, 2024
- 3800 Views
In network deployments, where border leaf or Superspine act as PEG and it is in the transit path to other multicast VTEPs, the multicast stream will not pass since the border leaf will decapsulate the packet even if it doesn't have a receiver. This transit node is called the Bud Node. The device should be able to send decapsulated packets to any local receivers as well as send the encapsulated packets to other VTEPs.
- Written by Mason Alexander Flowers
- Posted on 1月 30, 2024
- Updated on 7月 2, 2024
- 3159 Views
This feature introduces the show bgp evpn mac [ vni VNI ] and the show bgp evpn arp [ vni VNI ] command. These commands display post imported EVPN type 2 routes. Both of these commands will only display paths that have been imported into a MAC-VRF. show bgp evpn mac displays post imported EVPN type 2 paths that do not have IP information and only have MAC information, while show bgp evpn arp only displays post imported EVPN type 2 routes that do have IP information.
- Written by Chris Hydon
- Posted on 6月 17, 2019
- Updated on 1月 25, 2024
- 22433 Views
Ethernet VPN (EVPN) networks normally require some measure of redundancy to reduce or eliminate the impact of outages and maintenance. RFC7432 describes four types of route to be exchanged through EVPN, with a built-in multihoming mechanism for redundancy. Prior to EOS 4.22.0F, MLAG was available as a redundancy option for EVPN with VXLAN, but not multihoming. EVPN multihoming is a multi-vendor standards-based redundancy solution that does not require a dedicated peer link and allows for more flexible configurations than MLAG, supporting peering on a per interface level rather than a per device level. It also supports a mass withdrawal mechanism to minimize traffic loss when a link goes down.
- Written by Raja Singh
- Posted on 1月 31, 2024
- Updated on 2月 23, 2024
- 3196 Views
This feature enables ARPs learnt on an Port-channel and Ethernet interface to be converted into Host routes which can further be redistributed into BGP protocol to take part in the route selection decision process and to get advertised to the peers. These Host routes are not installed into the hardware and are only being generated for advertisement purposes. This feature works for both static and dynamic ARPs.
- Written by Sujit Kumar Sah
- Posted on 2月 6, 2024
- Updated on 2月 6, 2024
- 3252 Views
This document describes the FEC Dampening feature. When hardware FEC / ECMP resources usage go above the platform limit, Ale (HW Abstraction layer) deletes some routes in the anticipation of freeing up some more hardware FEC resources to allow newly created FEC to get programmed.
- Written by Rahul Vasist
- Posted on 4月 20, 2020
- Updated on 1月 29, 2024
- 9440 Views
EOS-4.24.0 adds support for hardware-accelerated sFlow on R3 systems. Without hardware acceleration, all sFlow processing is done in software, which means performance is heavily dependent on the capabilities of the host CPU. Aggressive sampling rates also decrease the amount of processing time available for other EOS applications.
- Written by Binglai Niu
- Posted on 4月 24, 2020
- Updated on 7月 9, 2024
- 8134 Views
On network devices, when a route is programmed, a certain portion of hardware resources is allocated and associated
- Written by Jyothish Kunkumath
- Posted on 1月 6, 2022
- Updated on 12月 2, 2024
- 11444 Views
IPSec tunnel mode support allows the customer to encrypt traffic transiting between two tunnel endpoints.
- Written by Navneet Sinha
- Posted on 6月 29, 2016
- Updated on 11月 18, 2024
- 14206 Views
Segment Routing provides mechanism to define end-to-end paths within a topology by encoding paths as sequences of sub-paths or instructions. These sub-paths or instructions are referred to as “segments”. IS-IS Segment Routing (henceforth referred to as IS-IS SR) provides means to advertise such segments through IS-IS protocol.
- Written by Gary Wassermann
- Posted on 1月 30, 2024
- Updated on 1月 31, 2024
- 3445 Views
IPv4 and IPv6 multicast routing, private VLANs, and egress VLAN translation are supported on EOS, but on prior releases and on certain platforms they did not work correctly when used in combination. In those cases, routed multicast packets that egress on an interface with VLAN translation or on a private VLAN would not egress on the correct VLAN. The configured VLAN translation or private VLAN would not be applied.
- Written by Nathan Kitchen
- Posted on 4月 24, 2020
- Updated on 2月 15, 2024
- 3150 Views
The command "show gnmi get PATH" provides a convenient way to send a Get request to a gNMI server running on the device and display the resulting values. This can be helpful during exploration or debugging when setting up gNMI monitoring.
- Written by David Mirabito
- Posted on 12月 30, 2021
- Updated on 11月 19, 2024
- 15524 Views
MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.
- Written by Abdul Haseeb Jehangir
- Posted on 3月 12, 2020
- Updated on 11月 20, 2024
- 11424 Views
Mirror on drop is a network visibility feature which allows monitoring of MPLS or IP flow drops occurring in the ingress pipeline. When such a drop is detected, it is sent to the control plane where it is processed and then sent to configured collectors. Additionally, CLI show commands provide general and detailed statistics and status.
- Written by Adrian Fettes
- Posted on 2月 6, 2024
- Updated on 2月 9, 2024
- 2975 Views
This feature allows packets from MPLS and non MPLS flows with the same source and destination IP addresses to be hashed to the same output lag member in tap aggregation mode.
- Written by Wade Carpenter
- Posted on 8月 16, 2018
- Updated on 5月 22, 2024
- 8022 Views
IP traceroute and path MTU (PMTU) discovery both require that routers send ICMP reply messages to the host that invokes each network function. When the route to the destination host traverses an MPLS label-switched path (LSP), the label switching routers (LSRs) will also need to send ICMP reply messages to the originating host.
- Written by Ben May
- Posted on 2月 1, 2024
- Updated on 2月 1, 2024
- 3219 Views
This can be done with multiple groups today, as long as we have enough unique group entries in hardware. In the absence of this configuration ( default behavior ), bridged traffic will be assigned to the default VRF and policies of default VRF will be applied to bridged traffic. With this feature, bridged traffic is never subject to MSS-G configuration.
- Written by Diego Asturias
- Posted on 1月 30, 2024
- Updated on 11月 13, 2024
- 3900 Views
MultiAccess is an FPGA-based feature available on certain Arista 7130 platforms. It performs low-latency Ethernet multiplexing with optional packet contention queuing, storm control, VLAN tunneling, and packet access control. The interface to interface latency is a function of the selected MultiAccess profile, front panel interfaces, MultiAccess interfaces, configuration settings, and platform being used.
- Written by Sunil Bojanapally
- Posted on 1月 31, 2024
- Updated on 1月 31, 2024
- 3330 Views
EOS secures the communication between EOS router instances using IPsec by employing control plane protocol Internet Key Exchange(IKEv1/IKEv2) and data plane protocol ESP(IPsec SA). IKE and IPsec Security Association(SA) use policies to ensure secure communication.
- Written by Niranjan Mahabaleshwar
- Posted on 2月 12, 2024
- Updated on 2月 12, 2024
- 3020 Views
EOS allows the generation of the following SSH keys, which can be used as host keys with default names.
- Written by Sahul Sirpa
- Posted on 1月 31, 2024
- Updated on 1月 31, 2024
- 3229 Views
Support for egress IPv6 PACLs without using packet recirculation. The matching of ACLs can be done on routed packets, and the ACL can be applied to Front Panel Ports ( FPPs ), and also the match criteria in ACL rules are restricted to ipv6-next-header, and dscp ( traffic-class ).
- Written by Ishwar Biliya
- Posted on 2月 15, 2024
- Updated on 2月 15, 2024
- 2992 Views
Currently, in EOS Macsec, padding of partial keys internally prepends both the CAK and CKN hex strings with 0s to satisfy the requirement of Key Derivation Function.This feature allows users to configure the zero padding to either prepend or append the pre-shared CAK/CKN configured in mac security profile. In general, full length CAK/CKN are recommended to be configured. However, this CLI knob can be used in case of configuration of partial CAK/CKN results into issues with derived keys between the peers. Note that the CKN advertised in MACsec control frames will still be without any padding, even when partial CKN is configured.
- Written by Shubham Jangid
- Posted on 11月 9, 2021
- Updated on 10月 8, 2024
- 7048 Views
Policing is typically done on the L2 packet size - that is, the size on the wire, excluding the Preamble, Start Frame Delimiter (SFD), and Interpacket Gap (IPG). To ensure that the policer polices the right amount of L2 packet size, a default packet size adjustment is configured, which is deducted from the size seen on wire. The default packet size adjustment corrects the size observed for every traffic type, except for L3 traffic on DCS-7280R, DCS-7280R2, DCS-7500R, and DCS-7500R2 series (see Description part for details).
- Written by Kaustubh Pimparkar
- Posted on 1月 24, 2024
- Updated on 1月 24, 2024
- 3394 Views
One of the primary functions of a switch is to forward packets to the correct next hop. This necessitates knowing the unique MAC addresses of all connected hosts and switches to a network interface. In dynamic environments like campus networks, the hosts often come and go, which means the number of connected hosts that the switch knows about expands continuously. Therefore, it becomes necessary to have a mechanism for the switch to eventually discard information about MAC addresses that are no longer active in the network.
- Written by Neeraj Joseph
- Posted on 4月 23, 2018
- Updated on 10月 17, 2024
- 8208 Views
The PHY test pattern CLI can be used to check the quality of the physical layer for an Ethernet interface. This is done by
- Written by Gokul Unnikrishnan
- Posted on 3月 1, 2024
- Updated on 3月 1, 2024
- 2974 Views
The purpose of this feature is to mitigate multicast traffic loss when a switch that is using PIM sparse mode as its multicast routing protocol is going under maintenance.
- Written by Ethan Vadai
- Posted on 3月 6, 2020
- Updated on 3月 14, 2024
- 17204 Views
Policy-based routing (PBR) is a feature that is applied on routable ports, to preferentially route packets. Forwarding is based on a policy that is enforced at the ingress of the applied interface and overrides normal routing decisions. In addition to matches on regular ACLs, PBR policy-maps can also include “raw match” statements that look like a single entry of an ACL as a convenience for users.
- Written by Tanuj Kumar Jhamb
- Posted on 2月 6, 2024
- Updated on 2月 7, 2024
- 3117 Views
WRED ( Weighted Random Early Detection ) is one of the congestion management techniques. It works at queue level to drop ECN capable and non ECN capable traffic randomly after reaching the given queue threshold even before the queue is full.
- Written by Sylvia Zheng
- Posted on 12月 5, 2023
- Updated on 2月 26, 2024
- 3498 Views
Pseudo load sharing is a load sharing scheme for two power supply units (PSU) that do not have integrated load sharing. With pseudo load sharing, the system power is divided into two power domains, each with one PSU that is connected to a port group consisting of half of the system's Power over Ethernet (PoE) ports. When both PSUs are active, the power domains are independent and each PSU can only provide power to ports within the same power domain. Each port group can consume up to the maximum available power of the PSU in the same power domain. When only one PSU is active, the power switch between the two power domains can route power from the active PSU to all ports on the system.
- Written by Sourabh Bollapragada
- Posted on 1月 3, 2023
- Updated on 2月 7, 2024
- 6678 Views
PTP 1-step Boundary Clock (or 1-step BC) is similar to 2-step BC in function but doesn’t send the PTP Follow_Up message. The timestamp present in the PTP Follow_Up message’s preciseOriginTimestamp field is sent in the PTP Sync message’s originTimestamp field along with a non-zero correctionField. This allows us to support more PTP master ports because the control plane does not need to generate PTP Follow_Up messages anymore. PTP 1-step BC supports all the existing features supported by 2-step BC like G8275.1 profile, G8275.2 profile, etc unless otherwise specified in the limitations.
- Written by Kieran Weaver
- Posted on 3月 3, 2023
- Updated on 2月 2, 2024
- 6454 Views
Media Access Control Security (MACsec) is an industry-standard encryption mechanism that protects all traffic flowing on the Ethernet links. MACsec is based on IEEE 802.1X and IEEE 802.1AE standards.
- Written by Mohd Arbab Khan
- Posted on 2月 7, 2024
- Updated on 2月 7, 2024
- 2565 Views
WRED/ECN are congestion management techniques, which work at queue level to drop/mark packets randomly after queue size exceeding the configured queue threshold. The queue size is determined using Exponentially weighted moving average (EWMA) technique with queue weight, previous queue size, current queue size as variables.
- Written by David Cronin
- Posted on 3月 3, 2022
- Updated on 11月 6, 2024
- 19718 Views
Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.