- Written by Will Li
- Posted on 11月 5, 2024
- Updated on 11月 5, 2024
- 350 Views
Rate limiting of mirrored traffic provides support to control the rate of mirrored traffic that can egress the switch. This feature can be applied to both regular port mirroring and encapsulated mirroring (e.g., mirroring to GRE tunnel), depending on the platform.
- Written by Asang Dani
- Posted on 4月 17, 2024
- Updated on 9月 30, 2024
- 2660 Views
The goal of route prioritization is to improve overall network behavior by ensuring that routes classified as having a higher priority are processed and installed in a timely fashion. Activity for lower priority routes must not significantly delay high priority route processing. For example, when a network event affects a large number of BGP routes causing them to be reprogrammed, the programming of an important IGP route that provides underlay connectivity and is affected by a subsequent event should not have to be queued behind the BGP routes. Prioritizing the IGP route programming will improve network convergence. It may also eliminate duplicate work for other routes depending on it.
- Written by David Cronin
- Posted on 3月 3, 2022
- Updated on 12月 2, 2024
- 12224 Views
Routing Control Functions (RCF) is a language that can express route filtering and attribute modification logic in a powerful and programmatic fashion.The document covers: Configurations of a RCF function for BGP points of application
- Written by Sergiu Stambolian
- Posted on 3月 31, 2017
- Updated on 6月 5, 2024
- 7361 Views
Sampled Mirroring is an extension of the Mirroring feature and sampling is a property of the individual mirroring session: when the session's sample rate N is specified, a packet eligible for mirroring will have a 1/N chance of being mirrored, that is, 1 packet is mirrored for every N packets.
- Written by Haotian Zhang
- Posted on 6月 4, 2020
- Updated on 5月 31, 2024
- 8790 Views
This article describes the support for Filtered Mirroring using security ACL. The user can selectively mirror packets based on the statement in the configured IPv4, IPv6 or MAC ACL.
- Written by Athish Rao
- Posted on 3月 5, 2021
- Updated on 5月 30, 2024
- 11841 Views
Segment Routing Traffic Engineering Policy (SR-TE) aka SR Policy makes use of Segment Routing (SR) to allow a headend to steer traffic along any path without maintaining per flow state in every node. A headend steers traffic into an SR Policy.
- Written by Gokul Unnikrishnan
- Posted on 6月 27, 2024
- Updated on 6月 27, 2024
- 1665 Views
The sFlow VPLS extension adds support for providing VPLS-related information to sFlow packet samples, for VPLS forwarded traffic. Specifically, for customer traffic ingressing on a CE-facing PE interface in a VPLS deployment that uses statically configured LDP pseudowires, information such as the name of the VPLS instance and the ID of the pseudowire that the packet will egress over will be included in the sFlow datagram.
- Written by Gokul Unnikrishnan
- Posted on 5月 7, 2024
- Updated on 5月 7, 2024
- 2023 Views
The sFlow VPLS extension adds support for providing VPLS-related information to sFlow packet samples, for VPLS forwarded traffic. Specifically, for customer traffic ingressing on a CE-facing PE interface in a VPLS deployment that uses statically configured LDP pseudowires, information such as the name of the VPLS instance and the ID of the pseudowire that the packet will egress over will be included in the sFlow datagram.
- Written by Thejesh Panchappa
- Posted on 5月 1, 2015
- Updated on 5月 13, 2024
- 8104 Views
This is an infrastructure that provides management of SSL certificates, keys and profiles. SSL/TLS is an application-layer protocol that provides secure transport between client and server through a combination of authentication, encryption and data integrity. SSL/TLS uses certificates and private-public key pairs to provide this security.
- Written by Fathima Thasneem
- Posted on 8月 23, 2022
- Updated on 5月 30, 2024
- 6511 Views
Interface reflectors are useful to make sure a service provided to customers is working as expected and it's within SLA constraints. Now, we are extending the support to configure subinterfaces as ethernet reflector. The Subinterface Interface Reflector feature allows performing certain actions (such as source/destination MAC address swap) on packets reaching subinterfaces patched to Pseudowire that are reflected back to the source interface. It is useful to test properties and SLAs before deploying the service for a customer.
- Written by Josh Pfosi
- Posted on 6月 11, 2019
- Updated on 11月 11, 2024
- 12303 Views
This feature adds support for CPU traffic policy capable of matching and acting on IP traffic which would otherwise
- Written by Deepanshu Shukla
- Posted on 8月 21, 2020
- Updated on 6月 3, 2024
- 13921 Views
This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups.
It is intended to help overcome the potential shortcomings of traditional hash-based load balancing by considering the traffic load of members of ECMP groups. DLB considers the state of the port while assigning egress ports to packets, resulting in a more even flow. The state of each port member is determined by measuring the amount of data transmitted from a given port and total number of packets enqueued to a given port.
- Written by Sameer Pakalapati
- Posted on 7月 3, 2024
- Updated on 7月 3, 2024
- 1357 Views
The Command-tag feature adds support for grouping multiple configuration units/commands across features using a single command-tag, which is essentially a string. This tag can then be used to enable/disable/remove/disassociate all the associated commands with the tag, using a single CLI command, instead of performing the operation individually for each configuration command.
- Written by Brian Neville
- Posted on 11月 8, 2023
- Updated on 9月 30, 2024
- 4778 Views
gNSI (gRPC Network Security Interface) defines a set of gRPC-based microservices for executing security-related operations on network devices.
- Written by Brian Hsieh
- Posted on 5月 7, 2024
- Updated on 5月 7, 2024
- 1815 Views
IPv6 Duplicate Address Detection Proxy is a proxy-based mechanism allowing the use of Duplicate Address Detection (DAD) by IPv6 nodes in a point-to-multipoint architecture with a "split-horizon" forwarding scheme. In Split-horizon scenario where the hosts can not directly communicate with each other, but only through a BNG (Broadband Network Gateway).
- Written by Adrian Fettes
- Posted on 6月 5, 2020
- Updated on 5月 20, 2024
- 7598 Views
GRE ( Generic Routing Encapsulation ) packet header has a Key extension which is used by Arista to carry packet metadata. Currently packets mirrored at egress to a GRE tunnel destination do not have this information. This feature could be used to enable metadata in egress mirrored packets to GRE destinations.
- Written by Basil Saji
- Posted on 11月 9, 2020
- Updated on 10月 11, 2024
- 10992 Views
Private VLAN is a feature that segregates a regular VLAN broadcast domain while maintaining all ports in the same IP subnet. There are three types of VLAN within a private VLAN
- Written by David Jowett
- Posted on 4月 18, 2024
- Updated on 4月 18, 2024
- 2145 Views
This feature extends sampled flow tracker to support the selective sampling of certain traffic types (specified globally), such as routed IPv4, routed IPv6, and MPLS pop and route IPv4, per interface. The feature is applicable on interfaces, subinterfaces, port channels, and port channel subinterfaces.
- Written by Patrick MacArthur
- Posted on 2月 23, 2021
- Updated on 4月 18, 2024
- 7565 Views
Sub-interfaces can be grouped into logical units called scheduling groups, which are shaped as a single unit. Each scheduling group may be assigned a scheduling policy which defines a shape rate in kbps and optionally a guaranteed bandwidth, also in kbps.
- Written by Jefferson Esteves
- Posted on 11月 5, 2024
- Updated on 11月 5, 2024
- 346 Views
The VLAN interface (SVI) counter feature allows the device to count packets received and sent by the device on a per SVI basis. By default, in a VXLAN routing scenario, packets are not counted on the "overlay" SVI. The platform CLI command described below allows for counting on the overlay SVI. When enabled, this feature still permits counting on underlay network SVIs
- Written by Krystian
- Posted on 5月 15, 2024
- Updated on 5月 15, 2024
- 1838 Views
Support is added to use VRRP (Virtual Router Redundancy Protocol) virtual IP (Internet Protocol) address as an IPsec ( Internet Protocol Security) tunnel source or destination address. This allows for configurations that offer both security (provided by IPsec tunnels) and redundancy (provided by VRRP).
- Written by Sandeep Kopuri
- Posted on 10月 7, 2019
- Updated on 10月 24, 2024
- 11285 Views
Topology Independent Fast Reroute, or TI-LFA, uses IS-IS SR to build loop-free alternate paths along the post-convergence path. These loop-free alternates provide fast convergence.
- Written by Prateek Mali
- Posted on 8月 19, 2020
- Updated on 11月 14, 2024
- 21361 Views
Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.
- Written by Eddie Xie
- Posted on 1月 31, 2024
- Updated on 7月 15, 2024
- 2468 Views
This TOI supplements the Ingress Traffic Policy applied on ingress port interfaces. Please refer to that document for a description of Traffic Policies and field-sets. This TOI explains the Traffic Policies as applied in the ingress direction on VLAN interfaces.
- Written by Matthew Carrington-Fair
- Posted on 3月 3, 2023
- Updated on 10月 24, 2024
- 4780 Views
This feature allows the export of IP FIB (Forwarding Information Base) through the OpenConfig AFT YANG models.
- Written by Victoria Austin
- Posted on 6月 5, 2023
- Updated on 5月 2, 2024
- 2988 Views
This feature is disabled by default. It can be enabled by a CLI toggle "logging transceiver communication" under the "monitor layer1" config mode. Note that “logging transceiver” will enable SMBus communication failure and digital optical monitoring syslogs. See under Resources for more information on digital optical monitoring syslogs.
- Written by Pierre Desvallons
- Posted on 5月 30, 2024
- Updated on 7月 10, 2024
- 1843 Views
User-defined recovery policy is a type of reset that allows the customer to rollback a device to a previously saved state. A state can be saved by taking a snapshot of the configuration files that the customer wants to save. Once a snapshot has been taken, the device can be reset either through push-button or through the command line interface. This feature provides a trivial way to get back to a tested and working version of EOS.swi with user-defined configs in case of failure.
- Written by Isidor Kouvelas
- Posted on 2月 28, 2022
- Updated on 7月 29, 2024
- 14702 Views
Virtual Private LAN Service (VPLS) appears in (almost) all respects as an Ethernet type service to customers of a Service Provider (SP). A VPLS glues together several individual LANs across a packet switched network to appear and function as a single bridged LAN. This is accomplished by incorporating MAC address learning, flooding, and forwarding functions in the context of pseudowires that connect these individual LANs across the packet switched network. LDP signaling is used for the setup and teardown of the mesh of pseudowires that constitute a given VPLS instance.
- Written by Ronish Kalia
- Posted on 6月 12, 2019
- Updated on 4月 18, 2024
- 8010 Views
This feature enables policer (using policy-map) on a VTEP to rate limit traffic per VLAN/VNI. The policer can be applied in both input and output directions to rate limit decapsulated and encapsulated VXLAN traffic, respectively. Prior to EOS-4.32.0F, the policers are not applicable on multicast traffic through the VTEP. For platforms supporting rate limiting of both bridged and routed encapsulated traffic, the rate limiting would be done on common policer limits.
- Written by Simon Liang
- Posted on 9月 5, 2021
- Updated on 10月 18, 2024
- 9302 Views
This document describes the VRF selection policy and VRF fallback feature. A VRF selection policy contains match rules that specify certain criteria (e.g. DSCP, IP protocol) as well as a resulting action to select a VRF in which to do the FIB lookup. The VRF fallback feature is an extension of these policies which allows users to optionally specify a “fallback” VRF for each VRF. The behavior is such that if the FIB lookup fails in a match rule’s selected VRF, another lookup will be attempted in the configured fallback VRF. Additionally, the fallback VRF itself can have yet another fallback VRF, such that if the lookup in the VRF and fallback VRF fail, the fallback-of-the-fallback VRF will be looked up (see the Configuration section for an example of this).
- Written by Navlok Mishra
- Posted on 2月 8, 2017
- Updated on 5月 17, 2024
- 7636 Views
WRED ( Weighted Random Early Detection ) is one of the congestion management techniques.