Tag :: EOS 4.34.2F

802.1X dynamic interface configuration allows for dynamic interface configuration on the 802.1X authenticator based on device profiling performed by a Network Access Controller (NAC). Traditionally, 802.1X authenticators require static interface configuration. This enhancement extends dynamic capabilities beyond existing features like dynamic VLAN assignment and ACL programming, enabling any type of interface configuration to be applied dynamically via the CLI.

802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.

This feature gives AVT/DPS tunnels the ability to transport IPv6 overlay traffic. Formerly, such tunnels could only transport IPv4 overlay traffic.

Automatic certificate management provides support for retrieving signed x509v3 certificates from a server under the Enrollment over Secure Transport (EST) protocol, described in RFC 7030. The feature provides only EST client capabilities.

BFD telemetry streaming via OpenConfig implements the gNMI path /bfd/interfaces/interface/peers such that users can get real time telemetry data on BFD sessions configured on the device.

ACL based traffic management often requires matching packets’ destination addresses against one or more sets of IP prefixes. This can become difficult to manage when the prefix sets need to be consistently maintained on several devices and either change too frequently or are very large. When the prefixes for the prefix sets are learned by BGP, this feature provides an alternative to maintaining unwieldy sets of statically configured IP prefixes. Instead the prefix sets are populated by BGP based on the BGP communities that are assigned to learned prefixes. BGP can manage IP prefix field sets for use with Traffic Policies.

Peer Tagging Route Filtering feature discards BGP route advertisements by the peers which the routes are received from. The feature lets users assign a peer-tag to a peer or a group of peers in inbound direction and discard routes advertisements by the peer-tag in outbound direction. One use case of the feature is to discard AS loop routes in outbound direction in data center deployments.

This feature adds support for BGP UCMP in the multi agent routing protocol model. The TOI for BGP UCMP in the ribd

Class Based Forwarding (CBF) is a means for steering IP traffic into specific tunnels based on either the ingress DSCP values or based on “classes”, which are derived from fields in the ingress packet headers and policies provisioned on the router. CBF may be used with SR-TE Policy or RSVP-TE colored tunnels. 4.35.1F adds support for CBF with flex-algo colored tunnels.

Arista’s CCS-710XP series of ethernet switches consist of CCS-710XP-12TH-2S SKU. CCS-710XP-12TH-2S is a 12 port 1000BASE-T PoE & 2-port SFP+ fanless switch device rich with networking features suited for campus deployments.

This document describes the configuration and behavior of physical interfaces on the CCS-710XP series switch

This feature implements the ability to configure any tx serdes parameters via the CLI. This is useful to work around any L1 issues that customers may encounter due to suboptimal networks/links/transceivers.

Network Address Translation (NAT) is a feature used to obfuscate private internal addresses to the external world. The feature makes sure that private internal addresses are translated into a publicly visible address which is used by all external hosts and it also does the reverse translation of the public address to the private internal address.

Cluster Load Balancing is a feature designed to ensure optimal load balancing of flows used as part of GPU based cluster communication. When this feature is enabled, a TOR router monitors RoCE traffic flowing between the GPU servers and spine uplinks and ensures optimal load balancing in the network.

Cluster Load Balancing for Spine is a feature designed to ensure optimal load balancing of flows used as part of GPU based cluster communication in a network that uses multiple links to connect a TOR router to a Spine router.. When this feature is enabled on a Spine, it monitors RoCE traffic coming from a TOR and applies optimal load balancing when forwarding the traffic to the next TOR router hosting the destination GPU server.

Traditional policers treat all packets equally without considering the color of the incoming packet, potentially leading to transmission of excess packets that have already been marked with lower priority. Color aware flag in a policer configuration addresses this by providing the ability to consider the incoming packets’s drop precedence (DP) value while taking the policing decision on a given interface.

This feature allows the user to define a custom COS To Traffic-Class (TC) and Drop-Precedence (DP) map and apply it to an interface.

This feature allows the user to define a custom DSCP-To-TC map and apply it to an interface.

Arista’s DCS-7130LBR series of switches are powerful network devices designed for ultra latency applications along with a wealth of networking features.

The DHCP relay feature, forwards DHCP packets between a client and the DHCP server when the server is not in the same broadcast domain as the client. The DHCP relay should be configured on the gateway interface (SVI/ L3 interface) for the clients.

Egress filtered mirroring enables the selective mirroring of packets exiting a port, offering more precise control compared to mirroring all egress traffic. It is possible to selectively mirror egress packets based on the permit statements in the configured ACLs.

The FIB contains mappings between a prefix (identifying a destination network) and its associated Forwarding Equivalence Class (FEC), with the FEC containing one or more resolved Vias defining how traffic should be forwarded towards that destination network.

EosSdkRpc is an agent built on top of the Arista EOS SDK. It uses gRPC as a mechanism to provide remote access to the EOS SDK. The gRPC interface that EosSdkRpc supports closely matches the interface provided by EOS SDK, and the intent is that the .proto interface can be publicly supported. EosSdkRpc allows for remote access and using protobuf to specify the interface isolates user code from the Linux ABI issues that come with building C++ applications on different compiler, libc, and kernel versions. EosSdkRpc is built using C++ but supports clients written in any of the languages currently supported by the gRPC framework.

This feature allows configuring backup entries for static MPLS LFIB routes via EOS SDK RPC to be activated if its corresponding primary entries are unable to forward traffic due to next hops being unresolved or its corresponding interface being down. Any backup entries will not be activated to forward traffic until all primary entries are unviable. Thereby, backup entries configured for the Static MPLS routes are a mechanism to achieve fast failover when the primary path fails.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks far more challenging, and the ability of service providers to respond to frame loss in such networks directly impacts their competitiveness.

In the Centralized Anycast Gateway configuration, the Spines are configured with EVPN-IRB and are used as the IP Default Gateway(DWG), whereas the Top of rack switches perform L2 EVPN Routing.

In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.

In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.

The EVPN Gateway Data Center Interconnect (DCI) feature supports multihoming redundancy. This deployment model leverages a virtual Interconnect Ethernet Segment Identifier (I-ESI) to form an overlay ECMP across the EVPN DCI gateways. Recently, EOS added new features for managing the I-ES that improve traffic handling and convergence in certain failure scenarios:

Smart System Upgrade (SSU) provides the ability to upgrade the EOS image with minimal traffic disruption.

Receive Side Scaling (RSS) which is also known as multi queue receive, distributes network receive flows across NIC card multiple hardware queues.

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch, allowing you to determine which interfaces a packet would egress out of. Typical use cases include, but are not limited to, determining egress members for Port-Channels and ECMPs.

gNPSI is an OpenConfig protocol designed to act as a proxy between the sFlow agent and interested gRPC clients. The gNPSI server receives datagrams from sFlow, repackages the datagrams in the protobuf message format and forwards these messages onto any subscribed gRPC clients. The protobuf used for this feature is available at the link above.

IP Locking is an EOS feature configured on an Ethernet Layer 2 port.  When enabled, it ensures that a port will only permit IP and ARP packets with IP source addresses that have been authorized. As of EOS-4.25.0F release update, IP Locking can run in two modes - IPv4 Locking (which will be referred to as IP Locking) and IPv6 Locking, which can be configured using the commands mentioned in the below sections. IP Locking prevents another host on a different interface from claiming ownership of an IP address through either IP or ARP spoofing.

IS-IS flexible algorithm (FlexAlgo) provides a lightweight, simplified mechanism for performing basic traffic engineering functions within a single IS-IS area. FlexAlgo requires the cooperation of all nodes within the IS-IS area but does not require an external controller. Paths are computed by each node within the area, resulting in an MPLS switched forwarding path to nodes that are advertising a node Segment Identifier (SID) for the algorithm. The results of the path computation are placed in the colored tunnel RIB or system tunnel RIB, which simplifies route resolution.

Segment Routing provides mechanism to define end-to-end paths within a topology by encoding paths as sequences of sub-paths or instructions. These sub-paths or instructions are referred to as “segments”. IS-IS Segment Routing (henceforth referred to as IS-IS SR) provides means to advertise such segments through IS-IS protocol.

At a high level, L1 profiles are a set of configurations which allow EOS users to change the numbering scheme and default L1 configurations of all front panel interfaces across their network switch. On Arista network switches, front panel transceiver cages are exposed as ports which are numbered sequentially: 1, 2, 3, 4, etc. These identifiers are usually marked on the front panel to allow for easier identification.

LDP End of LIB is a signaling enhancement defined in RFC 5919 to allow an LDP speaker to notify a neighbor when it has

This feature implements RFC 3478. It allows devices to preserve the MPLS LDP LFIB entries in the forwarding plane if the TCP connection is lost or LDP agent restarts.

Leaf Smart System Upgrade (SSU) provides the ability to upgrade the EOS image with minimal traffic disruption.Note: It is possible that SSU shutdown and bootup are not supported in the same image. If a product has shutdown support in image A and bootup support in a later image B, then SSU upgrade cannot be performed from image A to any images earlier than image B, including image A itself. However, upgrading from image A to image B onwards is allowed.

This feature allows setting the desired maximum VOQ latency. Drop probabilities are adjusted in hardware to meet this limit.

Measured boot is a tamper-detection mechanism that records a system's boot process. It calculates cryptographic hashes of system components and configurations, which are then securely stored in the Platform Configuration Registers (PCRs) of a Trusted Platform Module (TPM) chip. This process creates a secure "hash chain" of the boot sequence. After the system starts, the TPM Quote operation, along with the PCR extension records, can be used to verify the PCR values, confirming that the system components are unchanged and the software is trusted.

MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.

Mirror on drop is a network visibility feature which allows monitoring of MPLS or IP flow drops occurring in the ingress pipeline. When such a drop is detected, it is sent to the control plane where it is processed and then sent to configured collectors. Additionally, CLI show commands provide general and detailed statistics and status.

MLAG Smart System Upgrade (SSU) provides the ability to upgrade the EOS image of an MLAG switch with minimal traffic disruption.

Generic UDP Encapsulation (GUE) is a general method for encapsulating packets of arbitrary IP protocols within a UDP tunnel. GUE provides an extensible header format with optional data. In this release, the ability to encapsulate MPLS over GUE packets of variant 1 header format has been added. 

In conventional VXLAN deployments, each MLAG pair of switches are represented as a common logical VTEP. VXLAN traffic can be decapsulated on either switch. In some networks, there are hosts that are singly connected to one of the MLAG pair. VXLAN packets destined for the singly connected host could land on the other MLAG peer and subsequently be forwarded over the MLAG peer-link to reach the destination host. This path is undesirable since it would use up some bandwidth on the peer-link.

MultiAccess is an FPGA-based feature available on certain Arista 7130 platforms. It performs low-latency Ethernet multiplexing with optional packet contention queuing, storm control, VLAN tunneling, and packet access control. The interface to interface latency is a function of the selected MultiAccess profile, front panel interfaces, MultiAccess interfaces, configuration settings, and platform being used.

NIM-1QC is a single port OCP 3.0 standard NIM card manufactured by Intel. The AWE-7230R-4TX-4S-F, AWE-5310-F, and AWE-7250R-16S-F, AWE-5510-F devices have 2 and 4 NIM (Network Interface Module) slots respectively. These devices now support NIM-1QC cards.