The BGP implementation now provides the ability to display the age of paths received for a given prefix using the

EOS 4.20.1F introduces expanded VRRP, VARP and MLAG Peer Gateway virtual MAC capabilities on the 7500R, 7280R,

TOI 4.20.1F

IP in IP decapsulation was first introduced for the supported platforms(below) in EOS version 4.15.0F (IP in IP

DANZ provides a set of features and tools to enhance instrumentation and network/ application performance monitoring with the following key functional areas.

Measured boot is an anti-tamper mechanism. It calculates the cryptographic signatures for software system components and extends the signatures into the Trusted Platform Module (TPM) security chip. Upon startup, with the feature turned on, the Aboot bootloader and EOS calculate the hash of various system components and extend the hashes into the Platform Configuration Registers (PCRs), which is one of the resources of the Trusted Platform Module (TPM) security chip. The calculation and extension event is called the measured boot event, which is associated with a revision number to help the user identify changes to the event.

RFC 5837 describes extensions to the Internet Control Message Protocol (ICMP) that enable network devices to identify incoming and outgoing interfaces and next-hop addresses via extensions to specific ICMP error messages. These extensions are particularly useful for network diagnostics and troubleshooting applications.

EosSdkRpc is an agent built on top of the Arista EOS SDK. It uses gRPC as a mechanism to provide remote access to the EOS SDK. The gRPC interface that EosSdkRpc supports closely matches the interface provided by EOS SDK, and the intent is that the .proto interface can be publicly supported. EosSdkRpc allows for remote access and using protobuf to specify the interface isolates user code from the Linux ABI issues that come with building C++ applications on different compiler, libc, and kernel versions. EosSdkRpc is built using C++ but supports clients written in any of the languages currently supported by the gRPC framework.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. 

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks far more challenging, and the ability of service providers to respond to frame loss in such networks directly impacts their competitiveness.

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that condition is detected. It is a flexible and configurable way to automate the reaction to conditions without the need for a system operator to observe and apply the desired actions manually.

The EOS Event Manager feature, introduced in 4.17.0F,  provides the ability to specify a condition and an action

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that

CloudVision allows you to generate event notifications so that you can stay up to date on your network's status and performance. Notification configuration involves formatting notifications, configuring notification platforms, assigning notification receivers, and configuring notification rules.

The ability to monitor and react to Syslog messages provides a powerful and flexible tool that can be used to apply self

TOI

Event Rollup allows you to manage the volume of identical events and can be used to flag when an event is recurring. Event Rollup groups together events that are identical except for their timestamps. It does so in two ways: dynamically via the Event List and according to a 24-hour window via the detailed event view. It can be enabled or disabled at will, using the Roll Up toggle.

In order to minimize the volume of change control events, CloudVision has introduced a new event, Change Control Events. Change Control Events is generated when 2 or more of the following events are triggered for the same change control:

CloudVision will generate a Disk Utilization on CloudVision Node Breached Threshold event when disk utilization for a CloudVision node has either exceeded the default threshold or breached the user-configured threshold set in event rules.

EVPN IRB interface supports both L2 switching and L3 Vxlan Routing on the same TOR switch. In a typical EVPN IRB

TOI 4.20.6F

E-Tree is an L2 EVPN service (defined in RFC8317) in which each attachment circuit (AC) is assigned the role of Root or Leaf. In this implementation, ACs are configured at the VLAN level, and the forwarding rules are enforced using a combination of local configuration of leaf VLANs (for local hosts), and asymmetric route targets (for remote hosts).

Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family

In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.

Multihoming in EVPN allows a single customer edge (CE) to connect to multiple provider edges (PE or tunnel endpoint). These PE devices are all connected to the same Ethernet-Segment (ES). Multihoming is activated by assigning a unique Ethernet Segment Identifier (ESI) and ES-Import Route Target (RT) which enables all the PEs connected to the same multihomed site to import the Type 4 ES routes

In EOS 4.22.0F, EVPN VXLAN all active multi homing L2 support is available. A customer edge (CE) device can connect to

Ethernet VPN (EVPN) networks normally require some measure of redundancy to reduce or eliminate the impact of outages and maintenance. RFC7432 describes four types of route to be exchanged through EVPN, with a built-in multihoming mechanism for redundancy. Prior to EOS 4.22.0F, MLAG was available as a redundancy option for EVPN with VXLAN, but not multihoming. EVPN multihoming is a multi-vendor standards-based redundancy solution that does not require a dedicated peer link and allows for more flexible configurations than MLAG, supporting peering on a per interface level rather than a per device level. It also supports a mass withdrawal mechanism to minimize traffic loss when a link goes down.

EVPN gateway support for all-active (A-A) multihoming adds a new redundancy model to our multi-domain EVPN solution introduced in [1]. This deployment model introduces the concept of a WAN Interconnect Ethernet Segment identifier (WAN I-ESI). The WAN I-ESI allows the gateway’s EVPN neighbors to form L2 and L3 overlay ECMP on routes re-exported by the gateways. The identifier is shared by gateway nodes within the same domain (site) and set in MAC-IP routes that cross domain boundaries.

This enhancement is to display the number of packets that were ECN (Explicit Congestion Notification) marked by the

Administrative Groups (AG) provide a way to associate certain attributes or policies with connections between nodes , enabling network administrators to control the routing decisions based on specific criteria. Extended Administrative Groups (EAG) are an extension of AG which allow a larger range of admin groups to be utilized for various Traffic Engineering (TE) purposes within a network. EAGs are defined in a new sub-TLV for IS-IS link attributes, separate to AGs, however they are considered as one within EOS. The EAG feature in EOS allows the range of administrative color to be increased from 0-31 to 0-127.

Use an External Certification Authority (ECA) to ensure secure communication and authentication with CloudVision..By default, Streaming Agent and other applications communicate with CloudVision using mutual-TLS certificates signed by a local certificate authority (CA). You now have the option to integrate CloudVision with Venafi,  an external CA, to sign and verify these certificates.

Starting EOS 4.15.0F, EOS can monitor (for long durations) low error rate errors on all fabric links. It

The 7250X and 7300 series use an optimized internal CLOS design with multiple port ASICs interconnected via Fabric

With the 18.0 release, Access Points (AP) can also use LAN2 as the Uplink Port. If both the LAN Ports are available as Uplink, the AP monitors both ports equally. Only on the first AP boot will AP consider LAN1 as the default Uplink, and LAN2 will be the failover. If LAN1 and LAN2 are connected and LAN1 fails to receive any packets, the AP can fail over to LAN2 as the Uplink Port and will continue to operate on the same uplink even if LAN1 is active again. 

The 7280E and 7500E series are Virtual Output Queues (VOQs) based multi chip systems where there is a VOQ for all the

Fallback PBR policy enables an alternate policy to be active when PBR policy attached to an interface is being

The FEC (Forward Error Correction) traffic analyzer is designed to estimate the performance of the FEC layer, identify error statistics, and the source of correlated errors on physical interfaces.

FIPS is a US federal standard for computer systems and data security that mandates only compliant cryptographic algorithms and their implementations be used in a product’s cryptographic operations. A product is considered FIPS compliant if it uses verified crypto modules that have been certified by a laboratory approved by the National Institute of Standards and Technology (NIST). CloudVision has completed the FIPS certification process to allow users with both single-node and multi-node clusters to operate in FIPS mode. Intra-node communication is not yet certified and will follow in Phase 2.

In the 17.0 release, CV-CUE introduces FEED. FEED is a network dashboard that presents a timeline view of all the detected anomalies in the network. CV-CUE curates the FEED by continuously monitoring and proactively detecting anomalies in the network. It also analyzes the cause of the anomaly and provides dynamic suggestions to mitigate the issue. The administrator can analyze the issue, the AI-based recommended action, and then decide on the best approach to mitigate the issue. Feed also lets administrators go back in time and understand anomalies that occurred in the past.

MPLSoGRE Filtered Mirroring is a specialized version of Mirroring to GRE Tunnel and Filtered Mirroring in which

Organizations may have multiple access points (APs) of different models operating with various firmware versions. As an organization, you may want to designate a specific version as a compliant firmware version for a certain model. Assigning a compliant firmware version helps network administrators identify non-compliant AP models by generating notification alerts.

This document describes the CLI introduced to reallocate ECMP FEC banks on different levels in a hierarchical FEC configuration. Users may run out of entries on a certain level with other levels having little to no usage, and this CLI reconfigures the ECMP FEC entries to meet the requirements of the user.

With the 16.0 release, CloudVision Cognitive Unified Edge (CV-CUE) introduces the following enhancements to Floor Plans: 

This feature provides a way to distinguish groups of flows within encrypted GRE tunnels. That enables downstream forwarding devices to process multiple flows in parallel while maintaining packet order within individual flows. Parallel processing offers the opportunity for significant aggregate throughput improvement.

This feature enables detection of abnormal system flows (total in vs. out packet counters) by showing packet loss

Flow control is a data transmission option that temporarily stops a device from sending data because of a peer data overflow condition. If a device sends data faster than the receiver can accept it, the receiver's buffer can overflow. The receiving device then sends a PAUSE frame, instructing the sending device to halt transmission for a specified period.

Forced periodic ARP refresh adds support for a mechanism that allows forcing ARP/NDP refresh requests to be sent in periodic intervals independently of ARP/NDP entries' confirmed time in the kernel. By default, when a neighbor entry gets confirmed by various processes such as ARP synchronization between MLAG peers, an ARP refresh request is not sent for at least another duration of ARP aging timeout (or ND cache expiry time for the IPv6 case). This feature provides support for a configuration to force sending refresh requests at the configured ARP/ND aging timeout regardless of the last confirmed time.

With the 18.0 release, you can send a copy of DHCP Packets from Access Points (AP) to Network Access Control (NAC) solutions for profiling clients and assigning appropriate network segments. When you enable the packet forwarding option on the UI, the AP forwards a copy of the DHCP packets to Port 67 of the destination server.

This feature lets you freeze the channel and transmit power in the Auto mode to operate a specific radio at a specific channel number and transmit power. To switch to other channels, unfreeze the settings and select a custom channel and power, or enable the Auto mode to select the optimum channel and transmit power. Freeze and unfreeze Auto Channel Selection (ACS) and Transmit Power Control (TPC) configurations are configured for each radio. You can select multiple radios and freeze the ACS and TPC settings.

This feature adds support for the front panel Ethernet (Et) interface counters on the platforms listed below and enables the Et interfaces to dynamically adopt the counter values (packet and error)1 of interfaces (Switch, App interfaces etc.) related to the currently running FPGA application, based on user or default configuration. All Arista FPGA applications are supported. Both the receive and transmit packet counters can be independently configured for each interface, as desired. Counters are supported for interfaces of any speed including agile ports.

Generic UDP Encapsulation (GUE) is a general method for encapsulating packets of arbitrary IP protocols within a UDP tunnel. GUE provides an extensible header format with optional data. In this release, decap capability of GUE packets of variant 1 header format has been added. This variant allows direct encapsulation using the UDP header without the GUE header. The inner payload could be one of IPv4, IPv6, or MPLS.