- Written by Bobby Dhillon
- Posted on 4月 5, 2024
- Updated on 7月 30, 2024
- 4147 Views
FIPS is a US federal standard for computer systems and data security that mandates only compliant cryptographic algorithms and their implementations be used in a product’s cryptographic operations. A product is considered FIPS compliant if it uses verified crypto modules that have been certified by a laboratory approved by the National Institute of Standards and Technology (NIST). CloudVision has completed the FIPS certification process to allow users with both single-node and multi-node clusters to operate in FIPS mode. Intra-node communication is not yet certified and will follow in Phase 2.
- Written by Prachi Modi
- Posted on 7月 16, 2024
- Updated on 7月 16, 2024
- 3039 Views
In the 17.0 release, CV-CUE introduces FEED. FEED is a network dashboard that presents a timeline view of all the detected anomalies in the network. CV-CUE curates the FEED by continuously monitoring and proactively detecting anomalies in the network. It also analyzes the cause of the anomaly and provides dynamic suggestions to mitigate the issue. The administrator can analyze the issue, the AI-based recommended action, and then decide on the best approach to mitigate the issue. Feed also lets administrators go back in time and understand anomalies that occurred in the past.
- Written by Gaofeng Yue
- Posted on 1月 23, 2019
- Updated on 3月 26, 2025
- 11624 Views
FIB compression allows us to program routes into the hardware more efficiently. Routes are programmed in the route
- Written by Lavanya Conjeevaram
- Posted on 6月 6, 2017
- Updated on 12月 22, 2017
- 9668 Views
MPLSoGRE Filtered Mirroring is a specialized version of Mirroring to GRE Tunnel and Filtered Mirroring in which
- Written by Prachi Modi
- Posted on 5月 8, 2025
- Updated on 5月 8, 2025
- 273 Views
With the 19.0 release, you can apply filters to report data before generating or scheduling a report. Previously, you manually filtered out the relevant data from the generated report. Applying filters before generating a report helps streamline the data, speeds up report generation, and improves its readability. With filters, you can create a customized report based on your specific needs.
- Written by Dhruba Jyoti Pokhrel
- Posted on 7月 16, 2024
- Updated on 7月 16, 2024
- 3059 Views
Organizations may have multiple access points (APs) of different models operating with various firmware versions. As an organization, you may want to designate a specific version as a compliant firmware version for a certain model. Assigning a compliant firmware version helps network administrators identify non-compliant AP models by generating notification alerts.
- Written by Mattar Amith Kini
- Posted on 12月 27, 2024
- Updated on 12月 27, 2024
- 1818 Views
This document describes the CLI introduced to reallocate ECMP FEC banks on different levels in a hierarchical FEC configuration. Users may run out of entries on a certain level with other levels having little to no usage, and this CLI reconfigures the ECMP FEC entries to meet the requirements of the user.
- Written by Prachi Modi
- Posted on 1月 17, 2024
- Updated on 1月 17, 2024
- 4946 Views
With the 16.0 release, CloudVision Cognitive Unified Edge (CV-CUE) introduces the following enhancements to Floor Plans:
- Written by Harry Dhillon
- Posted on 4月 29, 2025
- Updated on 4月 29, 2025
- 708 Views
Latency and drop information help determine if there is a loss in a particular flow and where the loss occurred. A Service Node action configured as a DANZ Monitoring Fabric (DMF) managed service has multiple separate taps or spans in the production network and can measure the latency of a flow traversing through any pair of these points. It can also detect packet drops between any two points in the network if the packet only appears on one point within a specified time frame, currently set to 200ms.
- Written by Chris Pearson
- Posted on 9月 24, 2024
- Updated on 9月 24, 2024
- 2616 Views
This feature provides a way to distinguish groups of flows within encrypted GRE tunnels. That enables downstream forwarding devices to process multiple flows in parallel while maintaining packet order within individual flows. Parallel processing offers the opportunity for significant aggregate throughput improvement.
- Written by Marc Pawlowsky
- Posted on 3月 7, 2025
- Updated on 5月 15, 2025
- 1388 Views
The agent DmaQueueMonitor provides visibility into packets coming up to the CPU via CPU queues. Packets are continuously sampled on monitored queues and kept available for reporting when a CPU congestion event occurs. When a queue that leads to CPU processing is congested a PCAP file may be created from the sampled packets that were captured from before and after the congestion event. The PCAP file is written to the file system for off-line examination.
- Written by Mihyar Baroudi
- Posted on 12月 8, 2015
- Updated on 12月 21, 2015
- 8171 Views
This feature enables detection of abnormal system flows (total in vs. out packet counters) by showing packet loss
- Written by Surapaneni Venkata Gopi Krishna
- Posted on 6月 16, 2022
- Updated on 10月 11, 2024
- 11520 Views
Flow control is a data transmission option that temporarily stops a device from sending data because of a peer data overflow condition. If a device sends data faster than the receiver can accept it, the receiver's buffer can overflow. The receiving device then sends a PAUSE frame, instructing the sending device to halt transmission for a specified period.
- Written by Canberk Akcali
- Posted on 9月 12, 2024
- Updated on 9月 12, 2024
- 2863 Views
Forced periodic ARP refresh adds support for a mechanism that allows forcing ARP/NDP refresh requests to be sent in periodic intervals independently of ARP/NDP entries' confirmed time in the kernel. By default, when a neighbor entry gets confirmed by various processes such as ARP synchronization between MLAG peers, an ARP refresh request is not sent for at least another duration of ARP aging timeout (or ND cache expiry time for the IPv6 case). This feature provides support for a configuration to force sending refresh requests at the configured ARP/ND aging timeout regardless of the last confirmed time.
- Written by Dhruba Jyoti Pokhrel
- Posted on 12月 16, 2024
- Updated on 12月 16, 2024
- 1791 Views
With the 18.0 release, you can send a copy of DHCP Packets from Access Points (AP) to Network Access Control (NAC) solutions for profiling clients and assigning appropriate network segments. When you enable the packet forwarding option on the UI, the AP forwards a copy of the DHCP packets to Port 67 of the destination server.
- Written by Dhruba Jyoti Pokhrel
- Posted on 4月 1, 2024
- Updated on 4月 1, 2024
- 4149 Views
This feature lets you freeze the channel and transmit power in the Auto mode to operate a specific radio at a specific channel number and transmit power. To switch to other channels, unfreeze the settings and select a custom channel and power, or enable the Auto mode to select the optimum channel and transmit power. Freeze and unfreeze Auto Channel Selection (ACS) and Transmit Power Control (TPC) configurations are configured for each radio. You can select multiple radios and freeze the ACS and TPC settings.
- Written by David Joseph
- Posted on 12月 24, 2024
- Updated on 12月 24, 2024
- 1858 Views
This feature adds support for the front panel Ethernet (Et) interface counters on the platforms listed below and enables the Et interfaces to dynamically adopt the counter values (packet and error)1 of interfaces (Switch, App interfaces etc.) related to the currently running FPGA application, based on user or default configuration. All Arista FPGA applications are supported. Both the receive and transmit packet counters can be independently configured for each interface, as desired. Counters are supported for interfaces of any speed including agile ports.
- Written by Kaushik Kumar Ram
- Posted on 8月 21, 2020
- Updated on 10月 17, 2024
- 11819 Views
Generic UDP Encapsulation (GUE) is a general method for encapsulating packets of arbitrary IP protocols within a UDP tunnel. GUE provides an extensible header format with optional data. In this release, decap capability of GUE packets of variant 1 header format has been added. This variant allows direct encapsulation using the UDP header without the GUE header. The inner payload could be one of IPv4, IPv6, or MPLS.
- Written by Syed Rahi
- Posted on 9月 30, 2015
- Updated on 2月 7, 2022
- 8022 Views
When a user configures IPv6 ACLs, by default, the system automatically includes two additional rules : a default
- Written by Pankaj Srivastava
- Posted on 12月 20, 2024
- Updated on 12月 20, 2024
- 2032 Views
This feature provides a CLI to disable storm control policing on known multicast streams. By default, known multicast streams are policed by storm control policers and the behavior is consistent across all platforms supporting storm control feature. With the new CLI we can change the default policing behavior for known multicast streams.
- Written by Nathan Wolfe
- Posted on 6月 29, 2016
- Updated on 6月 29, 2016
- 9831 Views
Users can now define a global LAG hashing profile. The global LAG hashing profile will be applied to all linecards
- Written by Ajanthasingam Jegasingam
- Posted on 1月 2, 2025
- Updated on 1月 2, 2025
- 1794 Views
This is an implementation of the gNOI Healthz RPCs (version 1.3.0). Note that RPC elements of the Healthz service are supported, and as of 4.33.1F, only the agent information is exposed in healthz yang component containers outlined as in the healthz service.
- Written by Prachi Modi
- Posted on 12月 16, 2024
- Updated on 12月 16, 2024
- 1775 Views
In the 18.0 release, along with Slack, you can also subscribe to Google Chat and Microsoft Teams webhooks to receive alerts in your conversation channels whenever a network issue or anomaly is detected. Note: This is a BETA feature. Reach out to your Arista account manager to enable it.
- Written by Shubhangi Singh
- Posted on 10月 24, 2024
- Updated on 10月 24, 2024
- 2293 Views
This is an extension to the IKE policy and SA policy configuration options available in EOS. The key lifetimes for IKE policies and SA policies are specifiable in hours. This feature allows specifying the key lifetimes in minutes as well.
- Written by Prajul Sreedharan
- Posted on 1月 22, 2019
- Updated on 12月 30, 2024
- 11014 Views
This feature introduces the support for IPv4 ACL configuration under GRE and IPsec tunnel interfaces and IPv6 ACL configuration under GRE tunnel interfaces. The configured ACL rules are applied to a tunnel terminated GRE packet i.e. any IPv4/v6-over-GRE-over-IPv4 that is decapsulated by the GRE tunnel-interface on which the ACL is applied, or a packet terminated on IPsec tunnel i.e, IPv4-over-ESP-over-encrypted-IPv4 packet that is decapsulated and decrypted by the IPsec tunnel interface on which the ACL is applied.
- Written by Qin Zhang
- Posted on 9月 30, 2015
- Updated on 7月 21, 2023
- 8211 Views
By default, inner IP header of a GRE packet is used for LAG hashing. With this feature, LAGs can hash GRE traffic
- Written by Srinivasan Koona Lokabiraman
- Posted on 7月 2, 2025
- Updated on 7月 2, 2025
- 54 Views
The feature allows a GRE tunnel to be resolved over another GRE tunnel. The two GRE tunnels may be in the same VRF or different VRFs.
- Written by Gowtham Rameshkumar
- Posted on 3月 11, 2020
- Updated on 5月 21, 2025
- 13998 Views
This feature introduces hardware forwarding support for IPv4-over-IPv4 GRE tunnel interfaces on selected Arista
- Written by Abhiram Kalluru
- Posted on 12月 20, 2019
- Updated on 3月 25, 2025
- 10484 Views
gRIBI (gRPC Routing Information Base Interface) defines an interface through which OpenConfig AFT (Abstract Forwarding Table) entries can be injected from an external client to a network element.
- Written by Pedro Coutinho
- Posted on 8月 25, 2016
- Updated on 6月 11, 2019
- 11358 Views
This feature involves the use of packet’s Time to Live (TTL) (IPv4) or Hop Limit (IPv6) attributes to protect
- Written by Utkarsha Verma
- Posted on 2月 18, 2021
- Updated on 4月 14, 2025
- 12727 Views
Arista campus switches allow extensive and fine grained hardware based flow tracking and management features. They
- Written by Ramakrishnan G
- Posted on 2月 8, 2017
- Updated on 9月 7, 2020
- 8805 Views
In ingress/egress and fabric/egress replication mode, on DCS 7280E, DCS 7280R, DCS 7500E and DCS 7500R, Broadcast,
- Written by Vincent Lam
- Posted on 5月 1, 2015
- Updated on 5月 1, 2015
- 8276 Views
The Hardware Switch Controller (HSC) provides an integration point between the SDN controllers (NSX or Nuage) and
- Written by Anoop Dawani
- Posted on 9月 30, 2015
- Updated on 11月 26, 2024
- 9401 Views
Hardware Table Capacity Monitoring is a new feature to keep track of the capacity and utilization of various hardware forwarding resources and generate alerts/syslogs when the utilization exceeds a threshold value. Users can keep track of the current usage statistics using a single show command, and also configure thresholds on a per-resource basis, to be notified about any high-utilization upfront, before reaching any resource limits. The Main use-case would be for troubleshooting in overflow situations and avoid overflows altogether by taking corrective actions on high utilization.
- Written by Stefan Rebaud
- Posted on 5月 17, 2018
- Updated on 8月 20, 2024
- 12912 Views
EOS-4.20.5 adds support for hardware-accelerated sFlow on compatible R2 platforms.
- Written by Zhuohui Tan
- Posted on 12月 22, 2017
- Updated on 10月 8, 2018
- 10008 Views
Hierarchical Forwarding Equivalence Class (HFEC) changes a FEC from a single flat level to a multi level FEC
- Written by Scott Smith
- Posted on 10月 18, 2024
- Updated on 2月 5, 2025
- 2569 Views
This feature allows capturing packets and byte counts at high resolution on physical interfaces, down to 1 ms granularity. Allows for detecting anomalous packet flows, or confirming the expected bandwidth usage. Requires selecting a set of interfaces to sample, a time resolution, and sampling duration.
- Written by Aditi Vaidya
- Posted on 8月 23, 2019
- Updated on 8月 23, 2019
- 9730 Views
Keeping Wi Fi Access Point (AP) firmware up to date allows network administrators to take advantage of the latest
- Written by Rashid Akhtar
- Posted on 12月 17, 2024
- Updated on 12月 17, 2024
- 1934 Views
This feature introduces support for scaling both IPv4 and IPv6 hosts on our devices. Existing MDB profiles offer a maximum host scale of 128k with unique MAC rewrites. However, if hosts share the MAC rewrites, the scale can reach up to 204k. To address this issue, we are introducing a new MDB profile that will support a host scale of up to 192k when each host has a unique MAC rewrite. If hosts share the MAC rewrites, the scale can reach up to 256k.
- Written by Prachi Modi
- Posted on 2月 20, 2023
- Updated on 2月 20, 2023
- 6380 Views
Hotspot 2.0 is a standard for public-access Wi-Fi that enables seamless roaming among Wi-Fi networks and between Wi-Fi and cellular networks. With Hotspot 2.0, Passpoint-certified mobile devices such as laptops and smartphones can automatically discover and connect to Wi-Fi networks without the need of signing in manually. It is based on IEEE 802.11u standard for Interworking with External Networks.
- Written by Prachi Modi
- Posted on 7月 7, 2023
- Updated on 7月 7, 2023
- 5889 Views
With the 15.0 release, CloudVision Cognitive Unified Edge(CV-CUE) provides you the ability to list down Vulnerable SSIDs and Hotspot SSIDs. CV-CUE takes action on the listed SSIDs according to the applied WIPS policy.
- Written by Madhu Sudan
- Posted on 3月 31, 2017
- Updated on 7月 13, 2017
- 8603 Views
External controllers can communicate with HSC (Hardware Switch Controller) running on CVX/EOS using the OVSDB
- Written by Alexandru Bran
- Posted on 10月 24, 2024
- Updated on 10月 24, 2024
- 2214 Views
This is an extension to BGP EVPN VPNs that allow us to use iBGP as the PE-CE protocol. This feature also provides a way to isolate the customer’s network BGP attributes from the SP backbone’s attributes, by saving them into a special attribute called ATTR_SET, code 128. This separation introduces a “route server” model that allows the customer’s BGP path attributes to be stored in the SP backbone along with the VPN-IPv4/v6 paths.
- Written by Bill Fenner
- Posted on 10月 24, 2024
- Updated on 10月 24, 2024
- 2428 Views
ICMP Probe allows querying of interface status and ARP or Neighbor Discovery table status remotely. It is a request/response protocol, similar to ping, but instead of simply responding to the request, it responds with information about a local interface or a remote neighbor. The node being queried is called the "proxy node"
- Written by Avininder Grewal
- Posted on 9月 30, 2015
- Updated on 9月 30, 2015
- 8356 Views
Arista switches enable high precision time distribution directly in the data path using IEEE1588 Precision Time
- Written by Shyam Kota
- Posted on 2月 8, 2017
- Updated on 7月 6, 2020
- 8386 Views
IGMP Snooping Proxy feature is an optimization over IGMP snooping. When IGMP Snooping Proxy is enabled, the switch
- Written by Pauric Ward
- Posted on 3月 3, 2023
- Updated on 3月 20, 2025
- 7712 Views
This feature enables the user to configure a list or range of BGP attributes to be ignored by the router on receipt of a BGP update message. The BGP attributes are discarded from the BGP update message, and unless the action of discarding an attribute causes the update message to trigger error handling, then the update message is parsed as normal.
- Written by Dhruba Jyoti Pokhrel
- Posted on 7月 7, 2023
- Updated on 7月 7, 2023
- 6011 Views
You can import Ekahau floor plans to CloudVision Cognitive Unified Edge (CV-CUE) and then manage the access points (AP) from CV-CUE. Once you import the floor plan to CV-CUE, you can map the AP to CV-CUE and start managing the AP.
- Written by Kallol Mandal
- Posted on 12月 12, 2024
- Updated on 12月 12, 2024
- 2129 Views
Each ARP/ND packet into a switch may generate an update for the switch ARP/Neighbor table and this update may need to be synchronized with the MLAG peer when VXLAN is configured. Prior to this feature, these updates (on a VXLAN setup) are synchronized by sending an UDP packet (one packet per update) containing the IP/MAC/VLAN information from the MLAG peer where the ARP/ND packet is received to the other MLAG peer.
- Written by Padmanabh Ratnakar
- Posted on 10月 7, 2021
- Updated on 3月 20, 2025
- 15451 Views
For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency, queue and congestion information for flows at different times. The inband telemetry feature(INT), based on Inband Flow Analyzer RFC draft -IFA 2.0 and IFA 1.0(on some platforms) , is used to gather per flow telemetry information like path, per hop latency and congestion. INT is supported for both IPv4 and IPv6 traffic.