Tag :: TOI

This feature optimizes the utilization of hardware resources by sharing tcam entries for a group of SVIs on which an

RadSec or RADIUS over TLS is a protocol for secure communication between a client and the RADIUS server. RadSec uses TCP and TLS protocols to form a secure tunnel between the client and the server.

The BGP implementation now provides the ability to display the age of paths received for a given prefix using the

Multiple dynamic counter features may be enabled simultaneously, primarily configured using the ‘[no] hardware counter feature [feature]’ CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.

EOS 4.20.1F introduces expanded VRRP, VARP and MLAG Peer Gateway virtual MAC capabilities on the 7500R, 7280R,

IP in IP decapsulation was first introduced for the supported platforms(below) in EOS version 4.15.0F (IP in IP

DANZ provides a set of features and tools to enhance instrumentation and network/ application performance monitoring with the following key functional areas.

Measured boot is an anti-tamper mechanism. It calculates the cryptographic signatures for software system components and extends the signatures into the Trusted Platform Module (TPM) security chip. Upon startup, with the feature turned on, the Aboot bootloader and EOS calculate the hash of various system components and extend the hashes into the Platform Configuration Registers (PCRs), which is one of the resources of the Trusted Platform Module (TPM) security chip. The calculation and extension event is called the measured boot event, which is associated with a revision number to help the user identify changes to the event.

The FIB contains mappings between a prefix (identifying a destination network) and its associated Forwarding Equivalence Class (FEC), with the FEC containing one or more resolved Vias defining how traffic should be forwarded towards that destination network.

RFC 5837 describes extensions to the Internet Control Message Protocol (ICMP) that enable network devices to identify incoming and outgoing interfaces and next-hop addresses via extensions to specific ICMP error messages. These extensions are particularly useful for network diagnostics and troubleshooting applications.

EosSdkRpc is an agent built on top of the Arista EOS SDK. It uses gRPC as a mechanism to provide remote access to the EOS SDK. The gRPC interface that EosSdkRpc supports closely matches the interface provided by EOS SDK, and the intent is that the .proto interface can be publicly supported. EosSdkRpc allows for remote access and using protobuf to specify the interface isolates user code from the Linux ABI issues that come with building C++ applications on different compiler, libc, and kernel versions. EosSdkRpc is built using C++ but supports clients written in any of the languages currently supported by the gRPC framework.

This feature allows configuring backup entries for static MPLS LFIB routes via EOS SDK RPC to be activated if its corresponding primary entries are unable to forward traffic due to next hops being unresolved or its corresponding interface being down. Any backup entries will not be activated to forward traffic until all primary entries are unviable. Thereby, backup entries configured for the Static MPLS routes are a mechanism to achieve fast failover when the primary path fails.

This feature prevents policy churn by automatically placing switch interfaces with frequent flapping into an error-disabled state, effectively performing an automatic administrative shutdown. The feature also allows for automatically recovering these interfaces after a specified time. This feature reduces the risk of lost packets caused by continuous recomputation of DANZ Monitoring Fabric (DMF) policies due to flapping interfaces.

Traffic policies applied to interfaces are used to match traffic based on packet header fields or their summarized counterparts and take configured actions against them. The match rules configured in these policies are usually installed in a prioritized hardware table (i.e., TCAM) where the action of the first-hit filter is taken. The summarized fields are also installed in various hardware tables. The hardware utilization of traffic policies is very much dependent not only in the number of configured match rules but also in how the set of values are distributed for each field.

This feature is an extension of ZTX monitor mode functionality to virtual machines where a virtual machine running on a hypervisor(ESXi/KVM) will facilitate the generation of MSS policies by exporting flow telemetry to CloudVision Portal. vZTX will primarily focus on the use cases where the data traffic in the customer sites are limited(<10Gbps). This will help the customer to reduce the capital expenditure costs by avoiding the need of purchasing a dedicated hardware box. So, this product can cater to the needs of small to medium size enterprise customers.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. 

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge.

This feature adds support for using the management port on AWE-7220RP-5TH-2S alternately as Ethernet8 port.

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that condition is detected. It is a flexible and configurable way to automate the reaction to conditions without the need for a system operator to observe and apply the desired actions manually.

The EOS Event Manager feature, introduced in 4.17.0F,  provides the ability to specify a condition and an action

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that

This feature stores events describing changes to IS-IS IP routes into a SQL. These events are intended to be used to debug convergence issues and understand the impact changes elsewhere in the network have on an EOS device. When an IS-IS IP route changes due to an IS-IS SPF calculation and this feature is enabled, the feature tracks the time the route change is reflected at various "layers" of the route processing pipeline.

Event monitor is extended to support new event types that continuously synchronize their contents with the sqlite database (in contrast with event monitor’s current behavior of synchronizing event state only when cli commands are run.)

CloudVision allows you to generate event notifications so that you can stay up to date on your network's status and performance. Notification configuration involves formatting notifications, configuring notification platforms, assigning notification receivers, and configuring notification rules.

The ability to monitor and react to Syslog messages provides a powerful and flexible tool that can be used to apply self

In order to minimize the volume of change control events, CloudVision has introduced a new event, Change Control Events. Change Control Events is generated when 2 or more of the following events are triggered for the same change control:

CloudVision will generate a Disk Utilization on CloudVision Node Breached Threshold event when disk utilization for a CloudVision node has either exceeded the default threshold or breached the user-configured threshold set in event rules.

Event Rollup allows you to manage the volume of identical events and can be used to flag when an event is recurring. Event Rollup groups together events that are identical except for their timestamps. It does so in two ways: dynamically via the Event List and according to a 24-hour window via the detailed event view. It can be enabled or disabled at will, using the Roll Up toggle.

RFC7432 defines the MAC/IP advertisement NLRI (route type 2) for exchanging EVPN overlay end-hosts’ MAC and IP address reachability information. When an EVPN MAC/IP route contains more than one path to the same destination, the EVPN MAC/IP best-path selection algorithm determines which of these paths should be considered as the best path.

In the Centralized Anycast Gateway configuration, the Spines are configured with EVPN-IRB and are used as the IP Default Gateway(DWG), whereas the Top of rack switches perform L2 EVPN Routing.

This feature introduces the show bgp evpn sanity ( brief | detail )command. This command displays which EVPN configuration attributes are inconsistent as well as potential errors in the EVPN operational state.

This new feature explains the use of the BGP Domain PATH (D-PATH) attribute that can be used to identify the EVPN domain(s) through which the EVPN MAC-IP routes have passed. EOS DCI Gateway provides new mechanisms for users to specify the EVPN Domain Identifier for its local and remote domains.   DCI Gateways sharing the same redundancy group should share the same local domain identifier and same remote domain identifier.

E-Tree is an L2 EVPN service (defined in RFC8317) in which each attachment circuit (AC) is assigned the role of Root or Leaf. Root ACs can communicate with leaf ACs and other root ACs. Leaf ACs can only communicate with root ACs. Leaf AC to leaf AC traffic is blocked. In this implementation, ACs are configured at the VLAN level, and the forwarding rules are enforced using a combination of local configuration of leaf VLANs (for local hosts), and asymmetric route targets (for remote hosts).

Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers within a tunnel

In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.

In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.

This feature adds control plane support for inter subnet forwarding between EVPN networks. This support is achieved

This feature is available when configuring Layer2 EVPN or EVPN IRB.As described in RFC7432 section 15 [1], “MAC Mobility” or “MAC move” occurs when a Customer Edge (CE) moves from one Ethernet segment to another, resulting in two EVPN MAC/IP (Type 2) routes being advertised -- one route with the previous Ethernet segment ID (ESI) and the other with the new Ethernet segment ID. MAC mobility also happens when a CE moves from a single-homed provider edge (PE) to a different PE.

“MLAG Domain Shared Router MAC” is a new mechanism to introduce a new router MAC to be used for MLAG TOR Leaf pairs. The user can either explicitly configure the MAC address of their choice or use the system-generated MLAG system-id for this purpose.  

EVPN MPLS VPWS (RFC 8214) provides the ability to forward customer traffic to / from a given attachment circuit (AC) without any MAC lookup / learning. The basic advantage of VPWS over an L2 EVPN is the reduced control plane signalling due to not exchanging MAC address information. In contrast to LDP pseudowires, EVPN MPLS VPWS uses BGP for signalling. Port based and VLAN based services are supported.

In network deployments, where the border leaf or Superspine act as PEG and it is in the transit path to other multicast VTEPs, the multicast stream will not pass since the border leaf will decapsulate the packet even if it doesn't have a receiver. This transit node is called the Bud Node. The device should be able to send decapsulated packets to any local receivers as well as send the encapsulated packets to other VTEPs

Multihoming in EVPN allows a single customer edge (CE) to connect to multiple provider edges (PE or tunnel endpoint). These PE devices are all connected to the same Ethernet-Segment (ES). Multihoming is activated by assigning a unique Ethernet Segment Identifier (ESI) and ES-Import Route Target (RT) which enables all the PEs connected to the same multihomed site to import the Type 4 ES routes

In EVPN, an overlay index is a field in type-5 IP Prefix routes that indicates that they should resolve indirectly rather than using resolution information contained in the type-5 route itself. Depending on the type of overlay index, this resolution information may come from type-1 auto discovery or type-2 MAC+IP routes. For this feature the gateway IP address field of the type-5 NLRI is used as the overlay index, which matches the target IPv4 / IPv6 address in the type-2 NLRI. Other types of overlay index are described in RFC9136, but these are currently unsupported.

In EOS 4.22.0F, EVPN VXLAN all active multi homing L2 support is available. A customer edge (CE) device can connect to

Ethernet VPN (EVPN) networks normally require some measure of redundancy to reduce or eliminate the impact of outages and maintenance. RFC7432 describes four types of route to be exchanged through EVPN, with a built-in multihoming mechanism for redundancy. Prior to EOS 4.22.0F, MLAG was available as a redundancy option for EVPN with VXLAN, but not multihoming. EVPN multihoming is a multi-vendor standards-based redundancy solution that does not require a dedicated peer link and allows for more flexible configurations than MLAG, supporting peering on a per interface level rather than a per device level. It also supports a mass withdrawal mechanism to minimize traffic loss when a link goes down.

EVPN gateway support for all-active (A-A) multihoming adds a new redundancy model to our multi-domain EVPN solution introduced in [1]. This deployment model introduces the concept of a WAN Interconnect Ethernet Segment identifier (WAN I-ESI). The WAN I-ESI allows the gateway’s EVPN neighbors to form L2 and L3 overlay ECMP on routes re-exported by the gateways. The identifier is shared by gateway nodes within the same domain (site) and set in MAC-IP routes that cross domain boundaries.

The EVPN Gateway Data Center Interconnect (DCI) feature supports multihoming redundancy. This deployment model leverages a virtual Interconnect Ethernet Segment Identifier (I-ESI) to form an overlay ECMP across the EVPN DCI gateways. Recently, EOS added new features for managing the I-ES that improve traffic handling and convergence in certain failure scenarios:

This feature adds the ability for an L3 default gateway TEP in a Centralized Gateway topology to advertise its SVI virtual IP addresses to VARP MAC bindings and primary addresses to System MAC bindings using EVPN type-2 routes for EVPN VXLAN overlays. Two new commands, redistribute router-mac virtual-ip[next-hop vtep primary] and redistribute router-mac system ip are introduced to enable the redistributions. This would help the L2 TEP on the network to learn the default gateway IP without flooding an ARP request for the gateway IP. This feature is only intended for Centralized Gateway Topologies.