TOI Author

Match rules define the specific traffic forwarded through the fabric. These criteria are applied directly within a policy, as part of a rule within a referenced rule group, or as a post-service match in a managed service. Each rule specifies parameters such as IP addresses, protocols, and ports. This update introduces expanded matching capabilities and removes previous restrictions regarding the combination of match criteria, allowing for more granular traffic steering.

As of DMF-8.9.0, when several IP addresses are used in a single policy (whether via an address group or individually across match rules with otherwise identical conditions), the controller groups the addresses together and programs them as a field set on supported switches. This field set has a label that can be directly referenced by TCAM, which allows that TCAM entry to match against packets with any of the IP prefixes in that field set. This optimization dramatically reduces the TCAM consumption for policies that reference many addresses, allowing significantly more policies or addresses to be programmed without exceeding switch TCAM capacity limits. For example, on a switch incapable of performing this optimization, a policy matching traffic from a 100-entry source address group to a 100-entry destination address group would require 100x100=10,000 individual entries. With this optimization, the controller programs two field sets and a single match rule that references both field sets, reducing TCAM consumption from 10,000 entries to just 1 entry for that policy.

Using the show switch <switch name/all> interface details or show switch <switch name/all> interface <interface name> details commands in the CLI will now include a Description column, which provides the configured description (if any) for the corresponding interface. This is a CLI-only change.

When configuring the MAC address of a switch, CLI commands and REST endpoints will accept a MAC address formatted as three groups of four hexadecimal digits separated by periods (e.g. 1122.3344.5566) in addition to the already accepted form of six hexadecimal digit pairs separated by colons (e.g. 11:22:33:44:55:66). 

DANZ Monitoring Fabric (DMF) 8.6 provides the initial support for the 7050DX4/PX4 for Early Field Trial (EFT). As such, not all features are currently available. Refer to the Limitations section at the end of this TOI.

The use-service-delivery option in use-managed-service was originally part of the service action chaining feature. It needed to be set to true when using service actions requiring a delivery interface set in the associated managed service configuration. 

Enable egress sFlow to sample traffic sent to any DANZ Monitoring Fabric (DMF) Recorder Node (RN) attached to the fabric. Examining these sampled packets on a configured sFlow collector allows the identification of post-match-rule flows recorded by the RNs without performing a query against the RNs. While not explicitly required, Arista Networks highly recommends using the DMF Analytics Node (AN) as the configured sFlow collector, as it can automatically identify packets sampled utilizing this feature.