- Written by Nicolas Robert
- Posted on July 2, 2025
- Updated on July 2, 2025
- 342 Views
The feature allows filtering on source and destination IP addresses within the VXLAN inner payload, on ingress port ACL. The feature can be configured using the inner keyword within the VXLAN ACL configuration. Because of some limitations, the feature should be utilized for debugging purposes.
- Written by Sharad Tulsyan
- Posted on March 7, 2025
- Updated on July 21, 2025
- 1531 Views
The automatic Route Distinguisher (auto RD) feature is designed to simplify customer configuration by automating RD assignment. This feature is supported for the following address families.
- Written by Andrew Li
- Posted on January 23, 2019
- Updated on July 22, 2025
- 9898 Views
The BGP Prefix Independent Convergence (PIC) Edge feature refers to fast re-convergence of traffic destined for BGP prefixes on a network event affecting the best path(s) such that the time taken to switch traffic from the active best path(s) to the next best path (i.e. backup path) is independent of the number of prefixes. The above behavior is achieved by pre-programming the best path and alternate backup path in the forwarding agent in steady state.
- Written by Trevor Mendez
- Posted on July 2, 2025
- Updated on July 2, 2025
- 281 Views
BGP triggered IP-in-GUE Encapsulation provides a mechanism for dynamically creating tunnels in a core network using an IP underlay. IP-in-GUE (Generic UDP Encapsulation) encapsulates IP traffic in an IPv4/UDP header. IP unicast routes to destinations reachable across the core network are learned via BGP at the ingress edge.
- Written by Dylan Cho
- Posted on April 30, 2025
- Updated on July 23, 2025
- 917 Views
This feature implements the ability to configure any tx serdes parameters via the CLI. This is useful to work around any L1 issues that customers may encounter due to suboptimal networks/links/transceivers.
- Written by Radu Handolescu
- Posted on March 3, 2023
- Updated on July 15, 2025
- 9487 Views
Common Management Interface Specification (CMIS) defines, starting with revision 4.0, a standard mechanism for managing the firmware of compliant transceivers. This mechanism allows for transceivers’ firmware to be updated without having to remove the transceiver from the switch. Firmware updates may be necessary in a testing or production environment to resolve potential firmware bugs. Some transceivers may also support firmware management operations in a hitless manner (without impacting traffic).
- Written by Anand Narayanan Rao
- Posted on July 1, 2025
- Updated on July 1, 2025
- 297 Views
Currently data packets going over a DPS+IPsec tunnel have a fixed source IP, destination IP, protocol, source port and destination port after encapsulation for a given DPS path. Because of this, there is no good way to load-balance the tunneled traffic. However, to improve performance there is a need to load-balance the tunneled traffic.
- Written by Jacob Sword
- Posted on February 16, 2022
- Updated on July 4, 2025
- 12533 Views
Multiple dynamic counter features may be enabled simultaneously, primarily configured using the ‘[no] hardware counter feature [feature]’ CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.
- Written by Steve Ulrich
- Posted on June 5, 2023
- Updated on July 22, 2025
- 6361 Views
Traffic policies applied to interfaces are used to match traffic based on packet header fields or their summarized counterparts and take configured actions against them. The match rules configured in these policies are usually installed in a prioritized hardware table (i.e., TCAM) where the action of the first-hit filter is taken. The summarized fields are also installed in various hardware tables. The hardware utilization of traffic policies is very much dependent not only in the number of configured match rules but also in how the set of values are distributed for each field.
- Written by Abhishek Raghuveer
- Posted on July 9, 2025
- Updated on July 10, 2025
- 252 Views
This feature is an extension of ZTX monitor mode functionality to virtual machines where a virtual machine running on a hypervisor(ESXi/KVM) will facilitate the generation of MSS policies by exporting flow telemetry to CloudVision Portal. vZTX will primarily focus on the use cases where the data traffic in the customer sites are limited(<10Gbps). This will help the customer to reduce the capital expenditure costs by avoiding the need of purchasing a dedicated hardware box. So, this product can cater to the needs of small to medium size enterprise customers.
- Written by Vamsi Anne
- Posted on December 29, 2021
- Updated on July 22, 2025
- 13384 Views
As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.
- Written by Christopher Yamashita
- Posted on January 3, 2025
- Updated on July 18, 2025
- 2186 Views
As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks far more challenging, and the ability of service providers to respond to frame loss in such networks directly impacts their competitiveness.
- Written by Alton Lo
- Posted on May 14, 2024
- Updated on July 10, 2025
- 6133 Views
This new feature explains the use of the BGP Domain PATH (D-PATH) attribute that can be used to identify the EVPN domain(s) through which the EVPN MAC-IP routes have passed. EOS DCI Gateway provides new mechanisms for users to specify the EVPN Domain Identifier for its local and remote domains. DCI Gateways sharing the same redundancy group should share the same local domain identifier and same remote domain identifier.
- Written by Lavanya Conjeevaram
- Posted on March 31, 2017
- Updated on July 23, 2025
- 16418 Views
Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers within a tunnel
- Written by Kallol Mandal
- Posted on November 14, 2019
- Updated on July 10, 2025
- 15002 Views
Starting with EOS release 4.22.0F, the EVPN VXLAN L3 Gateway using EVPN IRB supports routing traffic from one IPV6
- Written by Deepjyoti Kakati
- Posted on July 2, 2025
- Updated on July 2, 2025
- 304 Views
This feature is to permit rapid restoration of outbound traffic on ECMP groups that have a mix of ports from Supervisor1(Linecard1) and Supervisor2(Linecard2) cards. In the context of the supported platforms, these are referred to as Uplink ports and have names starting with Eth1/ or Ethernet1/ (Linecard1) and Eth2 or Ethernet2/ (Linecard2).
- Written by Deepjyoti Kakati
- Posted on July 15, 2025
- Updated on July 17, 2025
- 163 Views
This feature is to permit rapid restoration of outbound traffic on LAG (port-channel) groups that have a mix of ports from Supervisor1(Linecard1) and Supervisor2(Linecard2) cards. In the context of the supported platforms, these are referred to as Uplink ports and have names starting with Eth1/ or Ethernet1/ (Linecard1) and Eth2 or Ethernet2/ (Linecard2).
- Written by Forhad Ahmed
- Posted on July 15, 2025
- Updated on July 15, 2025
- 134 Views
This feature introduces a per-VRF table “FIB route count” for hardware FIB tables, and associated actions.
- Written by Marc Pawlowsky
- Posted on March 7, 2025
- Updated on July 10, 2025
- 1636 Views
The agent DmaQueueMonitor provides visibility into packets coming up to the CPU via CPU queues. Packets are continuously sampled on monitored queues and kept available for reporting when a CPU congestion event occurs.
- Written by James Shephard
- Posted on August 25, 2019
- Updated on July 21, 2025
- 13737 Views
Forwarding destination prediction enables visibility into how a packet is forwarded through the switch, allowing you to determine which interfaces a packet would egress out of. Typical use cases include, but are not limited to, determining egress members for Port-Channels and ECMPs.
- Written by Charlotte Fedderly
- Posted on June 22, 2021
- Updated on July 18, 2025
- 10107 Views
Forwarding destination prediction enables visibility into how a packet is forwarded through the switch and allows
- Written by Brandon Bowling
- Posted on November 11, 2019
- Updated on July 22, 2025
- 8917 Views
This is an addendum to the “IP in IP decapsulation” document.When GRE decapsulation is configured using decap groups, incoming packets with an outer IP header having IPProto=47 (GRE) and a destination IP that matches the configured value will be decapsulated. This means that the outer IP and GRE headers will be removed from the packet, and all subsequent decisions will be based on the inner IP header.
- Written by Srinivasan Koona Lokabiraman
- Posted on July 2, 2025
- Updated on July 2, 2025
- 268 Views
The feature allows a GRE tunnel to be resolved over another GRE tunnel. The two GRE tunnels may be in the same VRF or different VRFs.
- Written by Harish Pradyot
- Posted on July 1, 2025
- Updated on July 14, 2025
- 314 Views
This feature when configured enables users to rewrite the DSCP of the GUE encapsulated header on IP-over-UDP tunnels while preserving the TOS value of the inner IP ( IPv4 / IPv6 ) payload. Starting from software version 4.34.1F, the CLI configuration to enable or disable DSCP preserve globally on the egress interface introduces a clear distinction in the behavior of GUE encapsulation on the core facing interface of the IP-over-UDP tunnels.
- Written by Vivek Dua
- Posted on September 15, 2023
- Updated on July 22, 2025
- 6022 Views
Current behavior for IPv4 Options packets is to let Kernel do the forwarding. Strata Platforms do this by setting the action of drop=1 and CPU=1 in the IP_OPTION_CONTROL_PROFILE_TABLE Hardware table so that all IPv4 options packets reach the CPU for forwarding in the Kernel.
- Written by Steven Beaudette
- Posted on March 13, 2024
- Updated on July 18, 2025
- 4960 Views
The Inline Pipeline Integrity Checker (IPIC) feature is used to verify that internal packet processing pipelines are not inadvertently corrupting packets or causing what is commonly referred to as a “bit flip.”
- Written by Jyothish Kunkumath
- Posted on January 6, 2022
- Updated on July 21, 2025
- 15989 Views
IPSec tunnel mode support allows the customer to encrypt traffic transiting between two tunnel endpoints.
- Written by Jason Lai
- Posted on July 15, 2025
- Updated on July 15, 2025
- 148 Views
This document provides information on how to configure IPv6 Endpoint Independent Filtering (EIF) and debug issues on the nat-vxlan profile on Arista 7170 switches.
- Written by Srinivasan Viswanathan
- Posted on December 27, 2024
- Updated on July 22, 2025
- 1959 Views
The document describes an extension of the decap group feature, that allows IPv6 addresses to be configured and used as part of a group. IP-in-IP packets with v6 destination matching a configured decap group IP will be decapsulated and forwarded based on the inner header. That will allow any IP-to-IP packet type to be decapsulated, i.e. IPv4 in IPv4, IPv4 in IPv6, IPv6 in IPv4 and IPv6 in IPv6.
- Written by Nathan Wolfe
- Posted on February 15, 2018
- Updated on July 15, 2025
- 15085 Views
Introduced in EOS-4.20.1F, “selectable hashing fields” feature controls whether a certain header’s field is used in the hash calculation for LAG and ECMP.
- Written by Marcin Szubert
- Posted on July 17, 2025
- Updated on July 17, 2025
- 103 Views
Maintenance mode is a framework that allows for the easy removal of switch elements or the entire switch from service with minimal configuration. This feature supports the maintenance mode in WAN Routing System Adaptive Virtual Topology, including high availability deployment. Traffic is drawn away from the node entering maintenance mode. Currently, the feature supports only maintenance mode for the built-in unit System.
- Written by Saurabh Singhal
- Posted on July 17, 2025
- Updated on July 17, 2025
- 97 Views
NIM-4S is a 4 port OCP 3.0 standard NIM card manufactured by Intel. The AWE-7230R-4TX-4S-F, AWE-5310-F, and AWE-7250R-16S-F, AWE-5510-F devices have 2 and 4 NIM (Network Interface Module) slots respectively. These devices now support NIM-4S cards.
- Written by Bhargav Jethwa
- Posted on June 27, 2024
- Updated on July 1, 2025
- 3790 Views
In some situations, packets received by an ASIC need to be redirected to the control plane: packets that have the destination address of the router or packets that need special handling from the CPU for example. The control plane cannot handle as many packets as the ASIC. A system that protects the control plane against DOS and prioritizes packets to send to the CPU is needed. This is accomplished by CoPP (control-plane policing). CoPP is already functioning, however, the CPU queues are statically allocated to a specific feature. If a feature is not used, the CPU queue statically allocated to the feature is not used either. This is a loss of resources.
- Written by Gaurav Chaudhari
- Posted on July 18, 2025
- Updated on July 18, 2025
- 82 Views
If Dot1x Mac based authentication ( MBA ) is disabled, supplicant discovery is attempted by sending periodic multicast identity requests. These requests are transmitted at a fixed interval, which is 60 seconds. This transmission continues until a successful authentication of an EAPOL supplicant is achieved. With MBA enabled, supplicant discovery also relies on multicast identity requests. However, the transmission interval is set to 30 seconds and the transmission count is set to 3.
- Written by Saurav Arora
- Posted on July 15, 2025
- Updated on July 15, 2025
- 125 Views
Destination based RTBH (remote triggered blackholing) is used on edge devices in a network to prevent DOS attack on a target network (IP/prefix) by blackholing/dropping the traffic destined towards this target. One of the ways to achieve this is through a trigger router sending a routing update for the prefix under attack to the edge routers configured for black hole filtering. The next-hop of such routing updates ends up getting resolved to a null/drop interface on the edge device, which results in blackholing all traffic destined towards this target network.
- Written by David Graham
- Posted on July 15, 2025
- Updated on July 15, 2025
- 175 Views
When this feature is enabled, responses to gNMI subscribe requests contain the default values for YANG leafs if those leafs do not have any other value.
- Written by Martin Stigge
- Posted on March 3, 2025
- Updated on July 18, 2025
- 1596 Views
RSVP-TE P2MP LER adds ingress and egress support for Point-to-Multipoint (P2MP) LSPs to be used in Multicast Virtual Private Network (MVPN) as an extension to the LSR support which adds transit support.
- Written by Jeevan Kamisetty
- Posted on November 4, 2020
- Updated on July 17, 2025
- 19508 Views
Network administrators require access to flow information that passes through various network elements, for the purpose of analyzing and monitoring their networks. This feature provides access to IP flow information by sampling traffic flows in ingress and/or egress directions on the interfaces on which it is configured. The samples are then used to create flow records, which are exported to the configured collectors in the IPFIX format. Egress Flow tracking is supported from EOS-4.29.0F on the DCS-7170B-64C series and supported on 7280, 7500 and 7800 series platforms from EOS-4.31.1".
- Written by Basil Saji
- Posted on January 17, 2022
- Updated on July 4, 2025
- 12579 Views
VXLAN UDP-ESP support allows the customer to encrypt traffic between two VXLAN VTEPs. The frame format looks like: NOTE, Secure VXLAN is s~upported with both the sectag2 and UDP-ESP format in 4.27.1, where sectag2 is the default encapsulation format. However, the sectag2 format is deprecated and should not be used.
- Written by Jared Dulmage
- Posted on July 5, 2024
- Updated on July 17, 2025
- 3841 Views
Priority-based flow control (PFC) buffer counters track ingress port buffer usage for each packet priority. This feature displays the high watermark buffer usage over two time intervals: a polling interval (by default 2 seconds) and the encompassing interval since the counters were cleared. The PFC buffer counter watermarks can be used to expose bursty and transient ingress buffer resource usage. High watermark values indicate congestion conditions that could explain packet loss.
- Written by Mayank Singh
- Posted on July 2, 2025
- Updated on July 2, 2025
- 275 Views
The support for configurable dynamic authorization port for different clients has been added to proxy the radius dynamic authorization (CoA) requests. By default, all radius dynamic authorization requests are only proxied to clients at port 3799, which is configurable now.
- Written by Deepanshu Shukla
- Posted on August 21, 2020
- Updated on July 7, 2025
- 18123 Views
This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups.
It is intended to help overcome the potential shortcomings of traditional hash-based load balancing by considering the traffic load of members of ECMP groups. DLB considers the state of the port while assigning egress ports to packets, resulting in a more even flow. The state of each port member is determined by measuring the amount of data transmitted from a given port and total number of packets enqueued to a given port.
- Written by Alok Kumar
- Posted on November 29, 2023
- Updated on July 7, 2025
- 5975 Views
This feature provides a CLI command showing the list of mac addresses that could not be learned due to hash collision in the hardware table. A hash collision occurs when two or more distinct pieces of data map to the same entry ( or slot ) in the hardware table. It can happen when the hash function used to calculate the index for a given mac address results in the already occupied index, resulting in the failure of inserting the later mac address to the hardware table.
- Written by Basil Saji
- Posted on November 9, 2020
- Updated on July 21, 2025
- 14183 Views
Private VLAN is a feature that segregates a regular VLAN broadcast domain while maintaining all ports in the same IP subnet. There are three types of VLAN within a private VLAN
- Written by Jingyao Li
- Posted on July 10, 2025
- Updated on July 10, 2025
- 179 Views
This feature adds the support for tracking the number of syslog messages sent to the server and the number of syslog messages received on the server, along with other log forwarding action statistics, continuously within the existing syslog logging mechanism.
- Written by Bruno
- Posted on July 17, 2025
- Updated on July 17, 2025
- 113 Views
This feature terminates GTP packets arriving on a tap port of a TapAgg switch by stripping the GTP header. The decapsulated (inner) packets then proceed through the normal TapAgg path. This functionality allows a GTPv1 tunnel to transmit tapped traffic to the TapAgg switch over an L3 network, significantly extending the available use cases for TapAgg.
- Written by Michael Wang
- Posted on July 2, 2024
- Updated on July 10, 2025
- 3475 Views
This feature introduces the ability to define matching rules to configure transceiver tuning on a switch. This is useful when a particular collection of transceivers are known to require tuning values which differ from EOS defaults.
- Written by Matthew Carrington-Fair
- Posted on March 3, 2023
- Updated on July 23, 2025
- 6879 Views
This feature allows the export of IP FIB (Forwarding Information Base) through the OpenConfig AFT YANG models.
- Written by Nikhil Satish Pai
- Posted on July 15, 2025
- Updated on July 15, 2025
- 134 Views
This feature allows configuring a static IS-IS neighbor to have a full adjacency on an interface, without needing an IS-IS peer at the other end.. The adjacency state will depend on the BGP session with a single hop eBGP peer presen t on the same interface: when the BGP session is established, the IS-IS adjacency will be up; in any other state, it will be down. This allows advertising an interface's traffic engineering information—like bandwidth and admin groups—within IS-IS without needing an IS-IS neighbor adjacency on the remote end.