EOS 4.34.1F TOI

The feature allows filtering on source and destination IP addresses within the VXLAN inner payload, on ingress port ACL. The feature can be configured using the inner keyword within the VXLAN ACL configuration. Because of some limitations, the feature should be utilized for debugging purposes.

The automatic Route Distinguisher (auto RD) feature is designed to simplify customer configuration by automating RD assignment. This feature is supported for the following address families.

The BGP Prefix Independent Convergence (PIC) Edge feature refers to fast re-convergence of traffic destined for BGP prefixes on a network event affecting the best path(s) such that the time taken to switch traffic from the active best path(s) to the next best path (i.e. backup path) is independent of the number of prefixes. The above behavior is achieved by pre-programming the best path and alternate backup path in the forwarding agent in steady state.

BGP triggered IP-in-GUE Encapsulation provides a mechanism for dynamically creating tunnels in a core network using an IP underlay.  IP-in-GUE (Generic UDP Encapsulation) encapsulates IP traffic in an IPv4/UDP header.  IP unicast routes to destinations reachable across the core network are learned via BGP at the ingress edge.

This feature implements the ability to configure any tx serdes parameters via the CLI. This is useful to work around any L1 issues that customers may encounter due to suboptimal networks/links/transceivers.

Common Management Interface Specification (CMIS) defines, starting with revision 4.0, a standard mechanism for managing the firmware of compliant transceivers. This mechanism allows for transceivers’ firmware to be updated without having to remove the transceiver from the switch. Firmware updates may be necessary in a testing or production environment to resolve potential firmware bugs. Some transceivers may also support firmware management operations in a hitless manner (without impacting traffic).

Currently data packets going over a DPS+IPsec tunnel have a fixed source IP, destination IP, protocol, source port and destination port after encapsulation for a given DPS path. Because of this, there is no good way to load-balance the tunneled traffic. However, to improve performance there is a need to load-balance the tunneled traffic. 

Multiple dynamic counter features may be enabled simultaneously, primarily configured using the ‘[no] hardware counter feature [feature]’ CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.

Traffic policies applied to interfaces are used to match traffic based on packet header fields or their summarized counterparts and take configured actions against them. The match rules configured in these policies are usually installed in a prioritized hardware table (i.e., TCAM) where the action of the first-hit filter is taken. The summarized fields are also installed in various hardware tables. The hardware utilization of traffic policies is very much dependent not only in the number of configured match rules but also in how the set of values are distributed for each field.

This feature is an extension of ZTX monitor mode functionality to virtual machines where a virtual machine running on a hypervisor(ESXi/KVM) will facilitate the generation of MSS policies by exporting flow telemetry to CloudVision Portal. vZTX will primarily focus on the use cases where the data traffic in the customer sites are limited(<10Gbps). This will help the customer to reduce the capital expenditure costs by avoiding the need of purchasing a dedicated hardware box. So, this product can cater to the needs of small to medium size enterprise customers.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks far more challenging, and the ability of service providers to respond to frame loss in such networks directly impacts their competitiveness.

This new feature explains the use of the BGP Domain PATH (D-PATH) attribute that can be used to identify the EVPN domain(s) through which the EVPN MAC-IP routes have passed. EOS DCI Gateway provides new mechanisms for users to specify the EVPN Domain Identifier for its local and remote domains.   DCI Gateways sharing the same redundancy group should share the same local domain identifier and same remote domain identifier.

Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers within a tunnel

Starting with EOS release 4.22.0F, the EVPN VXLAN L3 Gateway using EVPN IRB supports routing traffic from one IPV6

This feature is to permit rapid restoration of outbound traffic on ECMP groups that have a mix of ports from Supervisor1(Linecard1) and Supervisor2(Linecard2) cards. In the context of the supported platforms, these are referred to as Uplink ports and have names starting with Eth1/ or Ethernet1/ (Linecard1) and Eth2 or Ethernet2/ (Linecard2).

This feature is to permit rapid restoration of outbound traffic on LAG (port-channel) groups that have a mix of ports from Supervisor1(Linecard1) and Supervisor2(Linecard2) cards. In the context of the supported platforms, these are referred to as Uplink ports and have names starting with Eth1/ or Ethernet1/ (Linecard1) and Eth2 or Ethernet2/ (Linecard2).

This feature introduces a per-VRF table “FIB route count” for hardware FIB tables, and associated actions.

The agent DmaQueueMonitor provides visibility into packets coming up to the CPU via CPU queues. Packets are continuously sampled on monitored queues and kept available for reporting when a CPU congestion event occurs.

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch, allowing you to determine which interfaces a packet would egress out of. Typical use cases include, but are not limited to, determining egress members for Port-Channels and ECMPs.

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch and allows

This is an addendum to the “IP in IP decapsulation” document.When GRE decapsulation is configured using decap groups, incoming packets with an outer IP header having IPProto=47 (GRE) and a destination IP that matches the configured value will be decapsulated. This means that the outer IP and GRE headers will be removed from the packet, and all subsequent decisions will be based on the inner IP header.

The feature allows a GRE tunnel to be resolved over another GRE tunnel. The two GRE tunnels may be in the same VRF or different VRFs.

This feature when configured enables users to rewrite the DSCP of the GUE encapsulated header on IP-over-UDP tunnels while preserving the TOS value of the inner IP ( IPv4 / IPv6 ) payload. Starting from software version 4.34.1F, the CLI configuration to enable or disable DSCP preserve globally on the egress interface introduces a clear distinction in the behavior of GUE encapsulation on the core facing interface of the IP-over-UDP tunnels.

Current behavior for IPv4 Options packets is to let Kernel do the forwarding. Strata Platforms do this by setting the action of drop=1 and CPU=1 in the IP_OPTION_CONTROL_PROFILE_TABLE Hardware table so that all IPv4 options packets reach the CPU for forwarding in the Kernel.

The Inline Pipeline Integrity Checker (IPIC) feature is used to verify that internal packet processing pipelines are not inadvertently corrupting packets or causing what is commonly referred to as a “bit flip.”

PKI (Public Key Infrastructure) is a certificate based authentication solution for IPsec protocol.

IPSec tunnel mode support allows the customer to encrypt traffic transiting between two tunnel endpoints.

This document provides information on how to configure IPv6 Endpoint Independent Filtering (EIF) and debug issues on the nat-vxlan profile on Arista 7170 switches.

The document describes an extension of the decap group feature, that allows IPv6 addresses to be configured and used as part of a group. IP-in-IP packets with v6 destination matching a configured decap group IP will be decapsulated and forwarded based on the inner header. That will allow any IP-to-IP packet type to be decapsulated, i.e. IPv4 in IPv4, IPv4 in IPv6, IPv6 in IPv4 and IPv6 in IPv6.

Introduced in EOS-4.20.1F, “selectable hashing fields” feature controls whether a certain header’s field is used in the hash calculation for LAG and ECMP.

Maintenance mode is a framework that allows for the easy removal of switch elements or the entire switch from service with minimal configuration. This feature supports the maintenance mode in WAN Routing System Adaptive Virtual Topology, including high availability deployment. Traffic is drawn away from the node entering maintenance mode. Currently, the feature supports only maintenance mode for the built-in unit System.

NIM-4S is a 4 port OCP 3.0 standard NIM card manufactured by Intel. The AWE-7230R-4TX-4S-F, AWE-5310-F, and AWE-7250R-16S-F, AWE-5510-F devices have 2 and 4 NIM (Network Interface Module) slots respectively. These devices now support NIM-4S cards.

In some situations, packets received by an ASIC need to be redirected to the control plane: packets that have the destination address of the router or packets that need special handling from the CPU for example. The control plane cannot handle as many packets as the ASIC. A system that protects the control plane against DOS and prioritizes packets to send to the CPU is needed.  This is accomplished by CoPP (control-plane policing). CoPP is already functioning, however, the CPU queues are statically allocated to a specific feature. If a feature is not used, the CPU queue statically allocated to the feature is not used either. This is a loss of resources.

If Dot1x Mac based authentication ( MBA ) is disabled, supplicant discovery is attempted by sending periodic multicast identity requests. These requests are transmitted at a fixed interval, which is 60 seconds. This transmission continues until a successful authentication of an EAPOL supplicant is achieved. With MBA enabled, supplicant discovery also relies on multicast identity requests. However, the transmission interval is set to 30 seconds and the transmission count is set to 3.

Destination based RTBH (remote triggered blackholing) is used on edge devices in a network to prevent DOS attack on a target network (IP/prefix) by blackholing/dropping the traffic destined towards this target. One of the ways to achieve this is through a trigger router sending a routing update for the prefix under attack to the edge routers configured for black hole filtering. The next-hop of such routing updates ends up getting resolved to a null/drop interface on the edge device, which results in blackholing all traffic destined towards this target network. 

When this feature is enabled, responses to gNMI subscribe requests contain the default values for YANG leafs if those leafs do not have any other value.

RSVP-TE P2MP LER adds ingress and egress support for Point-to-Multipoint (P2MP) LSPs to be used in Multicast Virtual Private Network (MVPN) as an extension to the LSR support which adds transit support.

Network administrators require access to flow information that passes through various network elements, for the purpose of analyzing and monitoring their networks. This feature provides access to IP flow information by sampling traffic flows in ingress and/or egress directions on the interfaces on which it is configured. The samples are then used to create flow records, which are exported to the configured collectors in the IPFIX format. Egress Flow tracking is supported from EOS-4.29.0F on the DCS-7170B-64C series and supported on 7280, 7500 and 7800 series platforms from EOS-4.31.1".

VXLAN UDP-ESP support allows the customer to encrypt traffic between two VXLAN VTEPs. The frame format looks like: NOTE, Secure VXLAN is s~upported with both the sectag2 and UDP-ESP format in 4.27.1, where sectag2 is the default encapsulation format. However, the sectag2 format is deprecated and should not be used.

Priority-based flow control (PFC) buffer counters track ingress port buffer usage for each packet priority. This feature displays the high watermark buffer usage over two time intervals: a polling interval (by default 2 seconds) and the encompassing interval since the counters were cleared. The PFC buffer counter watermarks can be used to expose bursty and transient ingress buffer resource usage. High watermark values indicate congestion conditions that could explain packet loss.

The support for configurable dynamic authorization port for different clients has been added to proxy the radius dynamic authorization (CoA) requests. By default, all radius dynamic authorization requests are only proxied to clients at port 3799, which is configurable now.

This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups.
It is intended to help overcome the potential shortcomings of traditional hash-based load balancing by considering the traffic load of members of ECMP groups. DLB considers the state of the port while assigning egress ports to packets, resulting in a more even flow. The state of each port member is determined by measuring the amount of data transmitted from a given port and total number of packets enqueued to a given port.

This feature provides a CLI command showing the list of mac addresses that could not be learned due to hash collision in the hardware table. A hash collision occurs when two or more distinct pieces of data map to the same entry ( or slot ) in the hardware table. It can happen when the hash function used to calculate the index for a given mac address results in the already occupied index, resulting in the failure of inserting the later mac address to the hardware table.

Private VLAN is a feature that segregates a regular VLAN broadcast domain while maintaining all ports in the same IP subnet. There are three types of VLAN within a private VLAN

This feature adds the support for tracking the number of syslog messages sent to the server and the number of syslog messages received on the server, along with other log forwarding action statistics, continuously within the existing syslog logging mechanism.

This feature terminates GTP packets arriving on a tap port of a TapAgg switch by stripping the GTP header. The decapsulated (inner) packets then proceed through the normal TapAgg path. This functionality allows a GTPv1 tunnel to transmit tapped traffic to the TapAgg switch over an L3 network, significantly extending the available use cases for TapAgg.

This feature introduces the ability to define matching rules to configure transceiver tuning on a switch. This is useful when a particular collection of transceivers are known to require tuning values which differ from EOS defaults.

This feature allows the export of IP FIB (Forwarding Information Base) through the OpenConfig AFT YANG models.

This feature allows configuring a static IS-IS neighbor to have a full adjacency on an interface, without needing an IS-IS peer at the other end.. The adjacency state will depend on the BGP session with a single hop eBGP peer presen t on the same interface: when the BGP session is established, the IS-IS adjacency will be up; in any other state, it will be down. This allows advertising an interface's traffic engineering information—like bandwidth and admin groups—within IS-IS without needing an IS-IS neighbor adjacency on the remote end.