Tag :: EOS 4.30.2F

Segment Routing Traffic Engineering Policy (SR-TE) aka SR Policy makes use of Segment Routing (SR) to allow a headend to steer traffic along any path without maintaining per flow state in every node. A headend steers traffic into an SR Policy.

The ‘show interfaces interactions’ command aims to provide users a resource that explains various relationships between ethernet interfaces. It describes interactions in which a configuration on an interface causes another set of interfaces to become inactive or have reduced capabilities.Examples include a primary interface consuming subordinate interfaces to service a four-lane speed or platform restrictions that require four interfaces of a port to operate at the same speed.

Normally BGP allocates local labels and installs LFIB entries for all received IPv4/IPv6 Labeled Unicast (LU) routes in anticipation of readvertising them with nexthop-self. However, some deployments don’t require nexthop-self with LU routes, so LFIB hardware resources are needlessly allocated, which can present an issue in large scale LU deployments. 

Smart System Upgrade (SSU) provides the ability to upgrade the EOS image with minimal traffic disruption. This is an existing feature on many fixed system products. This resource will outline the SSU feature in reference to CCS-750XP, which is the first modular product to support SSU.

This feature adds support for source interface based load-balancing with Dynamic Load-Balancing ( DLB ) and Hash based Load-Balancing on Equal Cost Multi Path ( ECMP ) groups

Storm control is a feature that allows the data plane to drop excess broadcast, unknown unicast, and/or multicast packets if the ingress packet rate exceeds a user-configurable threshold.

Storm control allows users to configure a traffic level above which incoming broadcast, unknown-unicast and multicast traffic on a port gets dropped, thus preventing flooded traffic from bringing the switch down.

The capabilities of TCAM-based features, such as ACLs, to match qualifiers and perform actions on traffic is dependent on the TCAM profile configured on the switch. Sometimes the TCAM profile does not support all qualifiers or actions configured in a feature. In the case of PACLs and RACLs, the unsupported operations are logged and warned. This document describes enabling strict handling of such PACLs and RACLs, resulting in errors upon their configuration.

This feature adds support for CPU traffic policy capable of matching and acting on IP traffic which would otherwise

This feature allows exporting the route count by protocol, i.e., a summary of routes, in the FIB (Forwarding Information Base) through the OpenConfig AFT YANG model.

IPv4 Unicast Reverse Path Forwarding (uRPF) can help limit malicious IPv4 traffic on a network. uRPF works by enabling the router to verify reachability (routing) of the source IP address (SIP) in the packet being forwarded. If the SIP is determined to not be a valid address, the packet is dropped.

IPv6 Unicast Reverse Path Forwarding (uRPF) can help limit malicious IPv6  traffic on a network. uRPF works by

This feature allows configuring a per-port PTP domain number, which may be different from the global PTP domain number, which will apply to PTP messages sent or received on that port. With this configuration applied, transmitted messages will contain the port-specific domain number and received messages will be accepted if they contain the port-specific or global domain number.

PimReg DR Filtering provides the ability to prevent unauthorized unicast addresses from registering with a rendezvous-point (RP) router.  This is accomplished by adding the unauthorized unicast address to a standard access-list. When the ACL is used on the RP, the RP inspects the source information on the PIM Register packet for a match before accepting/dropping the message. 

This document describes the OSPFv2 feature that allows the setting of “Down” (DN) bit in type-5 and type-7 LSAs. The DN Bit is a loop prevention mechanism implemented when OSPF is used as CE - PE IGP protocol. Its usage in OSPF is explained by RFC4576. By default, OSPF honors the DN-bit in type-3, type-5 or type-7 LSAs in non-default VRFs.

This document describes the OSPFv3 feature that allows the setting of “Down” (DN) bit in type-5 and type-7 LSAs. The DN Bit is a loop prevention mechanism implemented when OSPFv3 is used as CE - PE IGP protocol. Its usage in OSPFv3 is explained by RFC4576. By default, OSPFv3 honors the DN-bit in type-3, type-5 or type-7 LSAs in non-default VRFs. 

Topology Independent Fast Reroute, or TI-LFA, uses IS-IS SR to build loop-free alternate paths along the post-convergence path. These loop-free alternates provide fast convergence.

Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.

This feature introduces the support for Traffic Policy on VLANs. Traffic Policy allows the user to configure rules to match on certain packets through the packet processing pipeline. The user can also place actions to match packets.

This feature allows FDB export through the OpenConfig AFT YANG models. The streaming behavior of mac addresses are  Entries associated with SVI or L3 port have an associated VRF name. The VRF name is used to specify which network instance the FDB entry belongs to. 

Timestamping is an important tool for network engineering and performance analysis. The timestamp can be applied to a packet as either an inserted header or replacing the source MAC address of the original packet. Timestamps are recorded on ingress and applied on egress.

The Unified Forwarding Table (UFT) is memory that is shared between Layer2 and Layer3 lookup tables with capabilities for variable partitions. Rather than separate Layer2 and Layer3 lookup tables of fixed size, the UFT may be partitioned to support user-requested combinations of Layer2 and Layer3 lookup table sizes. The new UFT partitioning CLI has capabilities to reconfigure individual forwarding table scales (Layer2, Layer3 Unicast, Layer3 Multicast) according to the user’s input. The CLI provides an interface for granular control of the underlying UFT resources.

Unicast Reverse Path Forwarding (uRPF) can help limit malicious IPv4/IPv6 traffic on a network. uRPF works by enabling the router to verify reachability (routing) of the source IP address (SIP) in the packet being forwarded. If the SIP is determined to be an invalid address, the packet is dropped.

This feature allows Unicast Reverse Path Forwarding (uRPF) to be enabled along with Routes in Exact Match Table( REM/FlexRoute ). One prefix length can be selected to be in the Large Exact Match table (LEM) along with uRPF support.

This article describes how to customize TCAM ( Ternary Content Addressable Memory ) lookup for each feature which uses TCAM.

This feature is adding VARP support for proxy ARP and local proxy ARP. Without this feature, when an active VARP instance and proxy ARP / local proxy ARP are both configured on the same interface, proxy ARP / local proxy ARP uses the interface physical MAC address in the proxy ARP / local proxy Arp replies. With this feature, when an active VARP instance and proxy ARP / local proxy ARP are both configured on the same interface, proxy ARP / local proxy ARP uses the VARP virtual MAC address in the proxy ARP / local proxy Arp replies.

Virtual Private LAN Service (VPLS) appears in (almost) all respects as an Ethernet type service to customers of a Service Provider (SP). A VPLS glues together several individual LANs across a packet switched network to appear and function as a single bridged LAN.

The document describes the support for policing on one or more VNIs configured on a Vxlan interface. This feature allows dedicated policing of flows on a VNI in both directions which corresponds to incoming traffic from a remote VTEP and outgoing traffic towards a remote VTEP. Policers in the hardware are created with policer profiles attached to VNIs. Policer profiles can be shared across multiple VNIs but policers are dedicated.