Tag :: EOS 4.34.1F

The feature allows filtering on source and destination IP addresses within the VXLAN inner payload, on ingress port ACL. The feature can be configured using the inner keyword within the VXLAN ACL configuration. Because of some limitations, the feature should be utilized for debugging purposes.

BGP triggered IP-in-GUE Encapsulation provides a mechanism for dynamically creating tunnels in a core network using an IP underlay.  IP-in-GUE (Generic UDP Encapsulation) encapsulates IP traffic in an IPv4/UDP header.  IP unicast routes to destinations reachable across the core network are learned via BGP at the ingress edge.

Common Management Interface Specification (CMIS) defines, starting with revision 4.0, a standard mechanism for managing the firmware of compliant transceivers. This mechanism allows for transceivers’ firmware to be updated without having to remove the transceiver from the switch. Firmware updates may be necessary in a testing or production environment to resolve potential firmware bugs. Some transceivers may also support firmware management operations in a hitless manner (without impacting traffic).

Currently data packets going over a DPS+IPsec tunnel have a fixed source IP, destination IP, protocol, source port and destination port after encapsulation for a given DPS path. Because of this, there is no good way to load-balance the tunneled traffic. However, to improve performance there is a need to load-balance the tunneled traffic. 

Multiple dynamic counter features may be enabled simultaneously, primarily configured using the ‘[no] hardware counter feature [feature]’ CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.

This feature is an extension of ZTX monitor mode functionality to virtual machines where a virtual machine running on a hypervisor(ESXi/KVM) will facilitate the generation of MSS policies by exporting flow telemetry to CloudVision Portal. vZTX will primarily focus on the use cases where the data traffic in the customer sites are limited(<10Gbps). This will help the customer to reduce the capital expenditure costs by avoiding the need of purchasing a dedicated hardware box. So, this product can cater to the needs of small to medium size enterprise customers.

This new feature explains the use of the BGP Domain PATH (D-PATH) attribute that can be used to identify the EVPN domain(s) through which the EVPN MAC-IP routes have passed. EOS DCI Gateway provides new mechanisms for users to specify the EVPN Domain Identifier for its local and remote domains.   DCI Gateways sharing the same redundancy group should share the same local domain identifier and same remote domain identifier.

Starting with EOS release 4.22.0F, the EVPN VXLAN L3 Gateway using EVPN IRB supports routing traffic from one IPV6

This feature is to permit rapid restoration of outbound traffic on ECMP groups that have a mix of ports from Supervisor1(Linecard1) and Supervisor2(Linecard2) cards. In the context of the supported platforms, these are referred to as Uplink ports and have names starting with Eth1/ or Ethernet1/ (Linecard1) and Eth2 or Ethernet2/ (Linecard2).

This feature is to permit rapid restoration of outbound traffic on LAG (port-channel) groups that have a mix of ports from Supervisor1(Linecard1) and Supervisor2(Linecard2) cards. In the context of the supported platforms, these are referred to as Uplink ports and have names starting with Eth1/ or Ethernet1/ (Linecard1) and Eth2 or Ethernet2/ (Linecard2).

This feature introduces a per-VRF table “FIB route count” for hardware FIB tables, and associated actions.

The agent DmaQueueMonitor provides visibility into packets coming up to the CPU via CPU queues. Packets are continuously sampled on monitored queues and kept available for reporting when a CPU congestion event occurs.

The feature allows a GRE tunnel to be resolved over another GRE tunnel. The two GRE tunnels may be in the same VRF or different VRFs.

This feature when configured enables users to rewrite the DSCP of the GUE encapsulated header on IP-over-UDP tunnels while preserving the TOS value of the inner IP ( IPv4 / IPv6 ) payload. Starting from software version 4.34.1F, the CLI configuration to enable or disable DSCP preserve globally on the egress interface introduces a clear distinction in the behavior of GUE encapsulation on the core facing interface of the IP-over-UDP tunnels.

This document provides information on how to configure IPv6 Endpoint Independent Filtering (EIF) and debug issues on the nat-vxlan profile on Arista 7170 switches.

Introduced in EOS-4.20.1F, “selectable hashing fields” feature controls whether a certain header’s field is used in the hash calculation for LAG and ECMP.

Maintenance mode is a framework that allows for the easy removal of switch elements or the entire switch from service with minimal configuration. This feature supports the maintenance mode in WAN Routing System Adaptive Virtual Topology, including high availability deployment. Traffic is drawn away from the node entering maintenance mode. Currently, the feature supports only maintenance mode for the built-in unit System.

NIM-4S is a 4 port OCP 3.0 standard NIM card manufactured by Intel. The AWE-7230R-4TX-4S-F, AWE-5310-F, and AWE-7250R-16S-F, AWE-5510-F devices have 2 and 4 NIM (Network Interface Module) slots respectively. These devices now support NIM-4S cards.

In some situations, packets received by an ASIC need to be redirected to the control plane: packets that have the destination address of the router or packets that need special handling from the CPU for example. The control plane cannot handle as many packets as the ASIC. A system that protects the control plane against DOS and prioritizes packets to send to the CPU is needed.  This is accomplished by CoPP (control-plane policing). CoPP is already functioning, however, the CPU queues are statically allocated to a specific feature. If a feature is not used, the CPU queue statically allocated to the feature is not used either. This is a loss of resources.

Destination based RTBH (remote triggered blackholing) is used on edge devices in a network to prevent DOS attack on a target network (IP/prefix) by blackholing/dropping the traffic destined towards this target. One of the ways to achieve this is through a trigger router sending a routing update for the prefix under attack to the edge routers configured for black hole filtering. The next-hop of such routing updates ends up getting resolved to a null/drop interface on the edge device, which results in blackholing all traffic destined towards this target network. 

When this feature is enabled, responses to gNMI subscribe requests contain the default values for YANG leafs if those leafs do not have any other value.

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.

Network administrators require access to flow information that passes through various network elements, for the purpose of analyzing and monitoring their networks. This feature provides access to IP flow information by sampling traffic flows in ingress and/or egress directions on the interfaces on which it is configured. The samples are then used to create flow records, which are exported to the configured collectors in the IPFIX format. Egress Flow tracking is supported from EOS-4.29.0F on the DCS-7170B-64C series and supported on 7280, 7500 and 7800 series platforms from EOS-4.31.1".

VXLAN UDP-ESP support allows the customer to encrypt traffic between two VXLAN VTEPs. The frame format looks like: NOTE, Secure VXLAN is s~upported with both the sectag2 and UDP-ESP format in 4.27.1, where sectag2 is the default encapsulation format. However, the sectag2 format is deprecated and should not be used.

Priority-based flow control (PFC) buffer counters track ingress port buffer usage for each packet priority. This feature displays the high watermark buffer usage over two time intervals: a polling interval (by default 2 seconds) and the encompassing interval since the counters were cleared. The PFC buffer counter watermarks can be used to expose bursty and transient ingress buffer resource usage. High watermark values indicate congestion conditions that could explain packet loss.

The support for configurable dynamic authorization port for different clients has been added to proxy the radius dynamic authorization (CoA) requests. By default, all radius dynamic authorization requests are only proxied to clients at port 3799, which is configurable now.

This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups.
It is intended to help overcome the potential shortcomings of traditional hash-based load balancing by considering the traffic load of members of ECMP groups. DLB considers the state of the port while assigning egress ports to packets, resulting in a more even flow. The state of each port member is determined by measuring the amount of data transmitted from a given port and total number of packets enqueued to a given port.

This feature provides a CLI command showing the list of mac addresses that could not be learned due to hash collision in the hardware table. A hash collision occurs when two or more distinct pieces of data map to the same entry ( or slot ) in the hardware table. It can happen when the hash function used to calculate the index for a given mac address results in the already occupied index, resulting in the failure of inserting the later mac address to the hardware table.

This feature adds the support for tracking the number of syslog messages sent to the server and the number of syslog messages received on the server, along with other log forwarding action statistics, continuously within the existing syslog logging mechanism.

This feature terminates GTP packets arriving on a tap port of a TapAgg switch by stripping the GTP header. The decapsulated (inner) packets then proceed through the normal TapAgg path. This functionality allows a GTPv1 tunnel to transmit tapped traffic to the TapAgg switch over an L3 network, significantly extending the available use cases for TapAgg.

This feature introduces the ability to define matching rules to configure transceiver tuning on a switch. This is useful when a particular collection of transceivers are known to require tuning values which differ from EOS defaults.

This feature allows configuring a static IS-IS neighbor to have a full adjacency on an interface, without needing an IS-IS peer at the other end.. The adjacency state will depend on the BGP session with a single hop eBGP peer presen t on the same interface: when the BGP session is established, the IS-IS adjacency will be up; in any other state, it will be down. This allows advertising an interface's traffic engineering information—like bandwidth and admin groups—within IS-IS without needing an IS-IS neighbor adjacency on the remote end.

BGP routing information often contains more than one path to the same destination network. The BGP best-path selection algorithm determines which of these paths should be considered as the best path to that network.

The feature introduces a CLI command for transceiver reinitialization, simulating a physical removal and reinsertion of the transceiver. This is a great feature for remote troubleshooting, when physical access is not possible or convenient. To configure, issue the CLI command "transceiver reinitialize slot" in exec mode. The command takes effect immediately, toggles the reset pin and initiates a transceiver initialization sequence.

This feature provides the capability to configure transceiver SERDES electrical tuning parameters. The ability to

This feature makes IGMP Snooping aware of VXLAN endpoints. Without this feature, multicast data traffic is flooded to all the VXLAN endpoints in case of a VXLAN VLAN. This increases the underlay network utilization. It is desirable to forward multicast traffic to only those VXLAN endpoints that are attached to receivers. To identify interested VXLAN endpoints, this feature snoops IGMP reports that are coming from the remote VXLAN endpoints. Note: EVPN control plane is not required when using this feature.

The primary purpose of the ZTX Node in Monitor Mode is to provide visibility into app-to-app traffic in the network, and to develop non-intrusive MSS policies that are aligned with applications requirements. Deploying group-based MSS policies is essential to secure Data Center and Campus environments, the ZTX Monitor Node provides the visibility needed to build such policies. The below diagram depicts how ZTX Node fits into a network to provide visibility.