This feature optimizes the utilization of hardware resources by sharing tcam entries for a group of SVIs on which an

RadSec or RADIUS over TLS is a protocol for secure communication between a client and the RADIUS server. RadSec uses TCP and TLS protocols to form a secure tunnel between the client and the server.

The BGP implementation now provides the ability to display the age of paths received for a given prefix using the

Multiple dynamic counter features may be enabled simultaneously, primarily configured using the ‘[no] hardware counter feature [feature]’ CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.

EOS 4.20.1F introduces expanded VRRP, VARP and MLAG Peer Gateway virtual MAC capabilities on the 7500R, 7280R,

TOI 4.20.1F

IP in IP decapsulation was first introduced for the supported platforms(below) in EOS version 4.15.0F (IP in IP

DANZ provides a set of features and tools to enhance instrumentation and network/ application performance monitoring with the following key functional areas.

Measured boot is an anti-tamper mechanism. It calculates the cryptographic signatures for software system components and extends the signatures into the Trusted Platform Module (TPM) security chip. Upon startup, with the feature turned on, the Aboot bootloader and EOS calculate the hash of various system components and extend the hashes into the Platform Configuration Registers (PCRs), which is one of the resources of the Trusted Platform Module (TPM) security chip. The calculation and extension event is called the measured boot event, which is associated with a revision number to help the user identify changes to the event.

RFC 5837 describes extensions to the Internet Control Message Protocol (ICMP) that enable network devices to identify incoming and outgoing interfaces and next-hop addresses via extensions to specific ICMP error messages. These extensions are particularly useful for network diagnostics and troubleshooting applications.

EosSdkRpc is an agent built on top of the Arista EOS SDK. It uses gRPC as a mechanism to provide remote access to the EOS SDK. The gRPC interface that EosSdkRpc supports closely matches the interface provided by EOS SDK, and the intent is that the .proto interface can be publicly supported. EosSdkRpc allows for remote access and using protobuf to specify the interface isolates user code from the Linux ABI issues that come with building C++ applications on different compiler, libc, and kernel versions. EosSdkRpc is built using C++ but supports clients written in any of the languages currently supported by the gRPC framework.

This feature prevents policy churn by automatically placing switch interfaces with frequent flapping into an error-disabled state, effectively performing an automatic administrative shutdown. The feature also allows for automatically recovering these interfaces after a specified time. This feature reduces the risk of lost packets caused by continuous recomputation of DANZ Monitoring Fabric (DMF) policies due to flapping interfaces.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. 

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks far more challenging, and the ability of service providers to respond to frame loss in such networks directly impacts their competitiveness.

This feature adds support for using the management port on AWE-7220RP-5TH-2S alternately as Ethernet8 port.

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that condition is detected. It is a flexible and configurable way to automate the reaction to conditions without the need for a system operator to observe and apply the desired actions manually.

The EOS Event Manager feature, introduced in 4.17.0F,  provides the ability to specify a condition and an action

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that

Event monitor is extended to support new event types that continuously synchronize their contents with the sqlite database (in contrast with event monitor’s current behavior of synchronizing event state only when cli commands are run.)

CloudVision allows you to generate event notifications so that you can stay up to date on your network's status and performance. Notification configuration involves formatting notifications, configuring notification platforms, assigning notification receivers, and configuring notification rules.

The ability to monitor and react to Syslog messages provides a powerful and flexible tool that can be used to apply self

TOI

Event Rollup allows you to manage the volume of identical events and can be used to flag when an event is recurring. Event Rollup groups together events that are identical except for their timestamps. It does so in two ways: dynamically via the Event List and according to a 24-hour window via the detailed event view. It can be enabled or disabled at will, using the Roll Up toggle.

In order to minimize the volume of change control events, CloudVision has introduced a new event, Change Control Events. Change Control Events is generated when 2 or more of the following events are triggered for the same change control:

CloudVision will generate a Disk Utilization on CloudVision Node Breached Threshold event when disk utilization for a CloudVision node has either exceeded the default threshold or breached the user-configured threshold set in event rules.

RFC7432 defines the MAC/IP advertisement NLRI (route type 2) for exchanging EVPN overlay end-hosts’ MAC and IP address reachability information. When an EVPN MAC/IP route contains more than one path to the same destination, the EVPN MAC/IP best-path selection algorithm determines which of these paths should be considered as the best path.

In the Centralized Anycast Gateway configuration, the Spines are configured with EVPN IRB and are used as the IP

E-Tree is an L2 EVPN service (defined in RFC8317) in which each attachment circuit (AC) is assigned the role of Root or Leaf. In this implementation, ACs are configured at the VLAN level, and the forwarding rules are enforced using a combination of local configuration of leaf VLANs (for local hosts), and asymmetric route targets (for remote hosts).

Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers within a tunnel

In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.

This feature adds control plane support for inter subnet forwarding between EVPN networks. This support is achieved

This feature is available when configuring Layer2 EVPN or EVPN IRB. As described in RFC7432 section 15

“MLAG Domain Shared Router MAC” is a new mechanism to introduce a new router MAC to be used for MLAG TOR Leaf pairs. The user can either explicitly configure the MAC address of their choice or use the system-generated MLAG system-id for this purpose.  

EVPN MPLS VPWS (RFC 8214) provides the ability to forward customer traffic to / from a given attachment circuit (AC) without any MAC lookup / learning. The basic advantage of VPWS over an L2 EVPN is the reduced control plane signalling due to not exchanging MAC address information. In contrast to LDP pseudowires, EVPN MPLS VPWS uses BGP for signalling. Port based and VLAN based services are supported.

Multihoming in EVPN allows a single customer edge (CE) to connect to multiple provider edges (PE or tunnel endpoint). These PE devices are all connected to the same Ethernet-Segment (ES). Multihoming is activated by assigning a unique Ethernet Segment Identifier (ESI) and ES-Import Route Target (RT) which enables all the PEs connected to the same multihomed site to import the Type 4 ES routes

In EOS 4.22.0F, EVPN VXLAN all active multi homing L2 support is available. A customer edge (CE) device can connect to

Ethernet VPN (EVPN) networks normally require some measure of redundancy to reduce or eliminate the impact of outages and maintenance. RFC7432 describes four types of route to be exchanged through EVPN, with a built-in multihoming mechanism for redundancy. Prior to EOS 4.22.0F, MLAG was available as a redundancy option for EVPN with VXLAN, but not multihoming. EVPN multihoming is a multi-vendor standards-based redundancy solution that does not require a dedicated peer link and allows for more flexible configurations than MLAG, supporting peering on a per interface level rather than a per device level. It also supports a mass withdrawal mechanism to minimize traffic loss when a link goes down.

EVPN gateway support for all-active (A-A) multihoming adds a new redundancy model to our multi-domain EVPN solution introduced in [1]. This deployment model introduces the concept of a WAN Interconnect Ethernet Segment identifier (WAN I-ESI). The WAN I-ESI allows the gateway’s EVPN neighbors to form L2 and L3 overlay ECMP on routes re-exported by the gateways. The identifier is shared by gateway nodes within the same domain (site) and set in MAC-IP routes that cross domain boundaries.

This feature adds the ability for an L3 default gateway TEP in a Centralized Gateway topology to advertise its SVI virtual IP addresses to VARP MAC bindings and primary addresses to System MAC bindings using EVPN type-2 routes for EVPN VXLAN overlays. Two new commands, redistribute router-mac virtual-ip[next-hop vtep primary] and redistribute router-mac system ip are introduced to enable the redistributions. This would help the L2 TEP on the network to learn the default gateway IP without flooding an ARP request for the gateway IP. This feature is only intended for Centralized Gateway Topologies.

This enhancement is to display the number of packets that were ECN (Explicit Congestion Notification) marked by the

Administrative Groups (AG) provide a way to associate certain attributes or policies with links, enabling network administrators to control the routing decisions based on specific criteria. Extended Administrative Groups (EAG) are an extension of AG which allow a larger range of admin groups to be utilized for various Traffic Engineering (TE) purposes within a network. EAGs are defined in a new sub-TLV for IS-IS link attributes, separate to AGs, however they are considered as one within EOS. The EAG feature in EOS allows the range of administrative color to be increased from 0-31 to 0-127.

Use an External Certification Authority (ECA) to ensure secure communication and authentication with CloudVision..By default, Streaming Agent and other applications communicate with CloudVision using mutual-TLS certificates signed by a local certificate authority (CA). You now have the option to integrate CloudVision with Venafi,  an external CA, to sign and verify these certificates.

Starting EOS 4.15.0F, EOS can monitor (for long durations) low error rate errors on all fabric links. It

The 7250X and 7300 series use an optimized internal CLOS design with multiple port ASICs interconnected via Fabric

With the 18.0 release, Access Points (AP) can also use LAN2 as the Uplink Port. If both the LAN Ports are available as Uplink, the AP monitors both ports equally. Only on the first AP boot will AP consider LAN1 as the default Uplink, and LAN2 will be the failover. If LAN1 and LAN2 are connected and LAN1 fails to receive any packets, the AP can fail over to LAN2 as the Uplink Port and will continue to operate on the same uplink even if LAN1 is active again. 

With the 19.0 release, Access Points (AP) can seamlessly switch between LAN 1 and LAN 2 as the Uplink Port without disturbing the client connectivity and without any reboot. For the list of enhancements done for the same feature in the previous release, see the 18.0 TOI.

The 7280E and 7500E series are Virtual Output Queues (VOQs) based multi chip systems where there is a VOQ for all the

Fallback PBR policy enables an alternate policy to be active when PBR policy attached to an interface is being

This feature is to permit rapid restoration of outbound traffic on ECMP groups that have a mix of ports from Supervisor1(Linecard1) and Supervisor2(Linecard2) cards. In the context of the supported platforms, these are referred to as Uplink ports and have names starting with Eth1/ or Ethernet1/ (Linecard1) and Eth2 or Ethernet2/ (Linecard2).

The FEC (Forward Error Correction) traffic analyzer is designed to estimate the performance of the FEC layer, identify error statistics, and the source of correlated errors on physical interfaces.