Tag :: TOI

IPv4/IPv6 over MPLS packets are now eligible for ACLs at egress stage by default. The feature is applicable only to

EOS-4.35.1F adds support for egress IPv4/IPv6/MAC PACL. So, by default, egress IPv4/IPv6 ACL enabled on default profile and for MAC ACL to enable, it is required to add its support directly to the current tcam profile or create a new tcam profile based on the default profile and disable egress IPv4 and IPv6 ACL features.

Normally, an ingress router has no control over an autonomous system border router’s (ASBR) selection of inter-AS links. In the example below, Peer 2 and Peer 3 both advertise reachability to some remote network to ASBR 1 (e.g. service route 172.16.1.0/24). ASBR 1 would then use normal bestpath selection rules to select a preferred egress path (for traffic flowing to that service route). However, this means that the ingress router has no control over which egress path is chosen.

Egress Priority Tagging is a feature that allows a switch to send out priority tagged ethernet frames in place of untagged frames. Priority tagged frames are sent with the VLAN ID set to zero allowing downstream devices to read the 802.1p priority bits set in the VLAN header.

sFlow is a sampling technique which monitors incoming traffic on all interfaces without affecting network performance. Egress sFlow is a feature which samples the packets in the egress pipeline for analytical purposes. Currently egress sFlow is only software based on Arista switches.

Egress traffic-policing can be applied on L3 Ethernet subinterfaces for outbound traffic.

This feature optimizes the utilization of hardware resources by sharing tcam entries for a group of SVIs on which an

RadSec or RADIUS over TLS is a protocol for secure communication between a client and the RADIUS server. RadSec uses TCP and TLS protocols to form a secure tunnel between the client and the server.

The BGP implementation now provides the ability to display the age of paths received for a given prefix using the

Multiple dynamic counter features may be enabled simultaneously, primarily configured using the ‘[no] hardware counter feature [feature]’ CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.

EOS 4.20.1F introduces expanded VRRP, VARP and MLAG Peer Gateway virtual MAC capabilities on the 7500R, 7280R,

IP in IP decapsulation was first introduced for the supported platforms(below) in EOS version 4.15.0F (IP in IP

DANZ provides a set of features and tools to enhance instrumentation and network/ application performance monitoring with the following key functional areas.

Measured boot is an anti-tamper mechanism. It calculates the cryptographic signatures for software system components and extends the signatures into the Trusted Platform Module (TPM) security chip. Upon startup, with the feature turned on, the Aboot bootloader and EOS calculate the hash of various system components and extend the hashes into the Platform Configuration Registers (PCRs), which is one of the resources of the Trusted Platform Module (TPM) security chip. The calculation and extension event is called the measured boot event, which is associated with a revision number to help the user identify changes to the event.

Measured boot is an anti-tamper mechanism. It calculates the cryptographic signatures for software system components and extends the signatures into the Trusted Platform Module (TPM) security chip. Upon startup, with the feature turned on, the Aboot bootloader and EOS calculate the hash of various system components and extend the hashes into the Platform Configuration Registers (PCRs), which is one of the resources of the Trusted Platform Module (TPM) security chip. The calculation and extension event is called the measured boot event, which is associated with a revision number to help the user identify changes to the event.

The FIB contains mappings between a prefix (identifying a destination network) and its associated Forwarding Equivalence Class (FEC), with the FEC containing one or more resolved Vias defining how traffic should be forwarded towards that destination network.

RFC 5837 describes extensions to the Internet Control Message Protocol (ICMP) that enable network devices to identify incoming and outgoing interfaces and next-hop addresses via extensions to specific ICMP error messages. These extensions are particularly useful for network diagnostics and troubleshooting applications.

EosSdkRpc is an agent built on top of the Arista EOS SDK. It uses gRPC as a mechanism to provide remote access to the EOS SDK. The gRPC interface that EosSdkRpc supports closely matches the interface provided by EOS SDK, and the intent is that the .proto interface can be publicly supported. EosSdkRpc allows for remote access and using protobuf to specify the interface isolates user code from the Linux ABI issues that come with building C++ applications on different compiler, libc, and kernel versions. EosSdkRpc is built using C++ but supports clients written in any of the languages currently supported by the gRPC framework.

This feature allows configuring backup entries for static MPLS LFIB routes via EOS SDK RPC to be activated if its corresponding primary entries are unable to forward traffic due to next hops being unresolved or its corresponding interface being down. Any backup entries will not be activated to forward traffic until all primary entries are unviable. Thereby, backup entries configured for the Static MPLS routes are a mechanism to achieve fast failover when the primary path fails.

This feature prevents policy churn by automatically placing switch interfaces with frequent flapping into an error-disabled state, effectively performing an automatic administrative shutdown. The feature also allows for automatically recovering these interfaces after a specified time. This feature reduces the risk of lost packets caused by continuous recomputation of DANZ Monitoring Fabric (DMF) policies due to flapping interfaces.

Traffic policies applied to interfaces are used to match traffic based on packet header fields or their summarized counterparts and take configured actions against them. The match rules configured in these policies are usually installed in a prioritized hardware table (i.e., TCAM) where the action of the first-hit filter is taken. The summarized fields are also installed in various hardware tables. The hardware utilization of traffic policies is very much dependent not only in the number of configured match rules but also in how the set of values are distributed for each field.

This feature is an extension of ZTX monitor mode functionality to virtual machines where a virtual machine running on a hypervisor(ESXi/KVM) will facilitate the generation of MSS policies by exporting flow telemetry to CloudVision Portal. vZTX will primarily focus on the use cases where the data traffic in the customer sites are limited(<10Gbps). This will help the customer to reduce the capital expenditure costs by avoiding the need of purchasing a dedicated hardware box. So, this product can cater to the needs of small to medium size enterprise customers.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. 

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks far more challenging, and the ability of service providers to respond to frame loss in such networks directly impacts their competitiveness.

This feature adds support for using the management port on AWE-7220RP-5TH-2S alternately as Ethernet8 port.

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that condition is detected. It is a flexible and configurable way to automate the reaction to conditions without the need for a system operator to observe and apply the desired actions manually.

The EOS Event Manager feature, introduced in 4.17.0F,  provides the ability to specify a condition and an action

The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that

Event monitor is extended to support new event types that continuously synchronize their contents with the sqlite database (in contrast with event monitor’s current behavior of synchronizing event state only when cli commands are run.)

CloudVision allows you to generate event notifications so that you can stay up to date on your network's status and performance. Notification configuration involves formatting notifications, configuring notification platforms, assigning notification receivers, and configuring notification rules.

The ability to monitor and react to Syslog messages provides a powerful and flexible tool that can be used to apply self

In order to minimize the volume of change control events, CloudVision has introduced a new event, Change Control Events. Change Control Events is generated when 2 or more of the following events are triggered for the same change control:

CloudVision will generate a Disk Utilization on CloudVision Node Breached Threshold event when disk utilization for a CloudVision node has either exceeded the default threshold or breached the user-configured threshold set in event rules.

Event Rollup allows you to manage the volume of identical events and can be used to flag when an event is recurring. Event Rollup groups together events that are identical except for their timestamps. It does so in two ways: dynamically via the Event List and according to a 24-hour window via the detailed event view. It can be enabled or disabled at will, using the Roll Up toggle.

RFC7432 defines the MAC/IP advertisement NLRI (route type 2) for exchanging EVPN overlay end-hosts’ MAC and IP address reachability information. When an EVPN MAC/IP route contains more than one path to the same destination, the EVPN MAC/IP best-path selection algorithm determines which of these paths should be considered as the best path.

In the Centralized Anycast Gateway configuration, the Spines are configured with EVPN-IRB and are used as the IP Default Gateway(DWG), whereas the Top of rack switches perform L2 EVPN Routing.

This new feature explains the use of the BGP Domain PATH (D-PATH) attribute that can be used to identify the EVPN domain(s) through which the EVPN MAC-IP routes have passed. EOS DCI Gateway provides new mechanisms for users to specify the EVPN Domain Identifier for its local and remote domains.   DCI Gateways sharing the same redundancy group should share the same local domain identifier and same remote domain identifier.

E-Tree is an L2 EVPN service (defined in RFC8317) in which each attachment circuit (AC) is assigned the role of Root or Leaf. In this implementation, ACs are configured at the VLAN level, and the forwarding rules are enforced using a combination of local configuration of leaf VLANs (for local hosts), and asymmetric route targets (for remote hosts).

Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers within a tunnel

In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.

In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.

This feature adds control plane support for inter subnet forwarding between EVPN networks. This support is achieved

This feature is available when configuring Layer2 EVPN or EVPN IRB.

“MLAG Domain Shared Router MAC” is a new mechanism to introduce a new router MAC to be used for MLAG TOR Leaf pairs. The user can either explicitly configure the MAC address of their choice or use the system-generated MLAG system-id for this purpose.  

EVPN MPLS VPWS (RFC 8214) provides the ability to forward customer traffic to / from a given attachment circuit (AC) without any MAC lookup / learning. The basic advantage of VPWS over an L2 EVPN is the reduced control plane signalling due to not exchanging MAC address information. In contrast to LDP pseudowires, EVPN MPLS VPWS uses BGP for signalling. Port based and VLAN based services are supported.

Multihoming in EVPN allows a single customer edge (CE) to connect to multiple provider edges (PE or tunnel endpoint). These PE devices are all connected to the same Ethernet-Segment (ES). Multihoming is activated by assigning a unique Ethernet Segment Identifier (ESI) and ES-Import Route Target (RT) which enables all the PEs connected to the same multihomed site to import the Type 4 ES routes

In EOS 4.22.0F, EVPN VXLAN all active multi homing L2 support is available. A customer edge (CE) device can connect to

Ethernet VPN (EVPN) networks normally require some measure of redundancy to reduce or eliminate the impact of outages and maintenance. RFC7432 describes four types of route to be exchanged through EVPN, with a built-in multihoming mechanism for redundancy. Prior to EOS 4.22.0F, MLAG was available as a redundancy option for EVPN with VXLAN, but not multihoming. EVPN multihoming is a multi-vendor standards-based redundancy solution that does not require a dedicated peer link and allows for more flexible configurations than MLAG, supporting peering on a per interface level rather than a per device level. It also supports a mass withdrawal mechanism to minimize traffic loss when a link goes down.