Tag :: TOI

External controllers can communicate with HSC (Hardware Switch Controller) running on CVX/EOS using the OVSDB

This is an extension to BGP EVPN VPNs that allow us to use iBGP as the PE-CE protocol. This feature also provides a way to isolate the customer’s network BGP attributes from the SP backbone’s attributes, by saving them into a special attribute called ATTR_SET, code 128. This separation introduces a “route server” model that allows the customer’s BGP path attributes to be stored in the SP backbone along with the VPN-IPv4/v6 paths.

ICMP Probe allows querying of interface status and ARP or Neighbor Discovery table status remotely.  It is a request/response protocol, similar to ping, but instead of simply responding to the request, it responds with information about a local interface or a remote neighbor.  The node being queried is called the "proxy node"

Arista switches enable high precision time distribution directly in the data path using IEEE1588 Precision Time

IGMP Snooping Proxy feature is an optimization over IGMP snooping. When IGMP Snooping Proxy is enabled, the switch

This feature enables the user to configure a list or range of BGP attributes to be ignored by the router on receipt of a BGP update message. The BGP attributes are discarded from the BGP update message, and unless the action of discarding an attribute causes the update message to trigger error handling, then the update message is parsed as normal.

You can import Ekahau floor plans to CloudVision Cognitive Unified Edge (CV-CUE) and then manage the access points (AP) from CV-CUE. Once you import the floor plan to CV-CUE, you can map the AP to CV-CUE and start managing the AP.

DMF 8.5 introduced a newly designed Create Policy configuration workflow, replacing the former workflow page.

Each ARP/ND packet into a switch may generate an update for the switch ARP/Neighbor table and this update may need to be synchronized with the MLAG peer when VXLAN is configured. Prior to this feature, these updates (on a VXLAN setup) are synchronized by sending an UDP packet (one packet per update) containing the IP/MAC/VLAN information from the MLAG peer where the ARP/ND packet is received to the other MLAG peer. 

For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency, queue and congestion information for flows at different times. The inband telemetry feature(INT), based on Inband Flow Analyzer RFC draft -IFA 2.0 and IFA 1.0(on some platforms) , is used to gather per flow telemetry information like path, per hop latency and congestion. INT is supported for both IPv4 and IPv6 traffic.

Incoming LACPDU Rate Limit on Arista switches allows for errdisabling of ports experiencing a sustained rate of

With the 20.0 release, network administrators can enable 14 unique SSIDs per Access Point (AP). If your network includes APs that are not on the 20.0 release or do not support more than 8 SSIDs, then such APs broadcast only 8 SSIDs. Only those APs that support 14 SSIDs will broadcast all SSIDs.

With the 14.0 release, CV-CUE introduces an Infrastructure Dashboard that provides an overview of the health of all managed access points (APs).You can view the Infrastructure Dashboard by navigating to

On DCS 7048, DCS 7280E, DCS 7500 and DCS 7500E, prior to EOS 4.14.5, multicast traffic using ingress replication would

The feature enables support for displaying per traffic class counters on ingress interfaces. The feature is

This feature provides support for per-interface ingress/egress packet/byte counters for both IPv4 and IPv6.

The Inner IP hashing for MPLSoGRE feature enabled hashing of inner IP source/destination address. With this

This feature when configured enables users to rewrite the DSCP of the GUE encapsulated header on IP-over-UDP tunnels while preserving the TOS value of the inner IP ( IPv4 / IPv6 ) payload. Starting from software version 4.34.1F, the CLI configuration to enable or disable DSCP preserve globally on the egress interface introduces a clear distinction in the behavior of GUE encapsulation on the core facing interface of the IP-over-UDP tunnels.

The DCS 7280E and DCS 7500E platforms are virtual output queue (VOQ) based architectures where there is a VOQ for all

Arista access points (APs) support the integration of SESimagotag’s Electronic Shelf Labels (ESLs), which dynamically display prices and offers in retail environments. The SES-Imagotag Retail IoT Connector (USB dongle) connects automatically to the ESLs through a proprietary protocol based on the IEEE 802.15.4 standard. This dongle plugs into the USB port of Arista APs and is managed by SESimagotag’s Serial Communication Daemon (SCD). The SCD ensures seamless AP and USB dongle connectivity to VusionCloud.

This feature, when enabled, allows NAT to function on traffic traversing between VRFs, over inter-VRF static routes or routes leaked to VRFs other than where they were configured.

Using the show switch <switch name/all> interface details or show switch <switch name/all> interface <interface name> details commands in the CLI will now include a Description column, which provides the configured description (if any) for the corresponding interface. This is a CLI-only change.

The Interface Diagnostics quick action provides you with a fast and efficient way to run interface cycles and cable diagnostics on your campus devices from the Campus Health Overview Dashboard. The devices available are those with a Campus tag, which is automatically assigned to devices configured with the Campus Fabric Studio (L2/L3/EVPN).

The document describes the support for dedicated and group ingress policing on interfaces without using QoS policy-maps to match on the traffic and apply policing.

You can use the Access Interface Configuration quick action to assign configuration profiles to devices. The guided workflow will display an illustration of device front panels, which you can use to select interfaces from.

You can use the Access Interface Configuration quick action to assign configuration profiles to devices. The guided workflow will display an illustration of device front panels, which you can use to select interfaces from.

One of the reasons why Wi-Fi clients encounter RF issues is non-Wi-Fi interference. All Wi-Fi 6 and above APs can perform interference classification. CloudVision Cognitive Unified Edge (CV-CUE) classifies interference into four categories — Wi-Fi, Microwave Oven (MWO), Frequency Hopping Spread Spectrum (FHSS), and Continuous Wave (CW).

The internet exit feature enables hosts attached to a VRF in an edge router to reach prefixes that may be reachable over the internet. Since the addresses assigned within a VRF may be non-routable private addresses which cannot be directly used when going to the Internet, the NAT feature is used as a part of the Internet exit solution to provide internet connectivity.

IPv6 multicast routing protocols are used to distribute IPv6 datagrams to one or more recipients. IPv6 PIM builds and maintains multicast routing using reverse path forwarding (RPF) based on the unicast routing table. IPv6 PIM is protocol-independent and can use routing tables consisting of OSPFv3, IPv6 BGP or static routes, for RPF lookup. MLD is used to discover multicast hosts and maintain group membership on a directly attached link.

With this feature, Arista 7050 and 7050X series of switches can now decapsulate IP in IP tunneled packets.

With this feature, Arista 7050 and 7050X series of switches can now decapsulate IP in IP tunneled packets. When IP in IP decapsulation is configured, incoming packets with an outer IP header having IpProto=4 (IP in IP) and IpDest matching the one configured will be decapsulated, meaning that the outer IP header will be removed from the packet and all subsequent forwarding decisions will be based on the inner IP header.

IP Locking is an EOS feature configured on an Ethernet Layer 2 port.  When enabled, it ensures that a port will only permit IP and ARP packets with IP source addresses that have been authorized. As of EOS-4.25.0F release update, IP Locking can run in two modes - IPv4 Locking (which will be referred to as IP Locking) and IPv6 Locking, which can be configured using the commands mentioned in the below sections. IP Locking prevents another host on a different interface from claiming ownership of an IP address through either IP or ARP spoofing.

Current behavior for IPv4 Options packets is to let Kernel do the forwarding. Strata Platforms do this by setting the action of drop=1 and CPU=1 in the IP_OPTION_CONTROL_PROFILE_TABLE Hardware table so that all IPv4 options packets reach the CPU for forwarding in the Kernel.

Similar to L4 ports, ACL rules can be configured to filter ingress packets based on their IP length (present in the IPv4

IP Source Guard (IPSG) is a security feature that can help prevent IP spoofing attacks. It filters inbound IP packets

With this feature, IP packets matching a static Nexthop Group route can be encapsulated within an IP in IP tunnel and

With this feature, IPv4 or IPv6 packets matching a static nexthop-group route can be encapsulated within an IP-in-IP tunnel and forwarded

When the next hop of an IP route (hereafter referred to as the dependent route) resolves over another IP route (hereafter referred to as the resolving route), the adjacency information of the resolving route’s FEC is typically duplicated into the dependent route’s FEC. With this feature, we prevent the duplication of the adjacency information. Instead, the dependent route’s FEC points to the resolving route’s FEC, forming a hierarchical FEC for the dependent route.

Support for IPSec connections in a full-cone Network/Port Address Translation (NAT) environment has been added to the Dynamic Path Selection (DPS) setup. DPS optimizes application performance by selecting different paths for various types of traffic. In this configuration, STUN is used to discover the translated IP address of WAN interfaces and export it to BGP.

PKI (Public Key Infrastructure) is a certificate based authentication solution for IPsec protocol.

IPSec tunnel mode support allows the customer to encrypt traffic transiting between two tunnel endpoints.

This feature enables dataplane forwarding of IPv4 traffic on interfaces that are not IPv4 address enabled, but only

IPv4 routes of certain prefix lengths can be optimized for enhanced route scale on 7500E, 7280E, 7500R and 7280R

This feature enhances IPv4 VRF scale to 1024 VRFs on AWE-7230R and AWE-7250R, and 64 VRFs on AWE-7220R.On CloudEOS, the VRF scale is as follows

As of EOS 4.15.0F, VRRP is supported in a VRF context. Virtual IP addresses can be reused in different VRF contexts,

IPv6 access lists can be used to filter IPv6 network traffic. Starting EOS 4.15.0F release, we have added support

This feature enables IPv6 access control list (ACLs) on cloudEOS and AWE-series platforms, providing access control on incoming traffic (ingress direction). ACLs use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets.

This feature provides an IPv6 address provisioning mechanism which is driven by tenant authentication results and offers inter-tenant traffic isolation. The generated IPv6 connected route subnets can also be summarized into aggregate routes dynamically for advertising out to BGP peers.

IPv6 egress ACLs applied to routed interfaces across the same chip on the DCS 7500E and the DCS 7280E series can be

This document provides information on how to configure IPv6 Endpoint Independent Filtering (EIF) and debug issues on the nat-vxlan profile on Arista 7170 switches.