Tag :: TOI

With this feature, Arista 7050 and 7050X series of switches can now decapsulate IP in IP tunneled packets.

IP Locking is an EOS feature configured on an Ethernet Layer 2 port or on a VLAN. When enabled, it ensures that a configured port or all member ports of a configured VLAN will only permit IP and ARP packets with IP source addresses that have been authorized. IP Locking prevents another host on a different IP Locking enabled interface from claiming ownership of an IP address through either IP or ARP spoofing. Additionally, IP Locking prevents hosts from masquerading as a DHCP server by blocking DHCP (server-to-client) packets.

Current behavior for IPv4 Options packets is to let Kernel do the forwarding. Strata Platforms do this by setting the action of drop=1 and CPU=1 in the IP_OPTION_CONTROL_PROFILE_TABLE Hardware table so that all IPv4 options packets reach the CPU for forwarding in the Kernel.

Similar to L4 ports, ACL rules can be configured to filter ingress packets based on their IP length (present in the IPv4

IP Source Guard (IPSG) is a security feature that can help prevent IP spoofing attacks. It filters inbound IP packets

With this feature, IPv4 or IPv6 packets matching a static nexthop-group route can be encapsulated within an IP-in-IP tunnel and forwarded

With this feature, IPv4 or IPv6 packets matching a static nexthop-group route can be encapsulated within an IP-in-IP tunnel and forwarded

When the next hop of an IP route (hereafter referred to as the dependent route) resolves over another IP route (hereafter referred to as the resolving route), the adjacency information of the resolving route’s FEC is typically duplicated into the dependent route’s FEC. With this feature, we prevent the duplication of the adjacency information. Instead, the dependent route’s FEC points to the resolving route’s FEC, forming a hierarchical FEC for the dependent route.

This feature addresses a restriction on the combination of IKE and IPSec algorithms that can be used in a security configuration. The National Information Assurance Partnership (NIAP) Common Criteria certification requires that:

Support for IPSec connections in a full-cone Network/Port Address Translation (NAT) environment has been added to the Dynamic Path Selection (DPS) setup. DPS optimizes application performance by selecting different paths for various types of traffic. In this configuration, STUN is used to discover the translated IP address of WAN interfaces and export it to BGP.

PKI (Public Key Infrastructure) is a certificate based authentication solution for IPsec protocol.

IPSec tunnel mode support allows the customer to encrypt traffic transiting between two tunnel endpoints.

This feature enables dataplane forwarding of IPv4 traffic on interfaces that are not IPv4 address enabled, but only

IPv4 routes of certain prefix lengths can be optimized for enhanced route scale on 7500E, 7280E, 7500R and 7280R

IPv4 routes of certain prefix lengths can be optimized for enhanced route scale. This document describes the enhancements done to IPv4 route scale in subsequent EOS releases.

This feature enhances IPv4 VRF scale to 1024 VRFs on AWE-7230R and AWE-7250R, and 64 VRFs on AWE-7220R.On CloudEOS, the VRF scale is as follows

As of EOS 4.15.0F, VRRP is supported in a VRF context. Virtual IP addresses can be reused in different VRF contexts,

IPv6 access lists can be used to filter IPv6 network traffic. Starting EOS 4.15.0F release, we have added support

This feature enables IPv6 access control list (ACLs) on cloudEOS and AWE-series platforms, providing access control on incoming traffic (ingress direction). ACLs use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets.

This feature provides an IPv6 address provisioning mechanism which is driven by tenant authentication results and offers inter-tenant traffic isolation. The generated IPv6 connected route subnets can also be summarized into aggregate routes dynamically for advertising out to BGP peers.

IPv6 egress ACLs applied to routed interfaces across the same chip on the DCS 7500E and the DCS 7280E series can be

This document provides information on how to configure IPv6 Endpoint Independent Filtering (EIF) and debug issues on the nat-vxlan profile on Arista 7170 switches.

Arista switches use the hashing algorithm to load balance traffic among LAG (Link Aggregation Group) members

This solution allows delivery of both IPv4 and IPv6 multicast traffic in an IP-VRF using an IPv6 multicast in the underlay network. The protocol used to build multicast trees in the underlay network is IPv6 PIM-SSM.

The IPv6 Neighbor Discovery protocol performs Neighbor Unreachability Detection (NUD) in order to determine if two

With this feature, IPv4 and IPv6 packets matching a static nexthop-group route can be encapsulated within an IP-in-IP tunnel and forwarded

Policy-Based Routing (PBR) provides the flexibility of routing according to custom-defined policies

With this, IPv6 routes can be configured pointing to a static Nexthop group of 2 types:. Type

IPv6 Router Advertisement Consistency Logging, when enabled, allows for notification through syslogging of

The document describes an extension of the decap group feature, that allows IPv6 addresses to be configured and used as part of a group. IP-in-IP packets with v6 destination matching a configured decap group IP will be decapsulated and forwarded based on the inner header. That will allow any IP-to-IP packet type to be decapsulated, i.e. IPv4 in IPv4, IPv4 in IPv6, IPv6 in IPv4 and IPv6 in IPv6.

This feature adds IPv6 VRF support to Open Shortest Path First(OSPF) Protocol version 3. It allows for OSPFv3

EOS 4.15.0F is introducing support of IPv6 management capabilities inside a VRF. This means existing management

This feature adds the support for IPv6 unicast in a VRF context in EOS. This entails static routing and dynamic

IS IS adjacency uptime describes the uptime or downtime of neighbors since the last state change.

Bidirectional Forwarding Detection(BFD) is a low overhead protocol designed to provide rapid detection of

The IS-IS BFD Damping feature allows IS-IS to delay adjacency establishment on a link that experiences frequent BFD flaps.

The IS-IS BFD TLV feature implements RFC 6213. When this feature is enabled, IS-IS will prevent adjacency establishment on a link if the BFD peering is down.

This feature introduces a way for IS-IS to advertise its IP reachability and SID for loopback interfaces only when routes matching an RCF function are present. One example use-case is to use IS-IS Segment Routing to attract traffic to a router only when routes towards the ultimate destination are present. The RCF function is matched against winning routes in the Unicast RIB (seen with 'show rib route …').

Link State IGPs such as IS-IS depend upon having a consistent LSDB across all the Intermediate Systems (ISs or nodes) in the network in order to provide correct forwarding of data packets. When topology change occurs due to various network events, new/updated LSPs are propagated network-wide. The speed of propagation is key for a faster network convergence.

IS-IS flexible algorithm (FlexAlgo) provides a lightweight, simplified mechanism for performing basic traffic engineering functions within a single IS-IS area. FlexAlgo requires the cooperation of all nodes within the IS-IS area but does not require an external controller. Paths are computed by each node within the area, resulting in an MPLS switched forwarding path to nodes that are advertising a node Segment Identifier (SID) for the algorithm. The results of the path computation are placed in the colored tunnel RIB or system tunnel RIB, which simplifies route resolution.

The difference between the two forms of authentication is in the level of security provided. In case of clear text authentication, the password is specified as text in the authentication TLV, making it possible for an attacker to break the authentication by sniffing and capturing IS-IS PDUs on the network.

IS IS Graceful Restart adds support for Restart Signaling for IS IS, IETF RFC 5306. When IS IS is used

By default if there's a hostname configured on the switch, it is used as the IS IS hostname. It is also possible to

An IS IS router can be configured as Level 1 2 which can form adjacencies and exchange routing information with both

IS-IS LSP out-delay is a feature implemented to mitigate transient micro-loops that can occur during topology changes in an IS-IS network.When a topology change occurs (e.g., a link state or metric change), different routers in the network receive and process the updated Link State PDUs (LSPs) at slightly different times. This can lead to a transient state where some routers have updated their Forwarding Information Base (FIB) based on new LSPs, while others have not, causing traffic to be incorrectly forwarded and forming micro-loops.

IS IS Multi Topology support enables an IS IS router to compute a separate topology for IPv4 and IPv6 links in the

This feature enables an Arista switch to run the IS IS routing protocol over a tunnel interface to another IS IS

Segment Routing provides mechanism to define end-to-end paths within a topology by encoding paths as sequences of sub-paths or instructions. These sub-paths or instructions are referred to as “segments”. IS-IS Segment Routing (henceforth referred to as IS-IS SR) provides means to advertise such segments through IS-IS protocol.

Level 1 2 routers set attached bit in their Level 1 LSPs to indicate their reachability to the rest of the network. A

This document describes two features that allow dynamic metric change for IS-IS based on interface speed.