Tag :: TOI

For various peering applications, there is a need to support the assignment of a MAC address on routed interfaces.

Support for Media Access Control Security (MACsec) with static keys was added in EOS 4.15.4. This feature brings

Media Access Control Security (MACsec) is an industry standard encryption mechanism that protects all traffic

Media Access Control Security (MACSec) is an industry standard encryption mechanism to protect all traffic flowing on Ethernet links. Mac Security is described in IEEE 802.1X and IEEE 802.1AE standards.

Media Access Control Security (MACsec) is an industry standard encryption mechanism that protects all traffic flowing on the Ethernet links. MACsec is based on IEEE 802.1X and IEEE 802.1AE standards.

DMF 8.7.0 supports Media Access Control Security (MACsec) as an Early Field Trial (EFT) feature. MACsec is a global configuration option for the entire fabric, with the option to enable it on intracore traffic only. MACsec only encrypts traffic between core switches, ignoring all other ancillary traffic (e.g., tap to filter, delivery to tool). MACsec is a licensed feature. Verify a MACsec license is installed on all switches participating in MACsec before using this feature.

By default, the only visibility a user has into packets that are dropped due to errors with the MACsec/IPsec protocols is a set of counters, such as with show mac security counters detail. This feature enables redirecting such packets to the CPU for manual inspection; it is intended to assist with debugging unexpected packet drops.

Maintenance mode is a framework to allow for the easy removal of elements of a switch or the entire switch from

EVPN VXLAN all-active multihoming (AA-MH) provides redundancy to reduce or eliminate the impact of outages and maintenance. The objective of Maintenance Mode on AA-MH is to gracefully drain away the traffic from the EVPN core flowing through a switch that is part of multihoming while the switch is put into maintenance, and to gracefully add it back into the network and attract traffic again once the switch is out of maintenance. During the maintenance cycle any customer edge Ethernet or Port-Channel interfaces, whether they are participating as ethernet segments or not, can also be put into maintenance mode. Doing so eliminates the northbound traffic from the customer edge from flowing through the switch under maintenance. The traffic will instead take a path through other available multi-homing peers.

Maintenance mode is a framework that allows for the easy removal of switch elements or the entire switch from service with minimal configuration. This feature supports the maintenance mode in WAN Routing System Adaptive Virtual Topology, including high availability deployment. Traffic is drawn away from the node entering maintenance mode. Currently, the feature supports only maintenance mode for the built-in unit System.

Maintenance mode with sub interfaces is an extension to the maintenance mode feature released in EOS 4 15 2F. With this

This document describes managing certificates and private keys in DMF.

A server cluster or a cluster is a group of Wireless Manager (WM) servers. A cluster comprises a parent WM server and one or more child WM servers.  A cluster is created to manage multiple servers using a single server. 

The Management Connectivity Studio is used to configure out-of-band (OOB) management interfaces. You’ll create a profile of configured attributes for management interfaces, which can be assigned to multiple devices at once using tags.

In general, EOS always configures the PHYs to have the correct polarity to match that of the standard, such that if a standard compliant transceiver is plugged in and the peer is standard compliant everything will work.

MapReduce Tracer is an existing feature that monitors MapReduce nodes that are directly connected to Arista

In DMF 8.7.0,  the redesigned integration configuration now masks the password field and improves the configuration management. Use the Edit icon to Add, Modify, or Delete the Integration configuration.

Classification of MPLS packets based on traffic class bits in MPLS header for QoS Policy Maps. DCS

This feature allows classification of packets on QoS policy-maps based on the Class of Service (CoS), VLAN, Drop Eligible Indicator (DEI) in the 802.1q header of the packet. CoS (Class of Service) corresponds to the Priority code point (PCP) bits in the 802.1q header.

This feature allows setting the desired maximum VOQ latency. Drop probabilities are adjusted in hardware to meet this limit.

Currently, the 'maximum routes' knob allows one to set an upper bound on the number of routes that can be received from a

Previously, the maximum valid port channel ID was equal to the maximum number of port channels configurable on the

Measured boot is a tamper-detection mechanism that records a system's boot process. It calculates cryptographic hashes of system components and configurations, which are then securely stored in the Platform Configuration Registers (PCRs) of a Trusted Platform Module (TPM) chip. This process creates a secure "hash chain" of the boot sequence. After the system starts, the TPM Quote operation, along with the PCR extension records, can be used to verify the PCR values, confirming that the system components are unchanged and the software is trusted.

Measured boot is an anti-tamper mechanism. It calculates the cryptographic signatures for software system components and extends the signatures into the Trusted Platform Module (TPM) security chip. Upon startup, with the feature turned on, the Aboot bootloader and EOS calculate the hash of various system components and extend the hashes into the Platform Configuration Registers (PCRs), which is one of the resources of the Trusted Platform Module (TPM) security chip. The calculation and extension event is called the measured boot event, and the event is associated with a revision number to help the user identify changes to the event.

Media Access Control Security (MACSec) is an industry standard encryption mechanism to protect all traffic flowing

MetaMux is an FPGA-based feature available on Arista’s 7130 platforms. It performs ultra-low latency Ethernet packet multiplexing with or without packet contention queuing. The port to port latency is a function of the selected MetaMux profile, front panel ingress port, front panel egress port, FPGA connector ingress port, and platform being used.

MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer

CloudVision provides support for microperimeter segmentation and enforcement as part of Arista’s Multi-Domain Segmentation Service (MSS) for Zero Trust Networking (ZTN).

ZTN works to reduce lateral movement into increasingly smaller areas where workloads are granularly identified and only approved connections are permitted.

Mirror on drop is a network visibility feature which allows monitoring of MPLS or IP flow drops occurring in the ingress pipeline. When such a drop is detected, it is sent to the control plane where it is processed and then sent to configured collectors. Additionally, CLI show commands provide general and detailed statistics and status.

This feature allows a user to configure a mirror session with subinterface sources from the CLI. This feature is only available with ingress mirroring (rx direction)

Port mirroring allows you to duplicate ethernet packets or frames on a source interface to send to a remote host, like DANZ Monitoring Fabric (DMF). The mirrored packets or frames can be sent via a SPAN interface dedicated for communication with the host or over an L2 Generic Routing Encapsulation (L2GRE) tunnel.

Arista switches provide several mirroring features. Filtered mirroring to CPU adds a special destination to the mirroring features that allows the mirrored traffic to be sent to the switch supervisor. The traffic can then be monitored and analyzed locally without the need of a remote port analyzer. Use case of this feature is for debugging and troubleshooting purposes.

DMF 8.7.0 introduces an updated dashboard for viewing sFlow drops. The DMF analytics Node (AN) displays reasons for dropped packets as a Mirror on Drop (MOD) drop Flow sFlow collector by analyzing overall drops and drops by flow.

In an MLAG setup, routing on a switch (MLAG peer) is possible using its own bridge/system MAC, VARP MAC or VRRP MAC. When a peer receives an IP packet with destination MAC set to one of the aforementioned MACs, the packet gets routed if the hardware has enough information to route the packet. Before introducing this feature, if the destination MAC is peer’s bridge MAC, the packet is L2 bridged on the peer-link and the routing takes place on the peer. This behavior to use the peer-link to bridge the L3 traffic to the peer is undesirable especially when the MLAG peers can route the packets themselves.

MLAG currently checks for basic MLAG configuration to be consistent (e.g. domain id) before formation with the peer.

When MLAG peer link goes down, the secondary peer assumes the primary peer is down/dead, and takes over the primary

In an MLAG setup, periodic TCP/UDP heartbeats are sent over peer link to ensure IP connectivity between peers. Prior

This feature allows users to configure L2 subinterfaces on MLAG interfaces. L2 subinterfaces are not supported on the MLAG peer-link.

The objective of Maintenance Mode on MLAG is to gracefully drain away the traffic (L2 and BGP) flowing through a switch

MLAG Smart System Upgrade (SSU) provides the ability to upgrade the EOS image of an MLAG switch with minimal traffic disruption.

MLAG will support the following features Bridging, Routing, STP, VARP

On a MLAG chassis, MAC addresses learned on individual peers are synced and appropriate interfaces are mapped to these MAC addresses. In case of unexpected events like reloading of one of the peers in the MLAG chassis or flapping of one or more MLAG interfaces, some loss of traffic may be observed.

If an MLAG flaps on one peer, then we may have to remap the MAC addresses learned, such that the reachability is via the

For packets sent and received on the front-panel interfaces, this feature allows creation of a profile to configure buffer reservations in the MMU (MMU = Memory Management Unit which manages how the on-chip packet buffers are organized).

For packets sent and received on the front-panel interfaces, this feature allows creation of a profile to configure buffer reservations in the MMU (MMU = Memory Management Unit which manages how the on-chip packet buffers are organized). The profile can contain configurations for ingress and egress. On the ingress, configuration is supported at both a port level as well as a priority-group level. 

The main objective of this feature is to prevent modular systems from being shut down due to insufficient power by powering off cards if there is not enough power in the system at card startup.

This feature allows the removal of a configurable number of leading bytes starting from the Ethernet layer of packets sent to a monitor session. A new per-monitor session CLI command is provided to configure this, up to a maximum of 90 bytes.

With the 17.0 release, you can view the Tunnel Status and Tunnel State of the standby VXLAN tunnel. Until now, you could only see the status of the tunnel being used. There was no way to know if your standby tunnel was reachable or not. With this release, you can view the Tunnel Status and the Tunnel State of your primary or secondary tunnel operating in the Standby Mode.

From the 4.29.2F release of EOS, proactive probing of servers is supported. Using this feature Arista switches can continuously probe configured servers to check their liveliness and use the information obtained from these probes while sending out requests to the servers.

The feature MP BGP Multicast provides a way to populate the MRIB (Multicast Routing Information Base). MRIB is an