Tag :: TOI

The feature exposes metrics and health status of storage devices on controllers and all managed nodes, but not switches. Metrics and health status are updated every minute and exposed through the Telemetry collector

The feature exposes metrics and health status of storage devices on controllers and all managed nodes, but not switches. Metrics and health status are updated every minute and exposed through the Telemetry collector

Storm Control is a flood containment mechanism that limits BUM (broadcast, unknown-unicast, and multicast) traffic. This feature introduces policing BUM traffic via a single policer per interface instead of having independent policers for each of the stream - broadcast, unknown-unicast, multicast.

Storm control is a feature that allows the data plane to drop excess broadcast, unknown unicast, and/or multicast packets if the ingress packet rate exceeds a user-configurable threshold.

Storm control enables traffic policing on floods of packets on L2 switching networks. Support for counting dropped packets and bytes on interfaces where storm control metering is provisioned. Both packet and bytes count are supported and will be displayed. Drop logging on storm-control discards is also supported.

The existing storm control interface configuration mode CLI commands have been extended to support the new

Storm control enables traffic policing on floods of packets on L2 switching networks. Support was enabled for Front panel ports and Lag in eos-4-25-2f with storm-control-speed-rate-support. Now, storm control will be supported per subinterfaces( both ethernet and port-channel). Scale of subinterfaces is 4095. 

A traffic storm is a flood of packets entering a network, resulting in excessive traffic and degraded performance. Storm control prevents network disruptions by limiting traffic beyond specified thresholds on individual physical LAN interfaces. Storm control monitors inbound traffic levels over one-second intervals and compares the traffic level with a specified benchmark. The storm-control command configures and enables storm control on the configuration mode physical interface

A traffic storm is a flood of packets entering a network, resulting in excessive traffic and degraded performance.

This feature introduces a new type of action that can be created and configured under Provisioning > Actions. These actions automate the process of assigning values to inputs in a studio and allow users to input data that originates from outside a studio.

These updates improve the layout of the Studios landing page by emphasizing essential studios and structuring all other studios in a more comprehensive, user-friendly way.

This feature enables ACL functionality on subinterfaces. ACLs on subinterfaces are configured using the

Subinterfaces are logical L3 interfaces that enable the division of a single Ethernet or Port-channel interface into multiple logical L3 interfaces based on the incoming 802.1q tag.  They are commonly used in the L2/L3 boundary.  They can also be used in the context of VRF-lite, by configuring each subinterface in a different VRF.

The CCS-750X-48ZXP is a 48 port 10GBASE-T linecard, capable of several full-duplex link speeds to support connecting to a variety of compatible devices of varying capabilities. All supported linkup speeds on this card can be automatically selected during the linkup process using IEEE 802.3 Clause 28 auto-negotiation. Note that IEEE 802.3 also allows for speeds lower than 1Gbps to link up without clause 28 auto-negotiation.

This feature introduces support for the SFP-10G-MRA-T SFP transceiver. This is a rate adapting transceiver, meaning it can convert the system side interface to a lower rate on the line side. This module can provide 100M, 1G, 2.5G, and 5G support over BASE-T media for Arista switches that do not natively support these data rates.

This feature adds support for the following IPFIX keys TCP Source Port, TCP Destination Port, UDP Source Port, UDP Destination Port

The guaranteed bandwidth feature ensures minimum bandwidth for outgoing lower priority traffic from a

The aggregate address minimum contributors feature adds the capability to specify a minimum number of contributor routes that must be present and advertisable in order for the BGP speaker to generate the route for the aggregate address.

A fundamental business requirement for any network operator is to reduce costs where possible. For network operators, deploying devices to many locations can be a high cost, as sending trained specialists to each site for installations is both time-consuming and expensive. Arista devices support Zero Touch Provisioning (ZTP), a bootstrapping strategy that enables devices to obtain configuration data with no installer action beyond physical placement and connecting network and power cables. Secure Zero Touch Provisioning (SZTP) builds on ZTP and securely supports provisioning as defined in RFC 8572.

A fundamental business requirement for any network operator is to reduce costs where possible. For network operators, deploying devices to many locations can be a significant cost as sending trained specialists to each site for installations is both time-consuming and expensive.

This feature extends the existing UDP payload hashing support to allow an alternative set of bytes to be used in the calculation of the LAG and ECMP hash if an 16 bit field of the payload matches a provided pattern.

The support for configurable dynamic authorization port for different clients has been added to proxy the radius dynamic authorization (CoA) requests. By default, all radius dynamic authorization requests are only proxied to clients at port 3799, which is configurable now.

This feature adds support for configurable max sFlow datagram size. The current default max datagram size is 1400 bytes, which can cause some sFlow datagrams to be dropped when there is an MTU set. This feature enables the configuration of the max datagram payload size within the range of 200 to 1500 bytes to help avoid fragmentation. Note that this feature only configures software sFlow and is not supported on hardware-accelerated sFlow.

This feature adds support for CPU traffic policy capable of matching and acting on IP traffic which would otherwise

Prior to 4.32.2F, the “reset system storage secure” CLI command can be used to perform a best-effort storage device wipe of all sensitive data. However, this command has the limitation that it wipes EOS from the storage device, leaving the system “stuck” in Aboot. The “reset system storage secure rollback” command provides the same secure erase functionality, but additionally allows the user to preserve a subset of files on the main flash device by copying them into RAM during the secure erase procedure. The set of files that are preserved is configurable. After a successful wipe, the system will return to EOS after the erase is complete if the EOS SWI image and adequate configuration files are preserved (such as boot-config and startup-config).

Dot1q (802.1Q) is a tunneling protocol that encapsulates traffic from multiple customer (c-tag) VLANs in an additional single outer service provider (s-tag) VLAN for transit across a larger network structure that includes traffic from all customers. Tunneling eliminates the service provider requirement that every VLAN be configured from multiple customers, avoiding overlapping address space issues.

This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups.

Dynamic NAT is a feature which dynamically allocates an IP address to an incoming or outgoing flow. This address will replace source or destination IP for all packets of the flow. The new IP address given to the flow is from a pool of addresses called NAT pool. L4 port can also be replaced by a new one in case of NAPT (Network Address Port Translation). In address only NAT only the IP address is translated. NAPT is not supported in masquerade or overload mode.

Dynamic NAT Priority feature, which extends the Dynamic NAT feature,  allows you to configure the order in which dynamic NAT rules are evaluated by the switch.

Dynamic NAT Priority feature, which extends the Dynamic NAT feature,  allows you to configure the order in which dynamic NAT rules are evaluated by the switch.

The packet path, prerequisites, and restrictions listed in this document apply to this feature as well Dynamic Twice NAT is a variant of the dynamic NAT feature where both the source and destination IP can be modified while forwarding a packet. One of the IP addresses will be dynamically assigned, while the other will be statically assigned.

enrollz/attestz defines a set of gRPC-based services for TPM enrollment and attestation of network devices. Enrollz: provides the capability to verify the switch’s TPM-rooted identities and rotate switch owner certificates on the device. Attestz: provides the capability to attest the device by inspecting the contents of the different PCR ensuring no malicious tampering.

gNOI (gRPC Network Operations Interface) defines a set of gRPC-based microservices for executing operational commands on network devices.

gNSI (gRPC Network Security Interface) defines a set of gRPC-based microservices for executing security-related operations on network devices. Some of the RPCs that gNSI exposes are used to rotate security configurations on the switch.

In the realm of network service level agreements (SLAs), a customer often commits to a certain level of service for their clients. This may necessitate limiting bandwidth at the Layer 3 sub-interface level. Currently, egress service policies can achieve bandwidth control, but ingress control lacks a similar mechanism.

Generic UDP Encapsulation (GUE) is a general method for encapsulating packets of arbitrary IP or MPLS protocols within a UDP tunnel. While GUE supports an extensible header format with optional data, currently we only support the variant 1 header format, which directly encapsulates the IPv4/IPv6 or MPLS payload without a GUE header.

This document describes the support for user-defined fields (UDF) acl rules in QoS policy feature. This feature is an extension of QoS policy to allow increased flexibility of the match criteria by using user-defined fields which will help customers control traffic based on other parts of the packet header and payload that is not supported by the other key-fields.

IS-IS SR Stateful Switchover (SSO) support allows for a switchover from an active supervisor to a standby supervisor where MPLS traffic remains undisrupted during switchover. This involves reconciliation of all Segment Routing related information in the network using IS-IS Graceful Restart procedures. And also installing the same in forwarding hardware in a manner that does not disrupt the ongoing traffic.

MIBs are used in SNMP (Simple Network Management Protocol) to monitor and manage network devices. IS-IS MIB provides structured information to track IS-IS protocol performance, routing table status, and link-state information.

This feature provides a CLI command showing the list of mac addresses that could not be learned due to hash collision in the hardware table. A hash collision occurs when two or more distinct pieces of data map to the same entry ( or slot ) in the hardware table. It can happen when the hash function used to calculate the index for a given mac address results in the already occupied index, resulting in the failure of inserting the later mac address to the hardware table.

Enforces the MTU for Layer 3 packets on 7280R3/7500R3/7800R3 switches. The MTU can be set on any SVI and the MTU of that specific SVI is enforced when the packets egress out of a trunk port. This behavior is not supported on 7280E/R/R2 and 7500E/R/R2 line cards.

The latency monitor feature allows measurement and display of end-to-end packet latency as seen at egress interfaces. Packet latency is measured from switch ingress to switch egress, but does not include latency due to front-panel PHYs.

Linear pluggable optics (LPO) represent a significant advancement in transceiver technology. These modules are designed to reduce costs, power consumption, and latency compared to traditional Digital Signal Processing (DSP) based transceivers.

The Linux audit system provides the ability to record security events on the switch. Audit rules must be configured and enabled at the CLI. Audit rules can be configured in different groups to assist with organization and maintenance.

The Lowest Load feature uses load as a key metric for selecting the best path. When this metric is prioritized, routers will choose the path with the lowest load as the best option.

DMF 8.7.0 provides support for Management Redundancy on an Extensible Operating System (EOS) Fixed System Chassis. It provides a method to enable redundant active/active connectivity on the management IP address for a Danz Monitoring Fabric (DMF) switch in a fixed system chassis using an out-of-band management port and a front-panel port on the switch.

ARP and IPv6 Neighbor Discovery use a neighbor cache to store neighbor address resolutions. The capacity of the neighbor cache is determined by the resources and capabilities of the device platform. The neighbor cache capacity feature adds a means to specify a per-interface capacity for the neighbor cache. A neighboring device, through misconfiguration or maliciousness, can unfairly use a large number of address resolutions. This feature can help to mitigate this over-utilization.

ARP and IPv6 Neighbor Discovery use a neighbor cache to store neighbor address resolutions. The cache maintains the resolutions for an interval of time after which a refresh process begins.  During the refresh process, a number of ARP requests or IPv6 ND Neighbor Solicitations are sent to the neighbor until the neighbor either responds with an ARP reply or IPv6 ND Neighbor Advertisement.

Nexthop Group tunnels are a tunneling abstraction in EOS. A nexthop group tunnel consists of a tunnel endpoint (IP prefix) and a nexthop group name representing the underlying nexthop group that forwards the traffic. If the underlying nexthop group is not configured, the tunnel endpoint will be unreachable until the given nexthop group is configured.

This feature allows configuring backup nexthop group entries to be used if their corresponding primary entries are unable to forward traffic due to being unresolved or with outgoing interfaces that are marked as down. By default, any configured backup entries will not be activated to forward traffic until all primary nexthop group entries are unavailable. Backup nexthop group entries are a tool used to achieve fast failover when forwarding traffic via nexthop groups.