Automatic certificate management provides support for retrieving signed x509v3 certificates from a server under the Enrollment over Secure Transport (EST) protocol, described in RFC 7030. The feature provides only EST client capabilities.

Peer Tagging Route Filtering feature discards BGP route advertisements by the peers which the routes are received from. The feature lets users assign a peer-tag to a peer or a group of peers in inbound direction and discard routes advertisements by the peer-tag in outbound direction. One use case of the feature is to discard AS loop routes in outbound direction in data center deployments.

This feature implements the ability to configure any tx serdes parameters via the CLI. This is useful to work around any L1 issues that customers may encounter due to suboptimal networks/links/transceivers.

Common Management Interface Specification (CMIS) defines, starting with revision 4.0, a standard mechanism for managing the firmware of compliant transceivers. This mechanism allows for transceivers’ firmware to be updated without having to remove the transceiver from the switch. Firmware updates may be necessary in a testing or production environment to resolve potential firmware bugs. Some transceivers may also support firmware management operations in a hitless manner (without impacting traffic).

This feature supports an alternative L3 EVPN gateway mechanism using multi-domain L3 VRF instead. A multi-domain IP VRF allows configuring not only the local domain route distinguisher (RD) and route targets (RT), but also the remote domain route distinguisher and route targets on a DCI gateway.

This feature adds support for using the management port on AWE-7220RP-5TH-2S alternately as Ethernet8 port.

This feature adds the ability for an L3 default gateway TEP in a Centralized Gateway topology to advertise its SVI virtual IP addresses to VARP MAC bindings and primary addresses to System MAC bindings using EVPN type-2 routes for EVPN VXLAN overlays. Two new commands, redistribute router-mac virtual-ip[next-hop vtep primary] and redistribute router-mac system ip are introduced to enable the redistributions. This would help the L2 TEP on the network to learn the default gateway IP without flooding an ARP request for the gateway IP. This feature is only intended for Centralized Gateway Topologies.

This feature enables IPv6 access control list (ACLs) on cloudEOS and Caravan devices, providing access control on incoming traffic (ingress direction). ACLs use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets.

This feature provides an IPv6 address provisioning mechanism which is driven by tenant authentication results and offers inter-tenant traffic isolation. The generated IPv6 connected route subnets can also be summarized into aggregate routes dynamically for advertising out to BGP peers.

The LDP pseudowire feature provides support for emulating Ethernet connections over a Multiprotocol Label Switching (MPLS) network using the extension of the MPLS Label Distribution Protocol (LDP)

At a transit router when multiple LSP are available for a given destination from different protocols EOS does stitching based on hard coded preferences. LFIB stitching preferences give a provision to stitch together different LSPs based on configurable preferences. For each protocol(destination) preference can be configured for a given source protocol.

This TOI introduces a new global CLI configuration command to transition CMIS compliant transceivers to the low-power mode when all interfaces associated with the transceiver are shut down. Conversely, the transceivers will transition into high power mode when any interface associated with the transceiver is enabled.

Nexthop Group backup-activation events are produced by forwarding agents. Nexthop Groups supports configuring the backup paths through EOS RPC APIs and CLI. Whenever the route or prefix starts pointing to configured backup paths, a backup-activation event will be logged into the event-monitor DB with nexthop-group name, accurate timestamp and other attributes. The event monitoring feature also supports filtering the events based on the nexthop-group name, version etc.

Policy-map counters can be configured to display per-interface counters for all class-maps attached to all successfully programmed policy-maps. The feature is not enabled by default and has to be configured through the command line interface. When enabled, the output of the show command will display both per-interface and aggregate counters.

Introduced in the 4.34.0F release, the maximum links feature allows users to specify the number of active members in both LACP and static port-channels. If active members become inactive due to configuration changes or link failure, previously restricted members can become active. This ensures the port-channel remains operational, preventing disruptions even if all initial active members fail.

The sFlow EVPN MPLS extension adds support for providing information related to the bridging domain in sFlow packet samples, for traffic forwarded through L2 EVPN MPLS.

This feature allows users to configure SNMP’s context to provide a value from a default context when no such value is provided in the context queried.

This feature aims to solve two problems:

In the realm of network service level agreements (SLAs), a customer often commits to a certain level of service for their clients. This may necessitate limiting bandwidth at the Layer 3 sub-interface level. Currently, egress service policies can achieve bandwidth control, but ingress control lacks a similar mechanism.

Linear pluggable optics (LPO) represent a significant advancement in transceiver technology. These modules are designed to reduce costs, power consumption, and latency compared to traditional Digital Signal Processing (DSP) based transceivers.

The Linux audit system provides the ability to record security events on the switch. Audit rules must be configured and enabled at the CLI. Audit rules can be configured in different groups to assist with organization and maintenance.

The Lowest Load feature uses load as a key metric for selecting the best path. When this metric is prioritized, routers will choose the path with the lowest load as the best option.

Before release 4.34.0F traffic in Port Mode PW was always classified based on COS-To-TC global map irrespective of trust mode. This feature allows users to classify traffic in accordance with trust mode, default CoS and default DSCP of the interface.

This feature introduces a slot level CLI command for SFP transceivers. When configured, EOS will only manage the transceiver via the low speed hardware pins. The command is intended to be used in situations where SMBUS communication to access transceiver EEPROM is not reliable, which would normally lead to EOS disabling the port. Enabling this feature ignores any EEPROM dependent functionality and only turns on the laser, which may allow the link to come up when the default factory settings for both ends of the link are compatible.

The feature introduces a CLI command for transceiver reinitialization, simulating a physical removal and reinsertion of the transceiver. This is a great feature for remote troubleshooting, when physical access is not possible or convenient. To configure, issue the CLI command "transceiver reinitialize slot" in exec mode. The command takes effect immediately, toggles the reset pin and initiates a transceiver initialization sequence.

When the system exhausts ECMP resources, the Transient ECMP feature enables route programming through a single available next-hop from the original ECMP route. Once the system can program the full ECMP route, the transient ECMP route is removed after successfully installing the ECMP route.

This feature allows the VRRP MAC to be advertised via EVPN MAC-only routes when VRRP is configured on the VTEP.

This feature allows selecting Differentiated Services Code Point (DSCP) and Traffic Class (TC) values for packets at VTEPs along VXLAN encapsulation and decapsulation directions respectively. DSCP is a field in IP Header and TC is a tag associated with a packet within the switch, both influence the Quality of Service the packet receives. This feature can be enabled via configuration as explained later in this document.

Pathfinder deployments have restrictions on what devices can form a DPS tunnel between them. All the devices are categorized as either Site or Zone transit or Region transit.