The multicast boundary specifies subnets where the source traffic entering an interface is filtered to prevent the creation of mroute states on the interface. The multicast boundary can be specified through one standard ACL. However, when providing multicast services via a range of groups per service, an interface could potentially join arbitrary groups and, hence, need arbitrary combinations of ACL rules.

An IPsec service ACL provides a way to block IPsec connections to/from specific addresses. This feature works in a similar way to other protocols in EOS that provide this functionality.

IPSec tunnel mode support allows the customer to encrypt traffic transiting between two tunnel endpoints.

IPv4 traffic can be encrypted and carried over IPSec tunnels originating or terminating on EOS dut. 

4.22.0F IPSec

EOS secures the communication between EOS router instances using IPsec by employing control plane protocol Internet Key Exchange(IKEv1/IKEv2) and data plane protocol ESP(IPsec SA). IKE and IPsec Security Association(SA) use policies to ensure secure communication.

IPsec is a standard for enabling secure network communication between two devices using the Internet Protocol (IP) by way of an encrypted packet tunnel.Previous versions of Arista EOS have required that IPsec tunnels use the default VRF for underlay traffic.Starting with the release 4.31.0, this restriction is removed and EOS now supports IPsec tunnel interfaces using one or more non-default VRFs.

IPSec EOS 4.31.1F