Tag :: TOI

In the 18.0 release, along with Slack, you can also subscribe to Google Chat and Microsoft Teams webhooks to receive alerts in your conversation channels whenever a network issue or anomaly is detected. Note: This is a BETA feature. Reach out to your Arista account manager to enable it.

This is an extension to the IKE policy and SA policy configuration options available in EOS. The key lifetimes for IKE policies and SA policies are specifiable in hours. This feature allows specifying the key lifetimes in minutes as well.

This feature introduces the support for IPv4 ACL configuration under GRE and IPsec tunnel interfaces and IPv6 ACL configuration under GRE tunnel interfaces. The configured ACL rules are applied to a tunnel terminated GRE packet i.e. any IPv4/v6-over-GRE-over-IPv4 that is decapsulated by the GRE tunnel-interface on which the ACL is applied, or a packet terminated on IPsec tunnel i.e, IPv4-over-ESP-over-encrypted-IPv4 packet that is decapsulated and decrypted by the IPsec tunnel interface on which the ACL is applied.

This is an addendum to the “IP in IP decapsulation” document.When GRE decapsulation is configured using decap groups, incoming packets with an outer IP header having IPProto=47 (GRE) and a destination IP that matches the configured value will be decapsulated. This means that the outer IP and GRE headers will be removed from the packet, and all subsequent decisions will be based on the inner IP header.

By default,  inner IP header of a GRE packet is used for LAG hashing. With this feature, LAGs can hash GRE traffic

The feature allows a GRE tunnel to be resolved over another GRE tunnel. The two GRE tunnels may be in the same VRF or different VRFs.

This feature introduces hardware forwarding support for IPv4-over-IPv4 GRE tunnel interfaces on selected Arista

gRIBI (gRPC Routing Information Base Interface) defines an interface through which OpenConfig AFT (Abstract Forwarding Table) entries can be injected from an external client to a network element.

The Segment security feature provides the convenience of applying policies on segments rather than interfaces or subnets. Hosts/networks are classified into segments based on prefixes. Grouping prefixes into segments allows for definition of policies that govern flow of traffic between segments. Policies define inter-segment or intra-segment communication rules, e.g. segment A can communicate with segment B but hosts in segment B can not communicate with each other.

This feature involves the use of packet’s Time to Live (TTL) (IPv4) or Hop Limit (IPv6) attributes to protect

Arista campus switches allow extensive and fine grained hardware based flow tracking and management features. They

In ingress/egress and fabric/egress replication mode, on DCS 7280E, DCS 7280R, DCS 7500E and DCS 7500R, Broadcast,

The Hardware Switch Controller (HSC) provides an integration point between the SDN controllers (NSX or Nuage) and

Hardware Table Capacity Monitoring is a new feature to keep track of the capacity and utilization of various hardware forwarding resources and generate alerts/syslogs when the utilization exceeds a threshold value. Users can keep track of the current usage statistics using a single show command, and also configure thresholds on a per-resource basis, to be notified about any high-utilization upfront, before reaching any resource limits. The Main use-case would be for troubleshooting in overflow situations and avoid overflows altogether by taking corrective actions on high utilization.

EOS-4.20.5 adds support for hardware-accelerated sFlow on compatible R2 platforms.

Hierarchical Forwarding Equivalence Class (HFEC) changes a FEC from a single flat level to a multi level FEC

This feature allows capturing packets and byte counts at high resolution on physical interfaces, down to 1 ms granularity. Allows for detecting anomalous packet flows, or confirming the expected bandwidth usage. Requires selecting a set of interfaces to sample, a time resolution, and sampling duration.

Keeping Wi Fi Access Point (AP) firmware up to date allows network administrators to take advantage of the latest

This feature introduces support for scaling both IPv4 and IPv6 hosts on our devices. Existing MDB profiles offer a maximum host scale of 128k with unique MAC rewrites. However, if hosts share the MAC rewrites, the scale can reach up to 204k. To address this issue, we are introducing a new MDB profile that will support a host scale of up to 192k when each host has a unique MAC rewrite. If hosts share the MAC rewrites, the scale can reach up to 256k.

Hotspot 2.0 is a standard for public-access Wi-Fi that enables seamless roaming among Wi-Fi networks and between Wi-Fi and cellular networks. With Hotspot 2.0, Passpoint-certified mobile devices such as laptops and smartphones can automatically discover and connect to Wi-Fi networks without the need of signing in manually. It is based on IEEE 802.11u standard for Interworking with External Networks. 

With the 15.0 release, CloudVision Cognitive Unified Edge(CV-CUE) provides you the ability to list down Vulnerable SSIDs and Hotspot SSIDs. CV-CUE takes action on the listed SSIDs according to the applied WIPS policy. 

External controllers can communicate with HSC (Hardware Switch Controller) running on CVX/EOS using the OVSDB

This is an extension to BGP EVPN VPNs that allow us to use iBGP as the PE-CE protocol. This feature also provides a way to isolate the customer’s network BGP attributes from the SP backbone’s attributes, by saving them into a special attribute called ATTR_SET, code 128. This separation introduces a “route server” model that allows the customer’s BGP path attributes to be stored in the SP backbone along with the VPN-IPv4/v6 paths.

ICMP Probe allows querying of interface status and ARP or Neighbor Discovery table status remotely.  It is a request/response protocol, similar to ping, but instead of simply responding to the request, it responds with information about a local interface or a remote neighbor.  The node being queried is called the "proxy node"

Arista switches enable high precision time distribution directly in the data path using IEEE1588 Precision Time

IGMP Snooping Proxy feature is an optimization over IGMP snooping. When IGMP Snooping Proxy is enabled, the switch

This feature enables the user to configure a list or range of BGP attributes to be ignored by the router on receipt of a BGP update message. The BGP attributes are discarded from the BGP update message, and unless the action of discarding an attribute causes the update message to trigger error handling, then the update message is parsed as normal.

You can import Ekahau floor plans to CloudVision Cognitive Unified Edge (CV-CUE) and then manage the access points (AP) from CV-CUE. Once you import the floor plan to CV-CUE, you can map the AP to CV-CUE and start managing the AP.

DMF 8.5 introduced a newly designed Create Policy configuration workflow, replacing the former workflow page.

Each ARP/ND packet into a switch may generate an update for the switch ARP/Neighbor table and this update may need to be synchronized with the MLAG peer when VXLAN is configured. Prior to this feature, these updates (on a VXLAN setup) are synchronized by sending an UDP packet (one packet per update) containing the IP/MAC/VLAN information from the MLAG peer where the ARP/ND packet is received to the other MLAG peer. 

For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency, queue and congestion information for flows at different times. The inband telemetry feature(INT), based on Inband Flow Analyzer RFC draft -IFA 2.0 and IFA 1.0(on some platforms) , is used to gather per flow telemetry information like path, per hop latency and congestion. INT is supported for both IPv4 and IPv6 traffic.

Incoming LACPDU Rate Limit on Arista switches allows for errdisabling of ports experiencing a sustained rate of

With the 20.0 release, network administrators can enable 14 unique SSIDs per Access Point (AP). If your network includes APs that are not on the 20.0 release or do not support more than 8 SSIDs, then such APs broadcast only 8 SSIDs. Only those APs that support 14 SSIDs will broadcast all SSIDs.

With the 14.0 release, CV-CUE introduces an Infrastructure Dashboard that provides an overview of the health of all managed access points (APs).You can view the Infrastructure Dashboard by navigating to

This feature optimizes the utilization of hardware resources by sharing the hardware resources between different VLAN interfaces when they have the same ACL attached in the ingress direction. This is particularly useful for larger deployments where the ACL is applied to multiple VLANs and with the RACL sharing capability, lesser hardware resources are used irrespective of the number of VLANs.

On DCS 7048, DCS 7280E, DCS 7500 and DCS 7500E, prior to EOS 4.14.5, multicast traffic using ingress replication would

The feature enables support for displaying per traffic class counters on ingress interfaces. The feature is

This feature provides support for per-interface ingress/egress packet/byte counters for both IPv4 and IPv6.

The Inner IP hashing for MPLSoGRE feature enabled hashing of inner IP source/destination address. With this

This feature when configured enables users to rewrite the DSCP of the GUE encapsulated header on IP-over-UDP tunnels while preserving the TOS value of the inner IP ( IPv4 / IPv6 ) payload. Starting from software version 4.34.1F, the CLI configuration to enable or disable DSCP preserve globally on the egress interface introduces a clear distinction in the behavior of GUE encapsulation on the core facing interface of the IP-over-UDP tunnels.

The DCS 7280E and DCS 7500E platforms are virtual output queue (VOQ) based architectures where there is a VOQ for all

Arista access points (APs) support the integration of SESimagotag’s Electronic Shelf Labels (ESLs), which dynamically display prices and offers in retail environments. The SES-Imagotag Retail IoT Connector (USB dongle) connects automatically to the ESLs through a proprietary protocol based on the IEEE 802.15.4 standard. This dongle plugs into the USB port of Arista APs and is managed by SESimagotag’s Serial Communication Daemon (SCD). The SCD ensures seamless AP and USB dongle connectivity to VusionCloud.

This feature, when enabled, allows NAT to function on traffic traversing between VRFs, over inter-VRF static routes or routes leaked to VRFs other than where they were configured.

Using the show switch <switch name/all> interface details or show switch <switch name/all> interface <interface name> details commands in the CLI will now include a Description column, which provides the configured description (if any) for the corresponding interface. This is a CLI-only change.

The Interface Diagnostics quick action provides you with a fast and efficient way to run interface cycles and cable diagnostics on your campus devices from the Campus Health Overview Dashboard. The devices available are those with a Campus tag, which is automatically assigned to devices configured with the Campus Fabric Studio (L2/L3/EVPN).

The document describes the support for dedicated and group ingress policing on interfaces without using QoS policy-maps to match on the traffic and apply policing.

You can use the Access Interface Configuration quick action to assign configuration profiles to devices. The guided workflow will display an illustration of device front panels, which you can use to select interfaces from.

You can use the Access Interface Configuration quick action to assign configuration profiles to devices. The guided workflow will display an illustration of device front panels, which you can use to select interfaces from.

One of the reasons why Wi-Fi clients encounter RF issues is non-Wi-Fi interference. All Wi-Fi 6 and above APs can perform interference classification. CloudVision Cognitive Unified Edge (CV-CUE) classifies interference into four categories — Wi-Fi, Microwave Oven (MWO), Frequency Hopping Spread Spectrum (FHSS), and Continuous Wave (CW).

The internet exit feature enables hosts attached to a VRF in an edge router to reach prefixes that may be reachable over the internet. Since the addresses assigned within a VRF may be non-routable private addresses which cannot be directly used when going to the Internet, the NAT feature is used as a part of the Internet exit solution to provide internet connectivity.