Tag :: TOI

With the 14.0 release, you can integrate OpenID Connect with a captive portal for authentication. The OpenID Connect integration functionality is available only for captive portals hosted on the Arista Cloud. It is not available if the captive portal is hosted on third-party servers or on the access point.

Customers currently leverage the event-handler for automated remediation such as auto-drain of nodes during specific triggers (blackholing scenarios, hardware failures). However, there are scenarios where the automation becomes counterproductive or risky during active incidents or anomalies.

By default, when an SVI is configured on a VXLAN VLAN, then broadcast, unknown unicast, and unknown multicast (BUM) traffic received from the tunnel are copied to CPU. However, sending unknown unicast and unknown multicast traffic to CPU is unnecessary and could have negative side effects. Specifically, these packets take the L2Broadcast CoPP queue to the CPU. When there is a lot of unknown unicast and unknown multicast traffic, important broadcast traffic such as ARP may get dropped in the L2Broadcast CoPP queue. Further, this might also disrupt other control plane protocols such as BFD, BGP, etc.

IPv4 routes of certain prefix lengths can be optimized for enhanced route scale using this feature. This feature is ideally suited to achieve route scale when route distribution has a large number of routes concentrated across the prefix-lengths 24, 23 and 22. EOS 4.27.2F offers 8-to-1 compression of routes as an enhancement.

The OSPF Non Stop Forwarding (NSF) feature adds support for Graceful OSPF Restart (IETF RFC 3623) and Graceful OSPFv3

EOS 4.15.3F adds support for configuring auto cost in OSPFv3 for routed ethernet interfaces and LAG interfaces.

An OSPF router can attract all traffic towards itself from within the OSPF network, by advertising a default route. Often it is desirable to advertise this default route conditionally, for instance, only when there is a connection to an upstream router or when a default route is learnt through other protocols like BGP. OSPF conditional default-originate provides the above functionality.

OSPF distribute list is a policy construct to filter out routes received from OSPF LSAs so that they will not be

The OSPF Max LSA Retransmission Threshold feature adds a configurable limit to the number of LSA update

OSPF Non Stop Forwarding (NSF) adds support for Graceful OSPF Restart, IETF RFC 3623 .  With OSPF Graceful Restart

An OSPF router can attract all traffic towards itself from within the OSPF network, by advertising a default route. Often it is desirable to set a route tag in this default route. This feature will add a CLI parameter to default-information originate that allows an external route tag to be set on the default route for both unconditional and conditional modes.

This feature provides isolation and allows segregating/dividing the link state database based on interface. 

This feature adds authentication support for OSPFv3. Unlike OSPFv2, OSPFv3 does not have authentication fields

EOS 4.17.0F adds support for BFD in OSPFv3. BFD provides a faster convergence in scaled deployments where using

OSPFv3 distribute-list is a policy construct to filter out routes received from OSPFv3 LSAs so that they will not be installed on the router even though the routes are resolved and are installable. The filtering is performed after SPF calculation and only on routes from received LSAs, not on self-originated LSAs. This feature does not affect the OSPFv3 protocol behavior of the router. LSAs are exchanged, e.g. flooded, even if the routes are not installed locally on the router.

EOS release 4.20.1F adds OSPFv3 flood pacing support that allows configuring the minimum interval between the

In previous releases of EOS, Stub area and NSSA area types were supported for OSPFv3, but without support of the "no

Today in any WAN deployment, customers are required to configure path metrics in load balance policy to program a set of best paths in dataplane. Path metrics are multi-dimensional, it include loss, latency, jitter, and load of path. It is not very intuitive to come up with exact values for these metrics as they are highly dependent on the type of application and geographical locations of routers. Also these path metrics keep changing and except for a few apps that require strict max characteristics on latency, jitter or loss, the other apps are able to tolerate variances in metrics.

Overlay IPv6 routing over VXLAN Tunnel is simply routing IPv6 packets in and out of VXLAN Tunnels, similar to

This document describes a few enhancements done in Wireless Manager (WM) release 8.8 in respect of  AP firmware

DANZ Monitoring Fabric (DMF) 8.9.0 adds a new managed service action, called record, to the Service Node (SN). This action enables packet recording using an SN similar to a Recorder Node (RN) and supports basic packet recording and querying capabilities.

Packet trimming is a novel method for end-to-end congestion notification. When a packet is dropped in the MMU due to congestion, the dropped packet is trimmed and forwarded to the intended receiver with a new configured DSCP value. Upon receiving a trimmed packet, the receiver can perform appropriate handling to reduce transmission rate or retransmit any lost packets. The feature supports matching criteria via ingress traffic policy for selecting which packets should be trimmed when they get dropped in the MMU. Similarly, the rewritten DSCP is specified on a per egress port basis for trimmed packets egressing out of the switch to the intended destination. This per egress port DSCP overrides the global rewrite DSCP if configured. This feature is supported for protocols IPv4, IPv6 and SRv6.

By default, the scheduling between parent interfaces and the attached shaped subinterfaces is done in strict priority mode where the parent interface has higher priority than shaped subinterfaces. Subinterfaces that are not shaped use the same queues as the parent so the traffic on these subinterfaces will also have strict priority over shaped subinterfaces.

With the 14.0 release, you can add device passwords and AP-Server Key passphrase as defined in the password policy. The passwords are based on the password policy and password settings that you configure in CV-CUE.

This feature provides the capability to mirror special L2 control frames, called the Pause or Priority Flow Control

Policy Based Routing (PBR) provides the flexibility of routing according to custom defined policies in a way that

Prior to EOS 14.15.0F, if a single packet hit both a PBR and an ACL rule, then only the hardware counters corresponding

On MLAG devices, flood traffic over the peer link follows split-horizon rules to avoid duplicate delivery of packets on MLAG interfaces. However, when one of the MLAG devices becomes inactive, peer-link flooding can cause double delivery or Layer 2 loops. To mitigate this risk, peer-link forwarding restriction was introduced. As of 4.34.0F, support was added for peer-link forwarding restriction when MLAG is enabled but not fully formed to the primary or secondary role. In this transitional state, only MLAG VLANs carrying MLAG control (PDU) traffic are allowed over the peer link. As of 4.34.2F, peer-link forwarding restriction is enabled by default. Users may still disable the feature manually as needed.

The per port per VLAN feature allows application of QoS policies for IP, IPv6 and non IP traffic on a per port per VLAN

DCS 7010T. DCS 7050X. DCS 7250X. DCS 7260X. DCS 7280E, DCS 7280R. DCS 7300X. DCS 7320X. DCS 7500E,

This feature enables per port TC-To-COS mapping, where TC represents Traffic-Class and COS represents Vlan tag PCP bits. While at present there is a global TC-To-COS mapping, we can use the TC-To-COS feature to create custom profiles which can be applied to the required interfaces. 

Per VLAN MAC Learning is a feature to enable/disable mac learning per-vlan instead of per-port. Using this feature with VxLAN could provide a poor-man version of Point-to-Point VxLAN Pseudowire services.

Policy-map counters can be configured to display per-interface counters for all class-maps attached to all successfully programmed policy-maps. The feature is not enabled by default and has to be configured through the command line interface. When enabled, the output of the show command will display both per-interface and aggregate counters.

The Per-MAC ACL feature provides the functionality to apply an IPv4/IPv6 ACL to a 802.1x supplicant instead of applying them on the port that the supplicant is behind. This allows for more flexible and specific traffic policies to be defined for supplicants trying to access certain resources on the network.

This feature introduces per-nexthop MPLS label allocation for the IPv4-unicast default-route and the IPv6-unicast default-route. Previously, BGP-VPN VRFs only supported a per-VRF label scheme. With a per-VRF label scheme, each BGP-VPN supported AFI-SAFI (i.e. IPv4-unicast and IPv6-unicast) in the BGP-VPN VRF is allocated a single "per-VRF" label that will be shared by all the AFI-SAFI’s routes. When the routes are exported as BGP-VPN routes, all the routes will be exported with the same "per-VRF" VPN label. In the Label FIB (LFIB), each allocated "per-VRF" label is associated with an ip-lookup action inside their corresponding BGP-VPN VRF.

The software for Syslog, NTP and SNMP used in EOS resolves hostnames at service start-up. It’s possible that during service operation, the configured host becomes unavailable and the configuration needs to be set to a different host to continue the service. The problem is that such change requires manual restart of the service. Even if the hostname doesn’t change and only the underlying address is updated at the DNS server, the administrator has to manually reset service configuration.

If Dot1x Mac based authentication ( MBA ) is disabled, supplicant discovery is attempted by sending periodic multicast identity requests. These requests are transmitted at a fixed interval, which is 60 seconds. This transmission continues until a successful authentication of an EAPOL supplicant is achieved. With MBA enabled, supplicant discovery also relies on multicast identity requests. However, the transmission interval is set to 30 seconds and the transmission count is set to 3.

Permitting traffic during ACL updates has been available for traffic steering in tap aggregation mode since EOS

Hosts in a branch need to access internet bound services. In traditional deployments, edge routers in branches are connected to the internet via WAN port. To secure the internal network from the internet we have ACLs( Access Control Lists ) to filter the traffic in/out from the WAN port. If we want to filter the traffic into the port we have ingress ACL, egress ACL filters the traffic out of the port. By default, without any ACL configuration present on the WAN port, we accept every traffic coming to the WAN port.

Priority-Flow-Control (PFC) Fair Adaptive Dynamic Threshold (FADT) configuration facilitates efficient utilization of packet buffer resources for both lossy and lossless traffic. Reserve headroom buffer resources to absorb in-flight packets for congested, lossless flows. Assign default or user-defined PFC profiles to interface/PFC priority pairs, called Priority Groups (PG), to dynamically manage packet buffer usage and assertion of PFC pause.

PFC (Priority based Flow Control) is a flow control mechanism used in RDMA environments. PFC provides a link level

This feature enables detection of egress queues that are unable to transmit packets for prolonged periods of time

Priority Flow Control (PFC) Watchdog feature monitors interfaces for priority-flow-control Pause storm. If such a storm is detected on no-drop enabled priorities, it takes actions such as:

DCS 7050X/X2/X3 series. DCS 7060X/X2/X3 series. In previous releases, PFC Watchdog supported only queues

This article is intended to discuss how to configure the Phone VLAN on an Arista switch.

The PHY test pattern CLI can be used to check the quality of the physical layer for an Ethernet interface. This is done by

PIM External Gateways (PEGs) allow an EVPN overlay multicast network to interface with an external PIM domain. They can be used to interconnect two data centers using an external PIM domain in between them.

PIM VRF feature adds VRF support to these existing multicast protocols: PIM SM, PIM BSR, IGMP and MSDP.

PIM Static Source Discovery (SSD) is a feature implemented as part of PIM-SM. Familiarity with setting up and configuring PIM-SM (Sparse Mode) and PIM-SSM (Source-Specific Multicast) is assumed.

With the 19.0 release of CV-CUE, you can place the switches on the floor map by dragging them on the floor map.