Tag :: TOI

 The Software Management Studio is used to manage EOS images and extensions and assign them to devices. You’ll use the studio’s Software Repository to upload EOS images, Streaming Agents, and extensions. You’ll then create or edit a workspace in Studios to assign software from the Software Repository to devices.

Source ARP with a virtual IP is a new VARP feature. The purpose of this feature is to change the ARP request header's sender IP and sender MAC address to the virtual IP and virtual MAC addresses. This change occurs for all the ARP request packets originating from the router that match a configured virtual subnet.

With the 13.0 release, you can enable spatial reuse from CloudVision Cognitive Unified Edge (CV-CUE) to improve the spectral efficiency and optimally allocate resources to meet the Quality of Service (QoS). With spatial reuse, two or more Wi-Fi devices (AP or client) that support 802.11ax protocols can send transmissions simultaneously without any significant data loss.

Spectrum analysis is a tool to analyze the RF environment for interference. For monitoring and troubleshooting of wireless networks, you must be aware of the RF environment in which the  APs operate.

"Micro segment" (SRv6 uSID or uSID for short) is an extension of SRv6 architecture, specifically designed to represent SRv6 SIDs in an extremely compact way. It addresses the overhead of using full 128-bit IPv6 SIDs for routing. Instead of using a 128-bit address for single SID, multiple uSIDs are packed into a single 128-bit address. Each 128-bit address comprises a block value representing the domain followed by multiple uSIDs, each of the same bit length. If there are bits left they are filled with trailing zeros. This allows for a complete SRv6 path to be represented by a 128-bit IPv6 address. Like a regular SID, each uSID is associated with a specific behavior on the SRv6 capable node. SRv6 uN refers to the End behavior with uSIDs.

This feature supports enabling and configuring SSH host key algorithms. Along with existing SSH crypto configurations, this enables Secure Shell Daemon (sshd) configurations managed by DMF not to use SHA-1-based algorithms. DMF imposes the default SSHd configuration in the absence of configured SSH host key algorithms and MACs, which will not include SHA-1 algorithms by default.

This document describes the support for performing SSH authentication with X.509 certificates. Authentication to SSH can be completed using a number of different methods. Public key, password and keyboard interactive are supported in EOS. Certificate login is a type of public key authentication in which the public key does not have to be stored on the server. Instead certificates belonging to trusted certificate authorities (CAs) are installed.

This is an infrastructure that provides management of SSL certificates, keys and profiles. SSL/TLS is an application-layer protocol that provides secure transport between client and server through a combination of authentication, encryption and data integrity. SSL/TLS uses certificates and private-public key pairs to provide this security. A user can manage certificates, keys and also multiple SSL profiles. An SSL profile is a configuration which includes certificate, key and trusted CA certificates used in SSL/TLS communication. An SSL profile configuration can be attached to another EOS configuration which supports SSL/TLS communication. Individual EOS features that use this infrastructure will document the details of using an SSL profile in their configuration.

EOS 4.22.1F release adds support for secure In band connection between CVX and Arista switches. Prior to this

Before this feature was introduced, any daemon agent needing to interface with Sysdb for configuration retrieval and status updates had to go through the agent manager within the EOS SDK. Usage of the EOS SDK introduced various ABI issues due to constraints on which compiler, libc and kernel versions the daemon must be built with. This feature offers an alternative mechanism via gRPC, providing more flexibility in how daemon executables are built and used to programmatically interact with and monitor the EOS device.

Stateful switchover is a redundancy mode available on systems with 2 supervisor cards. One supervisor card is active

Static ARP inspection is a security feature that verifies the source IP and the source MAC addresses of each received

The Static Configuration Studio is used to manage static configuration for devices, provide configuration not created by any other studio, and reconcile differences between CloudVision’s designed configuration and device running configuration. Devices are assigned to containers using tags that can identify one or more devices by hostname, role, or location in the network. Each container has configlets of EOS configuration, which are pushed to the EOS devices.

Currently, EOS supports the receiving and transmitting of BGP Flowspec rules. Rules received can be installed locally as ACLs and/or transmitted to other BGP peers/route reflectors. EOS relies on external controllers to inject these flowspec rules. The feature will allow flowspec rules to be defined via CLI in a similar fashion as traffic-policies is currently done. These policies would then be redistributed into BGP. Once redistributed, the rules can be advertised to other BGP peers and optionally installed locally on the configured system.

This feature enables configuring static IPv4 routes that specify the next hop by using an IPv6 address instead of an

Static multicast feature brings in capability to statically configure multicast routes on any Arista platform

A number of L4 7 appliances use the same MAC address to load balance services across two or more appliances that form the

Packet counters for Static and Twice NAT connections are now supported on the DCS 7150 series. This is a debug

This feature allows a switch to statically modify the source or destination IP (and optionally the L4 port) for a transit packet. Static NAT support on 7050X3, 720XP and 720D platforms was first introduced in 4.21.6F. Starting at EOS 4.35.0F, NAT functionality is supported on certain 7050X4 and 7358X4 platforms.

Static VRF label termination can be enabled at the egress PE to provide pop and route behavior. It allows one to one

The feature exposes metrics and health status of storage devices on controllers and all managed nodes, but not switches. Metrics and health status are updated every minute and exposed through the Telemetry collector

The feature exposes metrics and health status of storage devices on controllers and all managed nodes, but not switches. Metrics and health status are updated every minute and exposed through the Telemetry collector

Storm Control is a flood containment mechanism that limits BUM (broadcast, unknown-unicast, and multicast) traffic. This feature introduces policing BUM traffic via a single policer per interface instead of having independent policers for each of the stream - broadcast, unknown-unicast, multicast.

Storm control enables traffic policing on floods of packets on L2 switching networks. Support for counting dropped packets and bytes on interfaces where storm control metering is provisioned. Both packet and bytes count are supported and will be displayed. Drop logging on storm-control discards is also supported.

The existing storm control interface configuration mode CLI commands have been extended to support the new

Storm control enables traffic policing on floods of packets on L2 switching networks. Support was enabled for Front panel ports and Lag in eos-4-25-2f with storm-control-speed-rate-support. Now, storm control will be supported per subinterfaces( both ethernet and port-channel). Scale of subinterfaces is 4095. 

A traffic storm is a flood of packets entering a network, resulting in excessive traffic and degraded performance. Storm control prevents network disruptions by limiting traffic beyond specified thresholds on individual physical LAN interfaces. Storm control monitors inbound traffic levels over one-second intervals and compares the traffic level with a specified benchmark. The storm-control command configures and enables storm control on the configuration mode physical interface

A traffic storm is a flood of packets entering a network, resulting in excessive traffic and degraded performance.

This feature introduces a new type of action that can be created and configured under Provisioning > Actions. These actions automate the process of assigning values to inputs in a studio and allow users to input data that originates from outside a studio.

These updates improve the layout of the Studios landing page by emphasizing essential studios and structuring all other studios in a more comprehensive, user-friendly way.

This feature enables ACL functionality on subinterfaces. ACLs on subinterfaces are configured using the

Subinterfaces are logical L3 interfaces that enable the division of a single Ethernet or Port-channel interface into multiple logical L3 interfaces based on the incoming 802.1q tag.  They are commonly used in the L2/L3 boundary.  They can also be used in the context of VRF-lite, by configuring each subinterface in a different VRF.

The CCS-750X-48ZXP is a 48 port 10GBASE-T linecard, capable of several full-duplex link speeds to support connecting to a variety of compatible devices of varying capabilities. All supported linkup speeds on this card can be automatically selected during the linkup process using IEEE 802.3 Clause 28 auto-negotiation. Note that IEEE 802.3 also allows for speeds lower than 1Gbps to link up without clause 28 auto-negotiation.

This feature introduces support for the SFP-10G-MRA-T SFP transceiver. This is a rate adapting transceiver, meaning it can convert the system side interface to a lower rate on the line side. This module can provide 100M, 1G, 2.5G, and 5G support over BASE-T media for Arista switches that do not natively support these data rates.

This feature adds support for the following IPFIX keys TCP Source Port, TCP Destination Port, UDP Source Port, UDP Destination Port

The guaranteed bandwidth feature ensures minimum bandwidth for outgoing lower priority traffic from a

The aggregate address minimum contributors feature adds the capability to specify a minimum number of contributor routes that must be present and advertisable in order for the BGP speaker to generate the route for the aggregate address.

A fundamental business requirement for any network operator is to reduce costs where possible. For network operators, deploying devices to many locations can be a significant cost as sending trained specialists to each site for installations is both time-consuming and expensive.

This feature extends the existing UDP payload hashing support to allow an alternative set of bytes to be used in the calculation of the LAG and ECMP hash if an 16 bit field of the payload matches a provided pattern.

The support for configurable dynamic authorization port for different clients has been added to proxy the radius dynamic authorization (CoA) requests. By default, all radius dynamic authorization requests are only proxied to clients at port 3799, which is configurable now.

This feature adds support for configurable max sFlow datagram size. The current default max datagram size is 1400 bytes, which can cause some sFlow datagrams to be dropped when there is an MTU set. This feature enables the configuration of the max datagram payload size within the range of 200 to 1500 bytes to help avoid fragmentation. Note that this feature only configures software sFlow and is not supported on hardware-accelerated sFlow.

This feature adds support for CPU traffic policy capable of matching and acting on IP traffic which would otherwise

Prior to 4.32.2F, the “reset system storage secure” CLI command can be used to perform a best-effort storage device wipe of all sensitive data. However, this command has the limitation that it wipes EOS from the storage device, leaving the system “stuck” in Aboot. The “reset system storage secure rollback” command provides the same secure erase functionality, but additionally allows the user to preserve a subset of files on the main flash device by copying them into RAM during the secure erase procedure. The set of files that are preserved is configurable. After a successful wipe, the system will return to EOS after the erase is complete if the EOS SWI image and adequate configuration files are preserved (such as boot-config and startup-config).

Dot1q (802.1Q) is a tunneling protocol that encapsulates traffic from multiple customer (c-tag) VLANs in an additional single outer service provider (s-tag) VLAN for transit across a larger network structure that includes traffic from all customers. Tunneling eliminates the service provider requirement that every VLAN be configured from multiple customers, avoiding overlapping address space issues.

This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups.

Dynamic NAT Priority feature, which extends the Dynamic NAT feature,  allows you to configure the order in which dynamic NAT rules are evaluated by the switch.

The packet path, prerequisites, and restrictions listed in this document apply to this feature as well Dynamic Twice NAT is a variant of the dynamic NAT feature where both the source and destination IP can be modified while forwarding a packet. One of the IP addresses will be dynamically assigned, while the other will be statically assigned.

gNOI (gRPC Network Operations Interface) defines a set of gRPC-based microservices for executing operational commands on network devices.

gNSI (gRPC Network Security Interface) defines a set of gRPC-based microservices for executing security-related operations on network devices. Some of the RPCs that gNSI exposes are used to rotate security configurations on the switch.

In the realm of network service level agreements (SLAs), a customer often commits to a certain level of service for their clients. This may necessitate limiting bandwidth at the Layer 3 sub-interface level. Currently, egress service policies can achieve bandwidth control, but ingress control lacks a similar mechanism.