Tag :: EOS 4.25.1F

The primary challenge with using a switching ASIC as a load balancer has been how to deal with changes in the network topology without disrupting existing TCP connections.

The following table describes the advanced mirroring features that are currently supported with links to their respective TOIs.

This feature adds support for user-configured BGP Nexthop Resolution RIB profiles for various BGP-based services e.g. IP unicast, L3 VPN, EVPN, etc. The feature allows an administrator to customize the next hop resolution semantics of BGP routes with an ordered list, or profile, of resolution RIB domains (i.e., either tunnel or IP domain). This allows EOS to direct specific services over the specified RIB domains, overriding the default behavior.

BGP Non Stop Forwarding (NSF) aims to minimize the traffic loss when the the following scenarios occur:

RPKI provides a mechanism to validate the originating AS of an advertised prefix. Using the result of the validation to apply inbound policy in a route map.

This feature supports counting ECN-marked packets (ECN = Explicit Congestion Notification) on a per egress port per tx-queue basis. The feature can be used to gather these packet counts via CLI or SNMP. There are two cases when an ECN-marked (congestion) packet is counted on the egress port/queue:

Egress traffic-policing can be applied on L3 Ethernet subinterfaces for outbound traffic.

EOS-4.24.0 adds support for hardware-accelerated sFlow on R3 systems. Without hardware acceleration, all sFlow processing is done in software, which means performance is heavily dependent on the capabilities of the host CPU. Aggressive sampling rates also decrease the amount of processing time available for other EOS applications.

The document describes the support for dedicated and group ingress policing on interfaces without using QoS policy-maps to match on the traffic and apply policing.

IP Locking is an EOS feature configured on an Ethernet Layer 2 port.  When enabled, it ensures that a port will only permit IP and ARP packets with IP source addresses that have been authorized. As of EOS-4.25.0F release update, IP Locking can run in two modes - IPv4 Locking (which will be referred to as IP Locking) and IPv6 Locking, which can be configured using the commands mentioned in the below sections. IP Locking prevents another host on a different interface from claiming ownership of an IP address through either IP or ARP spoofing.

Introduced in EOS-4.20.1F, “selectable hashing fields” feature controls whether a certain header’s field is used in the hash calculation for LAG and ECMP.

MRU (maximum receive unit) enforcement provides the ability to drop frames that exceed a configured threshold on the ingress interface.

This solution allows delivery of multicast traffic in an IP-VRF using multicast in the underlay network. It builds on top of L2-EVPN, adding support for L3 VPNs and Integrated Routing and Bridging (IRB). The protocol used to build multicast trees in the underlay network is PIM Sparse Mode.

This feature provides isolation and allows segregating/dividing the link state database based on interface. 

ITU-T G8275.1 is a PTP profile defined by ITU-T for telecommunication applications. It defines a set of functions from the IEEE 1588 to achieve phase/time synchronization with full timing support from the network (meaning, all of the network devices support PTP).

RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.

Subinterfaces divide a single ethernet or port channel interface into multiple logical L2 or L3 interfaces based on the 802.1q or 802.1ad tags of incoming traffic. Subinterfaces are commonly used in the L2/L3 boundary device, but they can also be used to isolate traffic with 802.1q tags between L3 peers by assigning subinterfaces to different VRFs or different L2 bridging domains.

IPv4 Unicast Reverse Path Forwarding (uRPF) can help limit malicious IPv4 traffic on a network. uRPF works by enabling the router to verify reachability (routing) of the source IP address (SIP) in the packet being forwarded. If the SIP is determined to not be a valid address, the packet is dropped.

Multicast NAT is a feature that performs NAT translations on multicast traffic. It can be configured under SVIs,

ARP and IPv6 Neighbor Discovery use a neighbor cache to store neighbor address resolutions. The capacity of the neighbor cache is determined by the resources and capabilities of the device platform. The neighbor cache capacity feature adds a means to specify a per-interface capacity for the neighbor cache. A neighboring device, through misconfiguration or maliciousness, can unfairly use a large number of address resolutions. This feature can help to mitigate this over-utilization.

This document describes the OSPFv2 feature that allows the setting of “Down” (DN) bit in type-5 and type-7 LSAs. The DN Bit is a loop prevention mechanism implemented when OSPF is used as CE - PE IGP protocol. Its usage in OSPF is explained by RFC4576. By default, OSPF honors the DN-bit in type-3, type-5 or type-7 LSAs in non-default VRFs.