- Written by Tarun Jaswanth LNU
- Posted on August 24, 2020
- Updated on October 17, 2024
- 25902 Views
802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.
- Written by Ajay Kini
- Posted on June 21, 2020
- Updated on February 15, 2024
- 8675 Views
Accumulated IGP Metric (AIGP) is an optional non-transitive BGP attribute used to carry an IGP metric with BGP route advertisements. The AIGP attribute is useful for tie-breaking in BGP bestpath selection so that routing decisions can be made on the basis of shortest path/lowest IGP cost path amongst multiple BGP paths. This is particularly applicable in scenarios where a single administration is subdivided into multiple Autonomous Systems (AS) each with similar routing policies and the same IGP in use such that the IGP metric for a route can be propagated usefully between the ASes so as to let receiving BGP speakers make routing decisions based on the cumulative IGP cost of the route. This set of ASes in a common administrative domain in the context of advertising and receiving the AIGP attribute are referred to as an AIGP administrative domain.
- Written by Ian McCloghrie
- Posted on January 30, 2024
- Updated on January 30, 2024
- 3538 Views
The multicast boundary specifies subnets where the source traffic entering an interface is filtered to prevent the creation of mroute states on the interface. The multicast boundary can be specified through one standard ACL. However, when providing multicast services via a range of groups per service, an interface could potentially join arbitrary groups and, hence, need arbitrary combinations of ACL rules.
- Written by Dileep Ramesh
- Posted on February 6, 2024
- Updated on February 6, 2024
- 2807 Views
Support for offloading BFD sessions to hardware. This helps in achieving a high scale of BFD sessions (up to 16000) with aggressive intervals. Highlights of the feature include:
- Written by Jason Shamberger
- Posted on March 11, 2020
- Updated on November 14, 2024
- 15963 Views
EOS 4.21.3F introduces support for BGP Flowspec, as defined in RFC5575 and RFC7674. The typical use case is to filter or redirect DDoS traffic on edge routers.
- Written by Nandan Saha
- Posted on August 24, 2020
- Updated on May 22, 2024
- 11355 Views
The BGP-LS extension allows IGPs (OSPF/IS-IS) link state database information to be injected into BGP. This is typically used in deployments where some external component, (like a controller or Path Computation Engine) can do centralized path computations by learning the entire IGP topology through BGP-LS. The controller can then communicate the computed paths based on the BGP-LS updates to the head end device in the network. The mechanism used by the controller to communicate the computed TE paths is outside the scope of this document. Using BGP-LS instead of an IGP peering with the controller to distribute IGP link state information has the following advantages.
- Written by Jason Shamberger
- Posted on April 20, 2020
- Updated on February 19, 2024
- 10781 Views
RPKI provides a mechanism to validate the originating AS of an advertised prefix.
- Written by Bhavin Patel
- Posted on March 24, 2020
- Updated on February 15, 2024
- 9911 Views
This feature allows failover to the backup path to occur in constant time per interface going down for features such as RSVP link protection, RSVP node protection, TI-LFA link protection, and BGP PIC. Without this feature enabled, it would take time proportional to the number of paths going over the interface experiencing the link down event to failover to the backup path. With this feature enabled, the failover time would be constant regardless of the number of paths.
- Written by Vivek Subbarao
- Posted on January 3, 2023
- Updated on February 6, 2024
- 5248 Views
Network Address Translation (NAT) is a feature used to obfuscate private internal addresses to the external world. The feature makes sure that private internal addresses are translated into a publicly visible address which is used by all external hosts and it also does the reverse translation of the public address to the private internal address.
- Written by Vikas Hegde
- Posted on November 22, 2017
- Updated on November 15, 2024
- 16997 Views
Connectivity Monitor is an EOS feature that allows users to monitor their network resources from their Arista switches. The resources being monitored may or may not be Arista devices. Connectivity monitoring is unidirectional in nature.
- Written by Kaustubh Pimparkar
- Posted on January 24, 2024
- Updated on January 30, 2024
- 3089 Views
When multiple IPv6 addresses are assigned to an interface, the source address selection is based on the rules in RFC6724. However, when the matching criteria is the same for all addresses, the selection address depends on the Kernel, which is likely to be the address that is added last. This feature allows addresses to be configured as least preferred so that source addresses can be selected in a more deterministic manner.
- Written by Devon McAvoy
- Posted on October 4, 2019
- Updated on July 31, 2024
- 10643 Views
DirectFlow runs alongside the existing layer 2/3 forwarding plane, enabling a network architecture that incorporates new capabilities, such as TAP aggregation and custom traffic engineering, alongside traditional forwarding models. DirectFlow allows users to define flows that consist of match conditions and actions to perform that are a superset of the OpenFlow 1.0 specification. DirectFlow does not require a controller or any third party integration as flows can be installed via the CLI.
- Written by Nitin Karkhanis
- Posted on January 31, 2024
- Updated on January 31, 2024
- 2939 Views
DirectFlow allows you to define flows consisting of conditions to match, and actions to perform. This enhancement adds to the packet match conditions by allowing for matching on a subset of http methods.
- Written by Sourabh Bollapragada
- Posted on December 22, 2020
- Updated on January 29, 2024
- 8293 Views
This feature supports counting ECN-marked packets (ECN = Explicit Congestion Notification) on a per egress port per tx-queue basis. The feature can be used to gather these packet counts via CLI or SNMP. There are two cases when an ECN-marked (congestion) packet is counted on the egress port/queue:
- Written by Tanuj Kumar Jhamb
- Posted on February 7, 2024
- Updated on February 7, 2024
- 2866 Views
sFlow is a sampling technique which monitors incoming traffic on all interfaces without affecting network performance. Egress sFlow is a feature which samples the packets in the egress pipeline for analytical purposes. Currently egress sFlow is only software based on Arista switches.
- Written by Jacob Sword
- Posted on February 16, 2022
- Updated on March 7, 2024
- 9390 Views
Multiple dynamic counter features may be enabled simultaneously, primarily configured using the [no] hardware counter feature [feature] CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.
- Written by Eric He
- Posted on February 7, 2024
- Updated on February 7, 2024
- 2961 Views
This feature extends the capabilities of event monitor to include NAT logging. The tracked events are NAT translations creations, NAT translations updates, NAT translations deletions and NAT translations deletion reasons (aging deletion, aging deletion(hw not programmed), peer deletion)
- Written by Aaron Bamberger
- Posted on April 23, 2020
- Updated on November 7, 2024
- 10008 Views
E-Tree is an L2 EVPN service (defined in RFC8317) in which each attachment circuit (AC) is assigned the role of Root or Leaf. Once roles are assigned, the following forwarding rules are enforced:
- Written by Ayush
- Posted on January 31, 2024
- Updated on January 31, 2024
- 3443 Views
In network deployments, where border leaf or Superspine act as PEG and it is in the transit path to other multicast VTEPs, the multicast stream will not pass since the border leaf will decapsulate the packet even if it doesn't have a receiver. This transit node is called the Bud Node. The device should be able to send decapsulated packets to any local receivers as well as send the encapsulated packets to other VTEPs.
- Written by Mason Alexander Flowers
- Posted on January 30, 2024
- Updated on July 2, 2024
- 3043 Views
This feature introduces the show bgp evpn mac [ vni VNI ] and the show bgp evpn arp [ vni VNI ] command. These commands display post imported EVPN type 2 routes. Both of these commands will only display paths that have been imported into a MAC-VRF. show bgp evpn mac displays post imported EVPN type 2 paths that do not have IP information and only have MAC information, while show bgp evpn arp only displays post imported EVPN type 2 routes that do have IP information.
- Written by Chris Hydon
- Posted on June 17, 2019
- Updated on January 25, 2024
- 22159 Views
Ethernet VPN (EVPN) networks normally require some measure of redundancy to reduce or eliminate the impact of outages and maintenance. RFC7432 describes four types of route to be exchanged through EVPN, with a built-in multihoming mechanism for redundancy. Prior to EOS 4.22.0F, MLAG was available as a redundancy option for EVPN with VXLAN, but not multihoming. EVPN multihoming is a multi-vendor standards-based redundancy solution that does not require a dedicated peer link and allows for more flexible configurations than MLAG, supporting peering on a per interface level rather than a per device level. It also supports a mass withdrawal mechanism to minimize traffic loss when a link goes down.
- Written by Raja Singh
- Posted on January 31, 2024
- Updated on February 23, 2024
- 3068 Views
This feature enables ARPs learnt on an Port-channel and Ethernet interface to be converted into Host routes which can further be redistributed into BGP protocol to take part in the route selection decision process and to get advertised to the peers. These Host routes are not installed into the hardware and are only being generated for advertisement purposes. This feature works for both static and dynamic ARPs.
- Written by Sujit Kumar Sah
- Posted on February 6, 2024
- Updated on February 6, 2024
- 3116 Views
This document describes the FEC Dampening feature. When hardware FEC / ECMP resources usage go above the platform limit, Ale (HW Abstraction layer) deletes some routes in the anticipation of freeing up some more hardware FEC resources to allow newly created FEC to get programmed.
- Written by Rahul Vasist
- Posted on April 20, 2020
- Updated on January 29, 2024
- 9297 Views
EOS-4.24.0 adds support for hardware-accelerated sFlow on R3 systems. Without hardware acceleration, all sFlow processing is done in software, which means performance is heavily dependent on the capabilities of the host CPU. Aggressive sampling rates also decrease the amount of processing time available for other EOS applications.
- Written by Binglai Niu
- Posted on April 24, 2020
- Updated on July 9, 2024
- 8011 Views
On network devices, when a route is programmed, a certain portion of hardware resources is allocated and associated
- Written by Jyothish Kunkumath
- Posted on January 6, 2022
- Updated on November 18, 2024
- 11154 Views
IPSec tunnel mode support allows the customer to encrypt traffic transiting between two tunnel endpoints.
- Written by Navneet Sinha
- Posted on June 29, 2016
- Updated on November 18, 2024
- 14003 Views
Segment Routing provides mechanism to define end-to-end paths within a topology by encoding paths as sequences of sub-paths or instructions. These sub-paths or instructions are referred to as “segments”. IS-IS Segment Routing (henceforth referred to as IS-IS SR) provides means to advertise such segments through IS-IS protocol.
- Written by Gary Wassermann
- Posted on January 30, 2024
- Updated on January 31, 2024
- 3299 Views
IPv4 and IPv6 multicast routing, private VLANs, and egress VLAN translation are supported on EOS, but on prior releases and on certain platforms they did not work correctly when used in combination. In those cases, routed multicast packets that egress on an interface with VLAN translation or on a private VLAN would not egress on the correct VLAN. The configured VLAN translation or private VLAN would not be applied.
- Written by Nathan Kitchen
- Posted on April 24, 2020
- Updated on February 15, 2024
- 3028 Views
The command "show gnmi get PATH" provides a convenient way to send a Get request to a gNMI server running on the device and display the resulting values. This can be helpful during exploration or debugging when setting up gNMI monitoring.
- Written by David Mirabito
- Posted on December 30, 2021
- Updated on November 19, 2024
- 15156 Views
MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.
- Written by Abdul Haseeb Jehangir
- Posted on March 12, 2020
- Updated on November 20, 2024
- 11253 Views
Mirror on drop is a network visibility feature which allows monitoring of MPLS or IP flow drops occurring in the ingress pipeline. When such a drop is detected, it is sent to the control plane where it is processed and then sent to configured collectors. Additionally, CLI show commands provide general and detailed statistics and status.
- Written by Adrian Fettes
- Posted on February 6, 2024
- Updated on February 9, 2024
- 2857 Views
This feature allows packets from MPLS and non MPLS flows with the same source and destination IP addresses to be hashed to the same output lag member in tap aggregation mode.
- Written by Wade Carpenter
- Posted on August 16, 2018
- Updated on May 22, 2024
- 7890 Views
IP traceroute and path MTU (PMTU) discovery both require that routers send ICMP reply messages to the host that invokes each network function. When the route to the destination host traverses an MPLS label-switched path (LSP), the label switching routers (LSRs) will also need to send ICMP reply messages to the originating host.
- Written by Ben May
- Posted on February 1, 2024
- Updated on February 1, 2024
- 3103 Views
This can be done with multiple groups today, as long as we have enough unique group entries in hardware. In the absence of this configuration ( default behavior ), bridged traffic will be assigned to the default VRF and policies of default VRF will be applied to bridged traffic. With this feature, bridged traffic is never subject to MSS-G configuration.
- Written by Diego Asturias
- Posted on January 30, 2024
- Updated on November 13, 2024
- 3756 Views
MultiAccess is an FPGA-based feature available on certain Arista 7130 platforms. It performs low-latency Ethernet multiplexing with optional packet contention queuing, storm control, VLAN tunneling, and packet access control. The interface to interface latency is a function of the selected MultiAccess profile, front panel interfaces, MultiAccess interfaces, configuration settings, and platform being used.
- Written by Sunil Bojanapally
- Posted on January 31, 2024
- Updated on January 31, 2024
- 3209 Views
EOS secures the communication between EOS router instances using IPsec by employing control plane protocol Internet Key Exchange(IKEv1/IKEv2) and data plane protocol ESP(IPsec SA). IKE and IPsec Security Association(SA) use policies to ensure secure communication.
- Written by Niranjan Mahabaleshwar
- Posted on February 12, 2024
- Updated on February 12, 2024
- 2901 Views
EOS allows the generation of the following SSH keys, which can be used as host keys with default names.
- Written by Sahul Sirpa
- Posted on January 31, 2024
- Updated on January 31, 2024
- 3110 Views
Support for egress IPv6 PACLs without using packet recirculation. The matching of ACLs can be done on routed packets, and the ACL can be applied to Front Panel Ports ( FPPs ), and also the match criteria in ACL rules are restricted to ipv6-next-header, and dscp ( traffic-class ).
- Written by Ishwar Biliya
- Posted on February 15, 2024
- Updated on February 15, 2024
- 2875 Views
Currently, in EOS Macsec, padding of partial keys internally prepends both the CAK and CKN hex strings with 0s to satisfy the requirement of Key Derivation Function.This feature allows users to configure the zero padding to either prepend or append the pre-shared CAK/CKN configured in mac security profile. In general, full length CAK/CKN are recommended to be configured. However, this CLI knob can be used in case of configuration of partial CAK/CKN results into issues with derived keys between the peers. Note that the CKN advertised in MACsec control frames will still be without any padding, even when partial CKN is configured.
- Written by Shubham Jangid
- Posted on November 9, 2021
- Updated on October 8, 2024
- 6926 Views
Policing is typically done on the L2 packet size - that is, the size on the wire, excluding the Preamble, Start Frame Delimiter (SFD), and Interpacket Gap (IPG). To ensure that the policer polices the right amount of L2 packet size, a default packet size adjustment is configured, which is deducted from the size seen on wire. The default packet size adjustment corrects the size observed for every traffic type, except for L3 traffic on DCS-7280R, DCS-7280R2, DCS-7500R, and DCS-7500R2 series (see Description part for details).
- Written by Kaustubh Pimparkar
- Posted on January 24, 2024
- Updated on January 24, 2024
- 3270 Views
One of the primary functions of a switch is to forward packets to the correct next hop. This necessitates knowing the unique MAC addresses of all connected hosts and switches to a network interface. In dynamic environments like campus networks, the hosts often come and go, which means the number of connected hosts that the switch knows about expands continuously. Therefore, it becomes necessary to have a mechanism for the switch to eventually discard information about MAC addresses that are no longer active in the network.
- Written by Neeraj Joseph
- Posted on April 23, 2018
- Updated on October 17, 2024
- 8061 Views
The PHY test pattern CLI can be used to check the quality of the physical layer for an Ethernet interface. This is done by
- Written by Gokul Unnikrishnan
- Posted on March 1, 2024
- Updated on March 1, 2024
- 2838 Views
The purpose of this feature is to mitigate multicast traffic loss when a switch that is using PIM sparse mode as its multicast routing protocol is going under maintenance.
- Written by Ethan Vadai
- Posted on March 6, 2020
- Updated on March 14, 2024
- 16963 Views
Policy-based routing (PBR) is a feature that is applied on routable ports, to preferentially route packets. Forwarding is based on a policy that is enforced at the ingress of the applied interface and overrides normal routing decisions. In addition to matches on regular ACLs, PBR policy-maps can also include “raw match” statements that look like a single entry of an ACL as a convenience for users.
- Written by Tanuj Kumar Jhamb
- Posted on February 6, 2024
- Updated on February 7, 2024
- 2998 Views
WRED ( Weighted Random Early Detection ) is one of the congestion management techniques. It works at queue level to drop ECN capable and non ECN capable traffic randomly after reaching the given queue threshold even before the queue is full.
- Written by Sylvia Zheng
- Posted on December 5, 2023
- Updated on February 26, 2024
- 3375 Views
Pseudo load sharing is a load sharing scheme for two power supply units (PSU) that do not have integrated load sharing. With pseudo load sharing, the system power is divided into two power domains, each with one PSU that is connected to a port group consisting of half of the system's Power over Ethernet (PoE) ports. When both PSUs are active, the power domains are independent and each PSU can only provide power to ports within the same power domain. Each port group can consume up to the maximum available power of the PSU in the same power domain. When only one PSU is active, the power switch between the two power domains can route power from the active PSU to all ports on the system.
- Written by Sourabh Bollapragada
- Posted on January 3, 2023
- Updated on February 7, 2024
- 6535 Views
PTP 1-step Boundary Clock (or 1-step BC) is similar to 2-step BC in function but doesn’t send the PTP Follow_Up message. The timestamp present in the PTP Follow_Up message’s preciseOriginTimestamp field is sent in the PTP Sync message’s originTimestamp field along with a non-zero correctionField. This allows us to support more PTP master ports because the control plane does not need to generate PTP Follow_Up messages anymore. PTP 1-step BC supports all the existing features supported by 2-step BC like G8275.1 profile, G8275.2 profile, etc unless otherwise specified in the limitations.
- Written by Kieran Weaver
- Posted on March 3, 2023
- Updated on February 2, 2024
- 6316 Views
Media Access Control Security (MACsec) is an industry-standard encryption mechanism that protects all traffic flowing on the Ethernet links. MACsec is based on IEEE 802.1X and IEEE 802.1AE standards.
- Written by Mohd Arbab Khan
- Posted on February 7, 2024
- Updated on February 7, 2024
- 2452 Views
WRED/ECN are congestion management techniques, which work at queue level to drop/mark packets randomly after queue size exceeding the configured queue threshold. The queue size is determined using Exponentially weighted moving average (EWMA) technique with queue weight, previous queue size, current queue size as variables.
- Written by David Cronin
- Posted on March 3, 2022
- Updated on November 6, 2024
- 19425 Views
Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.