The 7170 load balancer is a layer 4 load balancer providing high packet processing throughput.

802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.

The 7280CR3-36S series include the ability to toggle ports Ethernet33-36 between pairs of 200G QSFP56 ports and a single 400G QSFP-DD port on the odd Ethernet port, disabling the corresponding even Ethernet port. The supported speed capabilities of QSFP-DD ports vary depending on which hardware port group is selected. This document details how to configure the hardware port groups on QSFP-DD ports.

The BGP-LS extension allows IGPs (OSPF/IS-IS) link state database information to be injected into BGP. This is typically used in deployments where some external component, (like a controller or Path Computation Engine) can do centralized path computations by learning the entire IGP topology through BGP-LS. The controller can then communicate the computed paths based on the BGP-LS updates to the head end device in the network. The mechanism used by the controller to communicate the computed TE paths is outside the scope of this document. Using BGP-LS instead of an IGP peering with the controller to distribute IGP link state information has the following advantages.

RPKI provides a mechanism to validate the originating AS of an advertised prefix.

Remove Private AS Ingress is a feature used for removing and replacing private AS numbers from inbound AS paths, so

EOS 4.26.1F release  added a platform configuration command to modify the dynamic MAC learning limit threshold on

This feature allows the user to have a custom COS To TC map per subinterfaces. By default,

This feature can be divided into 3 parts. Enable support for different threshold per Color per TX queue  We

This feature allows configuration of hash seed and hash fields used for LAG and ECMP hash computation.  This offers a

ECMP Hash visibility CLI determines the output interface for an ECMP set based on the flow parameters supplied by the user. Ingress interface, source IP address, destination IP address and IP protocol are the required parameters.

Normally the ingress router in the following diagram has no control over an autonomous system border router’s

This feature is available when configuring Layer2 EVPN or EVPN IRB. As described in RFC7432 section 15

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch and allows

This feature introduces the support for IPv4 ACL configuration under GRE and IPsec tunnel interfaces and IPv6 ACL configuration under GRE tunnel interfaces. The configured ACL rules are applied to a tunnel terminated GRE packet i.e. any IPv4/v6-over-GRE-over-IPv4 that is decapsulated by the GRE tunnel-interface on which the ACL is applied, or a packet terminated on IPsec tunnel i.e, IPv4-over-ESP-over-encrypted-IPv4 packet that is decapsulated and decrypted by the IPsec tunnel interface on which the ACL is applied.

The Segment security feature provides the convenience of applying policies on segments rather than interfaces or subnets. Hosts/networks are classified into segments based on prefixes. Grouping prefixes into segments allows for definition of policies that govern flow of traffic between segments.

In rare circumstances, a Single Event Upset may cause an underflow in the free list of buffers of a switch chip. This can

The document describes the support for dedicated and group ingress policing on interfaces without using QoS policy-maps to match on the traffic and apply policing.

This feature enables IPv6 neighbor discovery (ND) proxies for IPv6 subnets on routed ports, L3 subinterfaces, and VLAN interfaces. IPv6 ND Proxy on VLAN interfaces support requires additional TCAM profile configuration. When enabling IPv6 ND proxy, all IPv6 ND Neighbor Solicitation (NS) packets will be trapped to the control plane instead of being forwarded. In response, IPv6 ND Neighbor Advertisement (NA) packets with the corresponding interface router MACs will be sent back.

This feature provides support for multiple IS IS instances in the default VRF.  Multiple IS IS instances are only

Route redistribution is a process that allows a network to use a routing protocol to dynamically route traffic based

Segment Routing provides mechanism to define end-to-end paths within a topology by encoding paths as sequences of sub-paths or instructions. These sub-paths or instructions are referred to as “segments”. IS-IS Segment Routing (henceforth referred to as IS-IS SR) provides means to advertise such segments through IS-IS protocol.

The L2EVPN MPLS feature is available when configuring BGP in the multi agent routing protocol model.

As of EOS 4.22.0F, EVPN all active multihoming is supported as a standardized redundancy solution. For effective

Normally, a switch traps L2 protocol frames to the CPU. However, certain use-cases may require these frames to be forwarded or dropped. And in cases where the L2 protocol frames are forwarded (eg: Pseudowire), we may require the frames to be trapped to the CPU or dropped. The L2 Protocol Forwarding feature provides a mechanism to control the behavior of L2 protocol frames received on a port or subinterface.

LSPs formed by LDP normally follow IGP routing. The LDP speaker selects the downstream LSR for a particular prefix as

Media Access Control Security (MACsec) is an industry standard encryption mechanism that protects all traffic

Starting with the 4.26.1F release, EOS supports active mixed speed members in a port channel, allowing different

The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface. Clamping MSS value helps in avoiding IP fragmentation in tunnel scenarios by ensuring that MSS is small enough to accommodate the extra overhead of GRE and tunnel outer IP headers.

This feature provides the ability to interconnect EVPN VXLAN domains. Domains may or may not be within the same data center network, and the decision to stretch/interconnect a subnet between domains is configurable. The following diagram shows a multi-domain deployment using symmetric IRB. Note that two domains are shown for simplicity, but this solution supports any number of domains.

Multipath color is a new multicast multipath mode for controlling PIM RPF selection. In the default multipath

In an OSPFv3 Area Border Router (ABR), area filters may be used to prevent specific prefixes from being announced by an

The per port scheduler compensation feature is used to make adjustments to the packet size seen by the scheduler for

Starting from 4.26.10F release, for LACP and static port channels, EOS will support minimum speed configuration,

Power over Ethernet (PoE) is a way of delivering power and data over the same Ethernet wires. There have been multiple IEEE standards for PoE over the years:

Private VLAN is a feature that segregates a regular VLAN broadcast domain while maintaining all ports in the same IP

This feature provides the ability to classify and display misbehaving routes into the following : 1) Routes which are

The send support bundle feature adds a new CLI command which creates a ZIP file containing a useful set of logs and

A pseudowire is usually transported over a single network path in order to preserve the packet ordering of each

This feature terminates GRE packets on a TapAgg switch by stripping the GRE header and then letting the decapped packets go through the normal TapAgg path. With this feature, we can use an L3 GRE tunnel to transit tapped traffic to the TapAgg switch over an L3 network. That would widely extend the available use cases for TapAgg.

This feature adds support for viewing the Digital Optical Monitoring (DOM) parameters for the optics that support enhanced diagnostics from the CLI. The show commands described later in this document can be used to view the instantaneous values for various modulation parameters like Signal-To-Noise Ratio, Residual Inter Symbol Interference, PAM4 Level Transition Parameters, etc. that such optics support.

This article describes how to customize TCAM ( Ternary Content Addressable Memory ) lookup for each feature which uses TCAM.

This document describes LLDP’s VLAN Name TLV. It is defined in IEEE 802.1q standard (802.1Q D.2.3) and contains a

Port wide port security: Port security with address limit on the port configured by the existing shutdown mode port

This document describes the support of VxLAN Bridging and Routing on the R3 series of DCS 7280, 7500 and 7800 Arista