802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.

ACL based traffic management often requires matching packets’ destination addresses against one or more sets of

RPKI provides a mechanism to validate the originating AS of an advertised prefix.

ZeroTouch Provisioning  (ZTP) is used to configure a switch without user intervention. Campus ZTP extends the

TCAM features matching on the same packet type and executing the same action are implicitly prioritized if both are

Source port filtering is enabled by default to prevent traffic from egressing out the same interface it ingressed on.

Tagging traffic with a drop precedence is a method that can be used to differentiate traffic flows over a given

This feature allows the user to have a custom DSCP To TC map per subInterface. By default,

Normally the ingress router in the following diagram has no control over an autonomous system border router’s

As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.

E-Tree is an L2 EVPN service (defined in RFC8317) in which each attachment circuit (AC) is assigned the role of Root or Leaf. Once roles are assigned, the following forwarding rules are enforced:

For MPLS forwarded traffic the tunnel destination needs to know the address-family of the payload IP/IPv6 packet to correctly parse the header. On some platforms this address-family is deduced from the address family of the Bottom of stack( BOS ) MPLS label seen by the router or by relying on the Ether Type in the Ethernet header.

EOS supports the ability to match on a single VLAN tag (example: encapsulation dot1q vlan 10)  or a VLAN tag pair (example: encapsulation dot1q vlan 10 inner 20) to map matching packets to an interface. In this case, the encapsulation string is considered consumed by the mapped interface before forwarding, which means that the tags are effectively removed from the incoming packet for the purposes of any downstream forwarding.

Prior to EOS 4.27.0F, MPLS tunnel egress counters could only be enabled for all MPLS tunnels present in the system

This feature introduces the support for IPv4 ACL configuration under GRE and IPsec tunnel interfaces and IPv6 ACL configuration under GRE tunnel interfaces. The configured ACL rules are applied to a tunnel terminated GRE packet i.e. any IPv4/v6-over-GRE-over-IPv4 that is decapsulated by the GRE tunnel-interface on which the ACL is applied, or a packet terminated on IPsec tunnel i.e, IPv4-over-ESP-over-encrypted-IPv4 packet that is decapsulated and decrypted by the IPsec tunnel interface on which the ACL is applied.

The Segment security feature provides the convenience of applying policies on segments rather than interfaces or subnets. Hosts/networks are classified into segments based on prefixes. Grouping prefixes into segments allows for definition of policies that govern flow of traffic between segments.

For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency, queue and congestion information for flows at different times. The inband telemetry feature(INT), based on Inband Flow Analyzer RFC draft -IFA 2.0 and IFA 1.0(on some platforms) , is used to gather per flow telemetry information like path, per hop latency and congestion. INT is supported for both IPv4 and IPv6 traffic.

IPv6 multicast routing protocols are used to distribute IPv6 datagrams to one or more recipients. IPv6 PIM builds and

Enterprise networks span sites such as Public Cloud, Data Centers, Branches, Head Quarters. These sites are

IPSec tunnel mode support allows the customer to encrypt traffic transiting between two tunnel endpoints.

The document describes an extension of the decap group feature, that allows IPv6 addresses to be configured and used

This feature will allow the user to select whether port mirror destinations of type GRE tunnel include the optional “key” field in the GRE header on certain platforms. The key field allows the user to uniquely identify a particular packet flow. The feature also allows the user to specify the value of the 32 bit key field.

Egress Peer Engineering (EPE) using BGP LU enables traffic engineering of the links between Autonomous Systems

This feature allows setting the desired maximum VOQ latency. Drop probabilities are adjusted in hardware to meet this limit.

Arista's 7130 Connect Series of Layer 1+ switches are powerful network devices designed for ultra low latency and offer a wealth of integrated management features and functionalities.

MetaMux is an FPGA-based feature available on Arista’s 7130 platforms. It performs ultra-low latency Ethernet packet multiplexing with or without packet contention queuing. The port to port latency is a function of the selected MetaMux profile, front panel ingress port, front panel egress port, FPGA connector ingress port, and platform being used.

MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.

MLDv2 Snooping optimizes the transmission of multicast packets in Layer 2 by using Layer 3 information contained in

Arista EOS currently supports a maximum 6 labels push on R2 and R3 series platforms. This feature increases maximum

The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface. Clamping MSS value helps in avoiding IP fragmentation in tunnel scenarios by ensuring that MSS is small enough to accommodate the extra overhead of GRE and tunnel outer IP headers.

Macro Segmentation Service with Layer 3 firewall (MSS FW) provides a mechanism to offload policy enforcement on TORs

This feature provides the ability to interconnect EVPN VXLAN domains. Domains may or may not be within the same data center network, and the decision to stretch/interconnect a subnet between domains is configurable. The following diagram shows a multi-domain deployment using symmetric IRB. Note that two domains are shown for simplicity, but this solution supports any number of domains.

[L2 EVPN] and  [Multicast EVPN IRB] solutions allow for the delivery of customer BUM (Broadcast, Unknown unicast and Multicast) traffic in a L2VPN and L3VPNs respectively using multicast in the underlay network.

The per port scheduler compensation feature is used to make adjustments to the packet size seen by the scheduler for

PIM External Gateways (PEGs) allow an EVPN overlay multicast network to interface with an external PIM domain. They can be used to interconnect two data centers using an external PIM domain in between them.

This document describes how PIM non stop forwarding (NSF) works and its limitations. PIM supports non stop

Policy-based routing (PBR) is a feature that is applied on routable ports, to preferentially route packets. Forwarding is based on a policy that is enforced at the ingress of the applied interface and overrides normal routing decisions. In addition to matches on regular ACLs, PBR policy-maps can also include “raw match” statements that look like a single entry of an ACL as a convenience for users.

The postcard telemetry (GreenT - GRE Encapsulated Telemetry) feature is used to gather per flow telemetry information like path and per hop latency. For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency and congestion information for flows at different times.

This feature enables a 7170 using the stateless load balancer profile to act as a proxy for pings to VIPs (virtual IPs)

This feature adds a new CLI command which can be used to clear RSVP sessions. Clearing a session will remove the current

This feature allows the user to configure upto 1023 unique QoS Policy-maps per chip.

VXLAN UDP ESP support allows the customer to encrypt traffic between two VXLAN VTEPs. The frame

This feature adds RSVP information for three tables from MPLS TE STD MIB:. mplsTunnelTable.

This feature modifies the display format of “show interface Tunnel <num> counters” on hardware

This feature enables ACL functionality on subinterfaces. Release. Update. 4.17.0F . Support for

This feature adds support for CPU traffic policy capable of matching and acting on IP traffic which would otherwise

ARP is a protocol that resolves an IPv4 neighbor address to a MAC address while IPv6 Neighbor Discovery is similar

This article describes the usage of the ptp free-running source clock command, which selects a time source used by a switch running the Precision Time Protocol (PTP) while it is in a free-running state.

Currently EOS supports redistribution into BGP at the global (instance) level. Also EOS supports redistribution in

This TOI supplements the Ingress Traffic Policy applied on ingress interfaces. Please refer to that document for a description of Traffic Policies and field-sets. This TOI explains the Traffic Policies as applied in the egress direction on interfaces