The L2 EVPN MPLS feature is available when configuring BGP in the multi-agent routing protocol model. Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers.

Filtered Mirroring allows certain packets to be selected for mirroring, rather than all packets ingressing or egressing a particular port.

When using virtual instances for network simulation (among other things), there exists the issue that the virtual device interface mapping does not match that of the actual physical interfaces on the real devices. While a conversion/substitution could be done, this would result in the creation of large amounts of code/config that serves little useful purpose.

The goal of IAR operation is to minimize the CPU processing and churn in hardware by identifying a set of nexthop adjacencies such that updating those adjacencies in-place is sufficient to correctly forward the traffic quickly for all the affected routes.

Route reflectors are commonly used to distribute routes between BGP peers belonging to the same autonomous system. However, this can lead to non-optimal path selection. The reason for this is that the route reflector chooses the optimal route based on IGP cost from its perspective. This may not be optimal from the perspective of the client as its location may be different from the RR

To understand why BGP-LU tunnels are required to be redistributed into LDP and vice versa, let’s consider the following basic topology for InterAS Option C. It uses IS-IS as IGP where indicated along with LDP:

BGP Monitoring Protocol (BMP) allows a monitoring station to connect to a router and collect all of the BGP announcements received from the router’s BGP peers.

Class Based Forwarding (CBF) is a means for steering IP traffic into colored tunnels based on the ingress DSCP values.  CBF may be used with SR-TE Policy or RSVP-TE colored tunnels.

As Ethernet technologies made their way into the Metropolitan Area Networks ( MAN ) and the Wide Area Networks ( WAN ), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge.

Support for DHCPv4 (RFC 2131)  and DHCPv6 Server (RFC 8415) was added to EOS-4.22.1 and EOS-4.23.0 respectively. EOS DHCP server leverages ISC Kea as backend. The router with DHCP Server enabled acts as a server that allocates and delivers network addresses with desired configuration parameters to its hosts.

DirectFlow runs alongside the existing layer 2/3 forwarding plane, enabling a network architecture that incorporates new capabilities, such as TAP aggregation and custom traffic engineering, alongside traditional forwarding models. DirectFlow allows users to define flows that consist of match conditions and actions to perform that are a superset of the OpenFlow 1.0 specification. DirectFlow does not require a controller or any third party integration as flows can be installed via the CLI.

When OpenConfig is enabled, the entire YANG tree is exposed to the client. This allows a client to have read and write access to all parts of the YANG tree. In some cases, it would be preferable to block portions of the YANG tree so that specific part of the tree cannot be modified or read by the client. 

This feature introduces a new CLI command which disables the above-mentioned propagation of DSCP and ECN bits from the outer IP header. 

Precision Time Protocol (PTP) management messages are general messages sent to PTP-enabled switches on the data plane. On Arista switches, its behavior depends on the configured PTP mode. 

EOS supports the ability to match on a single VLAN tag (example: encapsulation dot1q vlan 10)  or a VLAN tag pair (example: encapsulation dot1q vlan 10 inner 20) to map matching packets to an interface. In this case, the encapsulation string is considered consumed by the mapped interface before forwarding, which means that the tags are effectively removed from the incoming packet for the purposes of any downstream forwarding.

In VXLAN networks, broadcast DHCP requests are head-end-replicated to all VXLAN tunnel endpoints (VTEP). If a DHCP relay helper address is configured on more than one VTEP, each such VTEP relays the DHCP request to the configured DHCP server. This could potentially overwhelm the DHCP server as it would receive multiple copies of broadcast packets originated from a host connected to one of the VTEPs.

IP Locking is an EOS feature configured on an Ethernet Layer 2 port.  When enabled, it ensures that a port will only permit IP and ARP packets with IP source addresses that have been authorized. As of EOS-4.25.0F release update, IP Locking can run in two modes - IPv4 Locking (which will be referred to as IP Locking) and IPv6 Locking, which can be configured using the commands mentioned in the below sections. IP Locking prevents another host on a different interface from claiming ownership of an IP address through either IP or ARP spoofing.

An IPsec service ACL provides a way to block IPsec connections to/from specific addresses. This feature works in a similar way to other protocols in EOS that provide this functionality.

The flow-label match for QoS policy map can be achieved by using the TCAM profile “qos-match-ipv6-flow-label” which is available from EOS 4.27.2F onwards. 

Introduced in EOS-4.20.1F, “selectable hashing fields” feature controls whether a certain header’s field is used in the hash calculation for LAG and ECMP.

If a network device uses deep packet inspection for load balancing, RFC6790 recommends deployments to use entropy label in LDP to improve load balancing in MPLS networks by providing sufficient entropy in the label stack itself.

MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.

The solution described in this document allows multicast traffic arriving on a VRF interface on a Provider’s Edge (PE) router to be delivered to Customer’s Edge (CE) routers with downstream receivers in the same VPN.

The Per-MAC ACL feature provides the functionality to apply an IPv4/IPv6 ACL to a 802.1x supplicant instead of applying them on the port that the supplicant is behind. This allows for more flexible and specific traffic policies to be defined for supplicants trying to access certain resources on the network.

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.

Routing Control Functions (RCF) is a language that can express route filtering and attribute modification logic in a powerful and programmatic fashion.The document covers: Configurations of a RCF function for BGP points of application

Routing Control Functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion. 

Routing Control Functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.

RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.

This feature introduces support for the SFP-10G-MRA-T SFP transceiver. This is a rate adapting transceiver, meaning it can convert the system side interface to a lower rate on the line side.

Compatible platforms start up in the “default” forwarding-table partition mode, which provides the ability to program up to 8K L2 addresses.

Dynamic NAT is a feature which dynamically allocates an IP address to an incoming or outgoing flow. This address will replace source or destination IP for all packets of the flow.

Support for Media Access Control Security ( MACsec ) was added in EOS-4.15.4. It introduced the concept of configuring pre-shared keys ( PSKs ) for the purpose of MKA negotiation.

The Ephemeral Port Range is a range of network ports that are typically reserved for automatic port allocation. Ports in this range could be grabbed and released frequently by custom agents that require a port but do not require a specific known port. 

A L2 sub-interface is a logical bridging endpoint associated with traffic on an interface distinguished by 802.1Q tags, where each <interface, 802.1Q tag> tuple is treated as a first-class bridging interface. 

This TOI supplements the Ingress Traffic Policy applied on ingress interfaces. Please refer to that document for a description of Traffic Policies and field-sets. This TOI explains the Traffic Policies as applied in the egress direction on interfaces

Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.

This feature introduces the support for Traffic Policy on VLANs. Traffic Policy allows the user to configure rules to match on certain packets through the packet processing pipeline. The user can also place actions to match packets.

Overlay IPv6 routing over VXLAN tunnel using an anycast gateway (direct routing) has been previously supported using the “ipv6 virtual-router” configuration for both the data-plane and EVPN (or CVX) control-plane learning environments. 

SWIM (SWI Modularized) is a change to the format of EOS.swi. It is a feature that is mostly internal, but has a few customer visible side-effects one should be mindful of.

SwitchApp is an FPGA-based feature available on Arista’s 7130LB-Series and 7132LB-Series platforms. It performs ultra low latency Ethernet packet switching. Its packet switching feature set, port count, and port to port latency are a function of the selected SwitchApp profile. Detailed latency measurements are available in the userguide on the Arista Support site.

This article describes the Tap Aggregation MAC Address Replacement feature. This feature provides the ability to configure user-specific values to replace the destination and source MAC addresses of packets forwarded by Tap Aggregation.

Traffic steering to nexthop groups allows specifying one or more nexthop groups as the destination for a TAP aggregation steering policy. Traffic steering is a TAP aggregation process that uses class maps and policy maps to direct data streams received on TAP ports. 

The ‘redirect’ action used in TCAM profile has lower priority than system rules, if packets match both TCAM rule using ‘redirect’ action and system rules. Hence ‘redirect’ action does not take effect on these packets.

Virtual Private LAN Service (VPLS) appears in (almost) all respects as an Ethernet type service to customers of a Service Provider (SP). A VPLS glues together several individual LANs across a packet switched network to appear and function as a single bridged LAN. This is accomplished by incorporating MAC address learning, flooding, and forwarding functions in the context of pseudowires that connect these individual LANs across the packet switched network. LDP signaling is used for the setup and teardown of the mesh of pseudowires that constitute a given VPLS instance.

A VLAN-Aware bundle MAC-VRF allows multiple L2 domains to be advertised by a single MAC-VRF. The Ethernet Tag ID (ETID) as described in RFC7432 identifies the L2 domain within an EVPN instance corresponding to each route.