- Written by Tarun Jaswanth LNU
- Posted on August 24, 2020
- Updated on October 17, 2024
- 25980 Views
802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.
- Written by Kallol Mandal
- Posted on March 3, 2023
- Updated on March 7, 2023
- 6068 Views
In a VXLAN routing setup using VXLAN Controller Service (VCS), this feature will enable the following on a switch that is running as a VCS client.
- Written by Nathan Kitchen
- Posted on April 25, 2024
- Updated on April 25, 2024
- 2210 Views
EOS devices can accept gNMI Get requests with CLI commands as paths. Such requests must have the "origin" field of the path set to “cli”. When the “encoding” field of a Get request is set to “JSON” or “JSON_IETF”, or is not set, the output is returned as the eAPI model of the command, serialized as JSON. For example (using the command “show interfaces Ethernet1/1 status”):
- Written by Peter Friend
- Posted on March 3, 2023
- Updated on March 16, 2023
- 5145 Views
Creating Traffic Policies that regulate control plane traffic from BGP peers by writing the list of BGP peer addresses statically in a field-set is error prone and difficult to update. Selecting only internal or external peers requires additional care. This feature automatically populates a field-set with IPv4 or IPv6 prefixes corresponding to iBGP or eBGP peers.
- Written by Sameer Shah
- Posted on March 3, 2023
- Updated on March 16, 2023
- 5950 Views
This feature provides a mechanism to mark specific routes as resilient ECMP (RECMP) eligible using BGP RCF policies. A policy based mechanism provides a lot of flexibility in choosing the RECMP eligible routes using criteria such as:
- Written by Rashid Akhtar
- Posted on March 3, 2023
- Updated on March 17, 2023
- 5254 Views
This document describes the CLI introduced to change the default hardware FEC allocation scheme for IPv4/IPv6 attached routes. By default, level2 hardware FECs are allocated for attached IPv4/IPv6 routes. To change the default hardware FEC allocation scheme, this CLI can be used.
- Written by Radu Handolescu
- Posted on March 3, 2023
- Updated on November 15, 2024
- 6352 Views
Common Management Interface Specification (CMIS) defines, starting with revision 4.0, a standard mechanism for managing the firmware of compliant transceivers. This mechanism allows for transceivers’ firmware to be updated without having to remove the transceiver from the switch. Firmware updates may be necessary in a testing or production environment to resolve potential firmware bugs. Some transceivers may also support firmware management operations in a hitless manner (without impacting traffic).
- Written by Bharath Somayaji
- Posted on November 22, 2017
- Updated on March 3, 2023
- 8182 Views
DHCPv6 Prefix Delegation support enables a DHCP relay agent to program routes for addresses assigned by a DHCP server. The assigned prefixes could either be DHCPv6 IA_PD prefix delegation addresses, or DHCPv6 IA_NA global /128 addresses.
- Written by Jeevan Kamisetty
- Posted on August 23, 2022
- Updated on November 30, 2023
- 9666 Views
NDR switch sensor aka “monitor security awake” feature provides deep network analysis by doing deep packet inspection of some or all packets of traffic that's forwarded by the switch.
- Written by Dylan Walsh
- Posted on October 20, 2022
- Updated on June 10, 2024
- 7436 Views
EosSdkRpc is an agent built on top of the Arista EOS SDK. It uses gRPC as a mechanism to provide remote access to the EOS SDK. The gRPC interface that EosSdkRpc supports closely matches the interface provided by EOS SDK, and the intent is that the .proto interface can be publically supported. EosSdkRpc allows for remote access and using protobuf to specify the interface isolates user code from the Linux ABI issues that come with building C++ applications on different compiler, libc, and kernel versions. EosSdkRpc is built using C++ but supports clients written in any of the languages currently supported by the gRPC framework.
- Written by Vamsi Anne
- Posted on December 29, 2021
- Updated on November 19, 2024
- 10265 Views
As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.
- Written by Mason Rumuly
- Posted on March 3, 2023
- Updated on November 13, 2024
- 7856 Views
Multihoming in EVPN allows a single customer edge (CE) to connect to multiple provider edges (PE or tunnel endpoint). In any multihoming EVPN instance (EVI), for each ethernet segment a designated forwarder is elected using EVPN type 4 Ethernet Segment (ES) routes sent through BGP. In single-active mode, the designated forwarder (DF) is responsible for sending and receiving all traffic. In all-active mode, the DF is only used to determine whether broadcast, unknown
- Written by Jeff Wen
- Posted on January 21, 2019
- Updated on November 30, 2023
- 9959 Views
In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.
- Written by Joshua Boe
- Posted on March 3, 2023
- Updated on March 7, 2023
- 4512 Views
This feature adds an “exec” command for tracing that incorporates a time limit. Such time limited traces can be executed like so: start trace AGENT setting TRACE timeout TIME ( seconds | minutes | hours ). This is in contrast to the “config” commands for tracing, which do not have a time limit.
- Written by Kaushik Kumar Ram
- Posted on August 21, 2020
- Updated on October 17, 2024
- 9147 Views
Generic UDP Encapsulation (GUE) is a general method for encapsulating packets of arbitrary IP protocols within a UDP tunnel. GUE provides an extensible header format with optional data. In this release, decap capability of GUE packets of variant 1 header format has been added. This variant allows direct encapsulation using the UDP header without the GUE header. The inner payload could be one of IPv4, IPv6, or MPLS.
- Written by Aman Aman-Ul-Haq
- Posted on March 9, 2021
- Updated on December 1, 2023
- 11207 Views
The Segment security feature provides the convenience of applying policies on segments rather than interfaces or subnets. Hosts/networks are classified into segments based on prefixes. Grouping prefixes into segments allows for definition of policies that govern flow of traffic between segments.
- Written by Pauric Ward
- Posted on March 3, 2023
- Updated on May 30, 2024
- 5129 Views
This feature enables the user to configure a list or range of BGP attributes to be ignored by the router on receipt of a BGP update message. The BGP attributes are discarded from the BGP update message, and unless the action of discarding an attribute causes the update message to trigger error handling, then the update message is parsed as normal.
- Written by Padmanabh Ratnakar
- Posted on October 7, 2021
- Updated on October 14, 2024
- 12444 Views
For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency, queue and congestion information for flows at different times. The inband telemetry feature(INT), based on Inband Flow Analyzer RFC draft -IFA 2.0 and IFA 1.0(on some platforms) , is used to gather per flow telemetry information like path, per hop latency and congestion. INT is supported for both IPv4 and IPv6 traffic.
- Written by Neel Neogi
- Posted on December 30, 2020
- Updated on June 8, 2023
- 12272 Views
The document describes the support for dedicated and group ingress policing on interfaces without using QoS policy-maps to match on the traffic and apply policing.
- Written by Dhanashree Nagre
- Posted on March 16, 2022
- Updated on March 13, 2023
- 6897 Views
IPv6 routes of certain prefix lengths can be optimized for enhanced route scale on R/R2 series platforms. This TOI explains the usage of these optimizations.
- Written by Ramakrishnan G
- Posted on September 6, 2021
- Updated on March 16, 2023
- 6682 Views
IPv6 routes of certain prefix lengths can be optimized for enhanced route scale on R3. This TOI explains the usage of these optimizations.
- Written by Arpit Bansal
- Posted on April 23, 2018
- Updated on November 7, 2024
- 7961 Views
Traffic Engineering (TE) provides a mechanism to network administrators to control the path that a data packet takes, bypassing the standard routing model which uses routes along the shortest path. Traffic engineered paths are generally computed on the head-end routers of the topology based on various constraints (e.g. minimum bandwidth, affinity) configured for those paths and attributes (e.g available bandwidth, color) received from devices in the network topology. IS-IS Traffic Engineering (IS-IS TE) feature extends IS-IS protocol in EOS to carry TE attributes as part of its Link State Protocol Data Units (LSPs). Note that IS-IS in EOS only acts as a carrier for TE attributes and it is not used by any processing (e.g. SPF).
- Written by Zeyad Tamimi
- Posted on March 3, 2023
- Updated on May 15, 2024
- 8125 Views
At a high level, L1 profiles are a set of configurations which allow EOS users to change the numbering scheme and default L1 configurations of all front panel interfaces across their network switch.
- Written by Andrei Dvornic
- Posted on April 2, 2015
- Updated on February 8, 2024
- 11377 Views
Loop protection is a loop detection and prevention method which is independent of Spanning Tree Protocol (STP) and is not disabled when the switch is in switchport backup mode or port is in discarding state. The LoopProtect agent has a method to detect loops and take action based on the configuration by the user. In order to find loops in the system, a loop detection frame is sent out periodically on each interface that loop protection is enabled on. The frame carries broadcast destination MAC address, bridge MAC source address, OUI Extended EtherType 0x88b7 as well as information to specify the origins of the packet.
- Written by Diksha Mahajan
- Posted on March 3, 2023
- Updated on March 7, 2023
- 5771 Views
A layer 3 subinterface is a logical endpoint associated with traffic on an interface distinguished by 802.1Q tags, where each interface, 802.1Q tag tuple, is treated as a routing interface.
- Written by Zhen Xue
- Posted on March 3, 2023
- Updated on March 28, 2023
- 5184 Views
A “boot extension” is an extension that gets installed automatically at switch boot time. This feature introduces a new CLI command boot extension <EXTENSION> to simplify the boot extension management and EOS upgrade/downgrade process.
- Written by Kevin Amiraux
- Posted on September 30, 2015
- Updated on August 16, 2024
- 11495 Views
Arista switches provide several mirroring features. Filtered mirroring to CPU adds a special destination to the mirroring features that allows the mirrored traffic to be sent to the switch supervisor. The traffic can then be monitored and analyzed locally without the need of a remote port analyzer. Use case of this feature is for debugging and troubleshooting purposes.
- Written by Dickson Chum
- Posted on January 3, 2023
- Updated on September 25, 2024
- 7364 Views
Mirroring to a GRE tunnel allows mirrored packets to transit to a L3 network using GRE encapsulation.
- Written by Siddarth Karki
- Posted on March 3, 2023
- Updated on June 15, 2023
- 5475 Views
From the 4.29.2F release of EOS, proactive probing of servers is supported. Using this feature Arista switches can continuously probe configured servers to check their liveliness and use the information obtained from these probes while sending out requests to the servers.
- Written by Manvendra Pratap Singh
- Posted on March 3, 2023
- Updated on March 17, 2023
- 5055 Views
When a GRE tunnel is configured, and a GRE-encapped MPLS packet arrives on decap-groups, the traffic-class is derived based on the packet outer DSCP value. This feature aims to allow the user to derive the traffic-class based on the MPLS traffic-class from the payload of the IPv4 GRE packet, using the existing MPLS-exp to TC mapping defined in global QoS maps.
- Written by Anmol Mani Tejeswar Sarma
- Posted on March 3, 2023
- Updated on March 20, 2023
- 4415 Views
Dynamic resizing of nexthop groups, allows a nexthop group to adjust its size in the hardware based on tunnel resolution. When there is a change in tunnel resolution, the hardware is automatically programmed with only those entries that are fully resolved. However, if the tunnel endpoint corresponding to a nexthop group entry becomes unreachable, the entry remains in use and any traffic destined for the endpoint gets blackholed.
- Written by Manpreet
- Posted on March 3, 2023
- Updated on May 22, 2023
- 5126 Views
The on boot link override feature adds support for keeping interfaces down at switch boot until the correct interface state can be determined by feature agents. Keeping the interfaces down through device boot will protect against transient traffic loss by preventing downstream peers from detecting a transient interface up and sending traffic to the device.
- Written by Kaushik Kumar Ram
- Posted on March 3, 2023
- Updated on March 6, 2023
- 6226 Views
By default, when an SVI is configured on a VXLAN VLAN, then broadcast, unknown unicast, and unknown multicast (BUM) traffic received from the tunnel are punted to CPU. However, sending unknown unicast and unknown multicast traffic to CPU is unnecessary and could have negative side effects. Specifically, these packets take the L2Broadcast CoPP queue to the CPU.
- Written by Zetang Lei
- Posted on March 3, 2023
- Updated on March 6, 2023
- 4763 Views
This feature introduces metric profiles to OSPF metric configurations. Metric profiles allow multiple metric configurations to be applied on the interface at the same time. When the interface speed drops below certain thresholds, the interface will automatically change the metric it uses based on the configurations in the metric profile.
- Written by David Cronin
- Posted on March 3, 2022
- Updated on March 14, 2024
- 9530 Views
This document describes a new CLI command to help debug how and why policy permits and denies paths. The aim of this CLI command is for the user to debug a route map or RCF (Routing Control Functions) function by specifying as input a prefix for which BGP has reachability for, either via a BGP peer or a redistribute source.
- Written by Padmanabh Ratnakar
- Posted on April 20, 2021
- Updated on July 15, 2024
- 13601 Views
The postcard telemetry (GreenT - GRE Encapsulated Telemetry) feature is used to gather per flow telemetry information like path and per hop latency. For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency and congestion information for flows at different times.
- Written by Eric Lanini
- Posted on March 3, 2023
- Updated on October 11, 2024
- 5053 Views
Precoding is used to help reduce the burst error length of DFE (Decision Feedback Equalizer) error events with PAM-4 modulation
- Written by Atul Gupta
- Posted on March 3, 2023
- Updated on March 20, 2023
- 4844 Views
This feature allows the network administrator to set a flag to allow the Explicit Congestion Notification (ECN) headers of a packet be preserved and copied to inner or outer packets when the packet is decapsulated or encapsulated on a Vxlan Tunnel Endpoint (VTEP).
- Written by Kieran Weaver
- Posted on March 3, 2023
- Updated on February 2, 2024
- 6336 Views
Media Access Control Security (MACsec) is an industry-standard encryption mechanism that protects all traffic flowing on the Ethernet links. MACsec is based on IEEE 802.1X and IEEE 802.1AE standards.
- Written by Yin Chen
- Posted on March 3, 2023
- Updated on March 7, 2023
- 4977 Views
This TOI document describes the supported Precision Time Protocol (PTP) functionality on the CCS-750X platforms. Due to the nature of the hardware for these products, the supported PTP functionality and interoperation with other features may differ from other Arista products.
- Written by David Cronin
- Posted on March 3, 2022
- Updated on November 6, 2024
- 19472 Views
Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.
- Written by David Cronin
- Posted on March 3, 2022
- Updated on November 7, 2024
- 11970 Views
Routing Control Functions (RCF) is a language that can express route filtering and attribute modification logic in a powerful and programmatic fashion.The document covers: Configurations of a RCF function for BGP points of application
- Written by Denny Hung
- Posted on March 3, 2023
- Updated on March 13, 2023
- 5399 Views
This feature adds support to interface traffic policies for routing matched unicast IPv4 or IPv6 traffic which ingresses on L3 interfaces according to the routing table of a secondary VRF.
- Written by Kalash Nainwal
- Posted on December 14, 2020
- Updated on July 31, 2024
- 12273 Views
RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.
- Written by Ram Murthy
- Posted on March 3, 2023
- Updated on August 27, 2024
- 6884 Views
NAT has been supported in DCS-7150 for many years. Starting at EOS 4.21.6F, NAT functionality is supported on certain 7050X3 platforms.
- Written by Fathima Thasneem
- Posted on August 23, 2022
- Updated on May 30, 2024
- 6346 Views
Interface reflectors are useful to make sure a service provided to customers is working as expected and it's within SLA constraints. Now, we are extending the support to configure subinterfaces as ethernet reflector. The Subinterface Interface Reflector feature allows performing certain actions (such as source/destination MAC address swap) on packets reaching subinterfaces patched to Pseudowire that are reflected back to the source interface. It is useful to test properties and SLAs before deploying the service for a customer.
- Written by Adriana Costin
- Posted on March 3, 2023
- Updated on March 6, 2023
- 4786 Views
This feature introduces a new CLI command (agent Bgp snapshot mrt received routes [ VRF ] FILE) which generates an MRT file containing the peers, prefixes and path attributes received by a switch running multi-agent routing m
- Written by Rajiv Patil
- Posted on September 16, 2020
- Updated on August 30, 2024
- 15086 Views
Dynamic NAT is a feature which dynamically allocates an IP address to an incoming or outgoing flow. This address will replace source or destination IP for all packets of the flow.
- Written by Scott Bailey
- Posted on March 3, 2023
- Updated on August 30, 2023
- 5038 Views
This feature enables L3 reachability for the PTP on the switch using one or more shared “Loopback” interfaces.
- Written by Dongping Zhu
- Posted on March 3, 2023
- Updated on August 10, 2023
- 5793 Views
Leaf Smart System Upgrade (SSU) provides the ability to upgrade the EOS image with minimal traffic disruption. To perform the SSU, Spanning Tree Protocol (STP) should either be disabled or configured as MSTP. Meanwhile, all ports should be configured with admin edge ports (i.e., all ports are supposed to connect to host only) and the BPDU guard should be enabled for all edge ports.