- Written by Shelesh Bansal
- Posted on November 8, 2023
- Updated on November 8, 2023
- 4021 Views
This feature provides protocol independent UCMP support for all the routes which follow the IGP path provided there is no UCMP computation done at the protocol level itself. Enabling this feature allows for optimal bandwidth utilization over the links by considering link capacity for rationalizing weight among the nexthop members for all the routes which follow the IGP path.
- Written by Tarun Jaswanth LNU
- Posted on August 24, 2020
- Updated on October 17, 2024
- 26833 Views
802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.
- Written by Scarlett Gourley
- Posted on April 20, 2021
- Updated on November 20, 2023
- 9716 Views
This feature supports to upgrade Aboot firmware via an Aboot Update File (AUF). The aim is to be able to provide a signed
- Written by Forhad Ahmed
- Posted on September 11, 2023
- Updated on November 22, 2023
- 4438 Views
Starting from 4.27.2F, IPFIX sampling introduced the capability to report BGP metadata for routes resolving over various tunnel types (ISIS-SR tunnels, NexthopGroups, etc). For example BGP over ISIS-SR - BGP nexthop reported: 100.0.0.1
- Written by Deepak Sebastian
- Posted on August 31, 2023
- Updated on October 9, 2024
- 5351 Views
Agile ports allow users to connect 40G interfaces on 7130 products utilizing multiple SFP ports per 40G capable interface. This enables 40G capable applications, such as MetaConnect and MetaWatch, to operate at that speed.
- Written by Vu Nguyen
- Posted on August 23, 2022
- Updated on November 22, 2023
- 7918 Views
EOS currently supports BGP message authentication via the TCP MD5 Signature (TCP MD5) option (RFC 2385) to protect the BGP sessions from spoofed TCP segments. However, research has shown many concerns that the TCP MD5 algorithm is cryptographically ineffective with a just simple keyed hash for authentication.
- Written by Fathima Thasneem
- Posted on April 25, 2022
- Updated on December 20, 2024
- 7598 Views
As Ethernet technologies made their way into the Metropolitan Area Networks ( MAN ) and the Wide Area Networks ( WAN ), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge.
- Written by Huong Nguyen
- Posted on December 20, 2019
- Updated on December 5, 2023
- 11775 Views
Support for DHCPv4 (RFC 2131) and DHCPv6 Server (RFC 8415) was added to EOS-4.22.1 and EOS-4.23.0 respectively. EOS DHCP server leverages ISC Kea as backend. The router with DHCP Server enabled acts as a server that allocates and delivers network addresses with desired configuration parameters to its hosts.
- Written by Devon McAvoy
- Posted on October 4, 2019
- Updated on July 31, 2024
- 11007 Views
DirectFlow runs alongside the existing layer 2/3 forwarding plane, enabling a network architecture that incorporates new capabilities, such as TAP aggregation and custom traffic engineering, alongside traditional forwarding models. DirectFlow allows users to define flows that consist of match conditions and actions to perform that are a superset of the OpenFlow 1.0 specification. DirectFlow does not require a controller or any third party integration as flows can be installed via the CLI.
- Written by Praveen Kumar Yadav
- Posted on October 20, 2022
- Updated on June 13, 2024
- 6521 Views
In the 7280R3/7500R3/7800R3 platform, EXP rewrite for IP-MPLS routed flows is derived from the DSCP of the packet. Using Qos Policy map , DSCP can be set as needed. But in this process, the egress IP TOS was also changed, which may cause issues later at customer edge.
- Written by Jeevan Kamisetty
- Posted on August 23, 2022
- Updated on November 30, 2023
- 9961 Views
NDR switch sensor aka “monitor security awake” feature provides deep network analysis by doing deep packet inspection of some or all packets of traffic that's forwarded by the switch.
- Written by Vamsi Anne
- Posted on December 29, 2021
- Updated on December 20, 2024
- 10630 Views
As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN), from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge. This mode of operation makes the task of Operations, Administration and Maintenance (OAM) of such networks to be far more challenging, and the ability of service providers to respond to such network faults swiftly directly impacts their competitiveness.
- Written by Vamsi Anne
- Posted on October 20, 2022
- Updated on December 20, 2024
- 7929 Views
As Ethernet technologies made their way into the Metropolitan Area Networks (MAN) and the Wide Area Networks (WAN) from the conventional enterprise level usage, they are now widely being used by service providers to provide end-to-end connectivity to customers. Such service provider networks are typically spread across large geographical areas. Additionally, the service providers themselves may be relying on certain internet backbone providers, referred to as “operators”, to provide connectivity in case the geographical area to be covered is too huge.
- Written by Alton Lo
- Posted on November 6, 2023
- Updated on November 20, 2023
- 4642 Views
RFC7432 defines the MAC/IP advertisement NLRI (route type 2) for exchanging EVPN overlay end-hosts MAC addresses reachability information. When an EVPN MAC/IP route contains more than one path to the same L2 destination, the EVPN MAC/IP best-path selection algorithm determines which of these paths should be considered as the best path to that L2 destination.
- Written by Lavanya Conjeevaram
- Posted on March 31, 2017
- Updated on November 29, 2023
- 13122 Views
Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family
- Written by Jeff Wen
- Posted on January 21, 2019
- Updated on November 30, 2023
- 10308 Views
In the traditional data center design, inter-subnet forwarding is provided by a centralized router, where traffic traverses across the network to a centralized routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.
- Written by Wade Carpenter
- Posted on April 24, 2020
- Updated on July 15, 2024
- 16596 Views
EVPN MPLS VPWS (RFC 8214) provides the ability to forward customer traffic to / from a given attachment circuit (AC) without any MAC lookup / learning. The basic advantage of VPWS over an L2 EVPN is the reduced control plane signalling due to not exchanging MAC address information. In contrast to LDP pseudowires, EVPN MPLS VPWS uses BGP for signalling. Port based and VLAN based services are supported.
- Written by Xuan Qi
- Posted on October 20, 2022
- Updated on September 19, 2024
- 6948 Views
EVPN gateway support for all-active (A-A) multihoming adds a new redundancy model to our multi-domain EVPN solution introduced in [1]. This deployment model introduces the concept of a WAN Interconnect Ethernet Segment identifier (WAN I-ESI). The WAN I-ESI allows the gateway’s EVPN neighbors to form L2 and L3 overlay ECMP on routes re-exported by the gateways. The identifier is shared by gateway nodes within the same domain (site) and set in MAC-IP routes that cross domain boundaries.
- Written by Ethan Yu
- Posted on November 17, 2023
- Updated on November 17, 2023
- 3864 Views
Introduced in EOS 4.31.0F, extended hashing can be configured to significantly reduce the chances of polarization by introducing additional entropy to the load balance keys used in LAG and ECMP based on an extended hashing seed.
- Written by Aman Aman-Ul-Haq
- Posted on March 9, 2021
- Updated on December 1, 2023
- 11518 Views
The Segment security feature provides the convenience of applying policies on segments rather than interfaces or subnets. Hosts/networks are classified into segments based on prefixes. Grouping prefixes into segments allows for definition of policies that govern flow of traffic between segments.
- Written by Pratik Mangalore
- Posted on December 14, 2020
- Updated on December 12, 2024
- 12803 Views
IP Locking is an EOS feature configured on an Ethernet Layer 2 port. When enabled, it ensures that a port will only permit IP and ARP packets with IP source addresses that have been authorized. As of EOS-4.25.0F release update, IP Locking can run in two modes - IPv4 Locking (which will be referred to as IP Locking) and IPv6 Locking, which can be configured using the commands mentioned in the below sections. IP Locking prevents another host on a different interface from claiming ownership of an IP address through either IP or ARP spoofing.
- Written by Christoph Schwarz
- Posted on June 12, 2019
- Updated on November 6, 2023
- 7938 Views
This feature makes a switch act as a neighbor discovery proxy for an IPv6 subnets. It can be used in conjunction with BUM
- Written by Shriprama Rao
- Posted on November 20, 2023
- Updated on November 20, 2023
- 4963 Views
This feature allows encapsulating (and decapsulating) L2 traffic from a given interface or subinterface over a GRE tunnel. An MPLS label is added to identify the ingress interface (similar to MPLS pseudowires) and the GRE tunnel is used to transport the packets to a remote endpoint.
- Written by Andre Kostur
- Posted on November 6, 2023
- Updated on November 7, 2023
- 3528 Views
Log pruning is triggered every minute to examine the /var/log/agents directory for agent log files from repeated restarts of the agent and remove the “middle” log files to save storage and memory resources. This is new behavior that is always enabled.
- Written by David Mirabito
- Posted on December 30, 2021
- Updated on December 12, 2024
- 15998 Views
MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.
- Written by Abdul Haseeb Jehangir
- Posted on March 12, 2020
- Updated on November 20, 2024
- 11646 Views
Mirror on drop is a network visibility feature which allows monitoring of MPLS or IP flow drops occurring in the ingress pipeline. When such a drop is detected, it is sent to the control plane where it is processed and then sent to configured collectors. Additionally, CLI show commands provide general and detailed statistics and status.
- Written by Prashant Srinivas
- Posted on April 25, 2022
- Updated on November 29, 2023
- 9199 Views
The solution described in this document allows multicast traffic arriving on a VRF interface on a Provider’s Edge (PE) router to be delivered to Customer’s Edge (CE) routers with downstream receivers in the same VPN.
- Written by Wojciech Franczyk
- Posted on November 6, 2023
- Updated on November 7, 2023
- 3839 Views
The ICMP protocol has a type of messages used to handle problematic situations in a network, like for example destination unreachable, packet's Time To Live exceeded, and others. They all contain the "original datagram" field which represents the leading octets of the datagram to which the ICMP message is a response. The original datagram consists of the IP header + at least 64 bits of the data.
- Written by Brian Schuette
- Posted on August 22, 2023
- Updated on August 20, 2024
- 5619 Views
The Arista OSFP-400G-SRBD and QDD-400G-SRBD modules (Sometimes referred to as “400G-BIDI” or “400G-SR4.2”) may be used with other 400G-BIDI / 400G-SR4.2 modules, or connected to four 100G-BiDi modules indicated below.
- Written by Ethan Vadai
- Posted on March 6, 2020
- Updated on March 14, 2024
- 17520 Views
Policy-based routing (PBR) is a feature that is applied on routable ports, to preferentially route packets. Forwarding is based on a policy that is enforced at the ingress of the applied interface and overrides normal routing decisions. In addition to matches on regular ACLs, PBR policy-maps can also include “raw match” statements that look like a single entry of an ACL as a convenience for users.
- Written by Tom Meng
- Posted on November 11, 2019
- Updated on December 6, 2023
- 7010 Views
Power management is a way to limit the total available power to be used for Power over Ethernet (PoE) ports. Without power management, the total amount of power that the power supply units (PSU) are able to provide is used. Power management can be used to create power redundancies. For example, if a system has 2 1050W PSUs, the feature can set the total available power to be 800W for PoE. With this configuration, 1 PSU is sufficient to power the system and the unused PSU acts as a backup source, thus giving the system a 1+1 redundancy.
- Written by Tom Meng
- Posted on June 21, 2021
- Updated on January 25, 2024
- 8277 Views
Power over Ethernet (PoE) is a way of delivering power and data over the same Ethernet wires. There have been multiple IEEE standards for PoE over the years:
- Written by Dragos Maftei
- Posted on November 22, 2023
- Updated on November 22, 2023
- 3806 Views
RFC8781 defines a new RA (router advertisement) option called ‘PREF64’, which allows the switch to communicate the IPv6 prefix that is used for NAT64 to hosts on the network, via Router Advertisements. This feature adds support for configuring the PREF64 option on a per-interface basis.
- Written by Sylvia Zheng
- Posted on December 5, 2023
- Updated on February 26, 2024
- 3646 Views
Pseudo load sharing is a load sharing scheme for two power supply units (PSU) that do not have integrated load sharing. With pseudo load sharing, the system power is divided into two power domains, each with one PSU that is connected to a port group consisting of half of the system's Power over Ethernet (PoE) ports. When both PSUs are active, the power domains are independent and each PSU can only provide power to ports within the same power domain. Each port group can consume up to the maximum available power of the PSU in the same power domain. When only one PSU is active, the power switch between the two power domains can route power from the active PSU to all ports on the system.
- Written by Sourabh Bollapragada
- Posted on January 3, 2023
- Updated on February 7, 2024
- 6843 Views
PTP 1-step Boundary Clock (or 1-step BC) is similar to 2-step BC in function but doesn’t send the PTP Follow_Up message. The timestamp present in the PTP Follow_Up message’s preciseOriginTimestamp field is sent in the PTP Sync message’s originTimestamp field along with a non-zero correctionField. This allows us to support more PTP master ports because the control plane does not need to generate PTP Follow_Up messages anymore. PTP 1-step BC supports all the existing features supported by 2-step BC like G8275.1 profile, G8275.2 profile, etc unless otherwise specified in the limitations.
- Written by David Cronin
- Posted on March 3, 2022
- Updated on December 19, 2024
- 20133 Views
Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.
- Written by David Cronin
- Posted on March 3, 2022
- Updated on December 2, 2024
- 12405 Views
Routing Control Functions (RCF) is a language that can express route filtering and attribute modification logic in a powerful and programmatic fashion.The document covers: Configurations of a RCF function for BGP points of application
- Written by Jeevan Kamisetty
- Posted on November 4, 2020
- Updated on October 4, 2024
- 14856 Views
Network administrators require access to flow information that passes through various network elements, for the purpose of analyzing and monitoring their networks. This feature provides access to IP flow information by sampling traffic flows in ingress and/or egress directions on the interfaces on which it is configured. The samples are then used to create flow records, which are exported to the configured collectors in the IPFIX format. Egress Flow tracking is supported from EOS-4.29.0F on the DCS-7170B-64C series and supported on 7280, 7500 and 7800 series platforms from EOS-4.31.1".
- Written by Praveen Kumar Yadav
- Posted on November 16, 2023
- Updated on November 16, 2023
- 4373 Views
Storm control enables traffic policing on floods of packets on L2 switching networks. Support was enabled for Front panel ports and Lag in eos-4-25-2f with storm-control-speed-rate-support. Now, storm control will be supported per subinterfaces( both ethernet and port-channel). Scale of subinterfaces is 4095.
- Written by Sharad Tulsyan
- Posted on November 8, 2023
- Updated on November 8, 2023
- 4262 Views
This document describes the route Flap Damping feature in multi-agent BGP.
- Written by Rutger Beltman
- Posted on November 29, 2023
- Updated on November 29, 2023
- 3738 Views
EOS supports configuring and associating communities on static routes. These are carried into BGP on redistribution.
- Written by Dongping Zhu
- Posted on November 23, 2023
- Updated on November 23, 2023
- 3809 Views
By default, every Arista switch applies the read-only ACL (Access Control List) named "default-control-plane-acl" to control plane traffic in every VRF. This feature allows the user to configure a different ACL to override the system default applied to every VRF. VRF-specific control plane ACL configuration, if present, still takes precedence over the default ACL configured.
- Written by Brian Neville
- Posted on November 8, 2023
- Updated on September 30, 2024
- 4887 Views
gNSI (gRPC Network Security Interface) defines a set of gRPC-based microservices for executing security-related operations on network devices.
- Written by Alok Kumar
- Posted on November 29, 2023
- Updated on October 15, 2024
- 3820 Views
This feature provides a cli command showing the list of mac addresses which could not be learned due to hash collision in the hardware table. A hash collision occurs when two or more distinct pieces of data map to the same entry ( or slot ) in the hardware table. It can happen when the hash function used to calculate the index for a given mac address results in the already occupied index, resulting in failure of inserting the later mac address to the hardware table.
- Written by Scott Bailey
- Posted on November 6, 2023
- Updated on November 7, 2023
- 3986 Views
This feature allows configuring a per-port PTP domain number, which may be different from the global PTP domain number, which will apply to PTP messages sent or received on that port. With this configuration applied, transmitted messages will contain the port-specific domain number and received messages will be accepted if they contain the port-specific or global domain number.
- Written by Uma Subramanian
- Posted on November 30, 2023
- Updated on November 30, 2023
- 3475 Views
PimReg Filtering provides the ability to prevent unauthorized sources and groups from registering with a rendezvous-point (RP) router. This is accomplished by adding the unauthorized source/group to a standard access-list. When the ACL is used on the RP, the RP inspects the source information on the PIM Register packet for a match before accepting/dropping the message.
- Written by Jim George
- Posted on November 22, 2023
- Updated on November 20, 2024
- 4146 Views
The PTP Boundary Clock advertises time based on its local clock, which is counting from an unsynchronized initial value. Hence a free running Boundary Clock would advertise PTP downstream based on counting from an unsynchronized initial value. The GrandMaster, with access to GPS, is however Temps Atomique International (TAI) based. Hence Boundary Clock, which was originally based on unsynchronized initial value, post synchronization with the GrandMaster becomes TAI based. This causes the Boundary Clock’s time and hence PTP advertised downstream, to change drastically.
- Written by Basil Saji
- Posted on November 9, 2020
- Updated on December 20, 2024
- 11126 Views
Private VLAN is a feature that segregates a regular VLAN broadcast domain while maintaining all ports in the same IP subnet. There are three types of VLAN within a private VLAN
- Written by Weichen Zhao
- Posted on June 29, 2023
- Updated on November 9, 2023
- 4981 Views
Prior to this feature, we supported a maximum of two levels of Forward Equivalence Class (FEC) hierarchies for vxlan routing tunnels in hardware.
- Written by Prateek Mali
- Posted on August 19, 2020
- Updated on November 14, 2024
- 21762 Views
Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.