EOS 4.32.2F TOI

The AGM for ECMP feature allows monitoring the number of packets and bytes going through each members of the configured ECMP groups on the system, with a high time resolution. Once enabled, the feature will collect data for the specified duration, write it to the specified files on the system’s storage, then stop.

BGP inbound update processing delay is a feature in EOS where an optional delay is applied prior to processing inbound UPDATE messages from a peer(s). The duration of the delay is configurable per peer. The delay is applied to UPDATE messages for all the address families that are negotiated with the peer. The delay timer starts when the peer becomes established. The routes from such peers are processed only after the timer expires. Any routes received after the timer expired are processed as usual without the delay. Both the default VRF and non-default VRFs are supported.

Class Based Forwarding (CBF) provides a means for forwarding traffic through selected tunnels based on the traffic class of the incoming packet. Starting 4.32.2F CBF supports forwarding MPLS labeled traffic based on the EXP value in the incoming packet or the internal traffic class (TC) resolved from the parameters of the packet (e.g TC derived from EXP bits combined with port trust mode). Here, EXP bits refer to the Experimental bits in the MPLS header.

This feature can be used to customize hardware reported transceiver DOM thresholds to uniformize part-to-part differences in various parameter thresholds.

The feature allows to create a named TC to DSCP mapping that can be applied on an interface.DSCP of routed packets egressing out of the interface will be rewritten according to the map.

Filtered mirroring allows certain packets to be selected for mirroring, rather than all packets ingressing or egressing a mirror source port.

This feature provides a way to distinguish groups of flows within encrypted GRE tunnels. That enables downstream forwarding devices to process multiple flows in parallel while maintaining packet order within individual flows. Parallel processing offers the opportunity for significant aggregate throughput improvement.

Forced periodic ARP refresh adds support for a mechanism that allows forcing ARP/NDP refresh requests to be sent in periodic intervals independently of ARP/NDP entries' confirmed time in the kernel. By default, when a neighbor entry gets confirmed by various processes such as ARP synchronization between MLAG peers, an ARP refresh request is not sent for at least another duration of ARP aging timeout (or ND cache expiry time for the IPv6 case). This feature provides support for a configuration to force sending refresh requests at the configured ARP/ND aging timeout regardless of the last confirmed time.

PKI (Public Key Infrastructure) is a certificate based authentication solution for IPsec protocol.

The ‘clear isis instance’ command can be used to reset the ISIS instance that is running. All ISIS instance and interface states will be cleared and re-initialized from the configuration so that ISIS rediscovers neighbors and reconverges the different instances in the ISIS routing tables.

Normally, a switch traps L2 protocol frames to the CPU. However, certain use-cases may require these frames to be forwarded or dropped. And in cases where the L2 protocol frames are forwarded (eg: Pseudowire), we may require the frames to be trapped to the CPU or dropped. The L2 Protocol Forwarding feature provides a mechanism to control the behavior of L2 protocol frames received on a port or subinterface.

A L2 sub-interface is a logical bridging endpoint associated with traffic on an interface distinguished by 802.1Q tags, where each <interface, 802.1q tag> tuple is treated as a first class bridging interface.

Mirroring to a GRE tunnel allows mirrored packets to transit to a L3 network using GRE encapsulation.

This feature allows users to configure L2 subinterfaces on MLAG interfaces. L2 subinterfaces are not supported on the MLAG peer-link.

The intended purpose of this feature is to introduce a server streaming RPC. When a client subscribes to this RPC, they will receive a message anytime there is an update to the hardware programming state of an MPLS route or the Nexthop-Group to which it points to. Note that messages will only be streamed in this RPC callback for versioned MPLS routes that point to versioned nexthop-groups. Messages will not be streamed via this RPC for MPLS routes and Nexthop-Groups that don’t meet this criteria.

This feature adds the support for OSPFv3 multi-site domains (currently this feature is added for IPv6 address family only) described in RFC6565 (OSPFv3 as a Provider to Customer Edge Protocol for BGP/MPLS IP Virtual Private Networks (VPNs) ) and enables routes BGP VPN routes to retain their original route type if they are in the same OSPFv3 domain. Two sites are considered to be in the same OSPFv3 domain if it is intended that routes from one site to the other be considered intra-network routes.

[L2 EVPN] and  [Multicast EVPN IRB] solutions allow for the delivery of customer BUM (Broadcast, Unknown unicast

Configuration of arbitrary combinations of speeds on subinterfaces is being restricted on 800G CMIS Arista transceivers. This feature restricts configuring only uniform sets of speeds on applicable transceivers. This affects Arista-branded 800G active optical transceivers.

PIM External Gateways (PEGs) allow an EVPN overlay multicast network to interface with an external PIM domain. They can be used to interconnect two data centers using an external PIM domain in between them.

When this feature is enabled, responses to gNMI get requests as well as NETCONF get-config responses will contain the default values for YANG leafs if those leafs do not have any other value. This means that where a leaf value would normally be returned in a response, its default value (as defined in the YANG model) will be returned if the leaf does not have any other value assigned to it. Before this change, leafs that had a default value would not have been included in gNMI get responses.

The goal of route prioritization is to improve overall network behavior by ensuring that routes classified as having a higher priority are processed and installed in a timely fashion. Activity for lower priority routes must not significantly delay high priority route processing. For example, when a network event affects a large number of BGP routes causing them to be reprogrammed, the programming of an important IGP route that provides underlay connectivity and is affected by a subsequent event should not have to be queued behind the BGP routes. Prioritizing the IGP route programming will improve network convergence. It may also eliminate duplicate work for other routes depending on it.

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.

Routing Control Functions (RCF) is a language that can express route filtering and attribute modification logic in a powerful and programmatic fashion.The document covers: Configurations of a RCF function for BGP points of application

RSVP-TE P2MP LSR adds transit support for Point-to-Multipoint (P2MP) LSPs. Specifically the feature adds protocol support for the transit role as described in RFC 4875.

Network administrators require access to flow information that passes through various network elements, for the purpose of analyzing and monitoring their networks. This feature provides access to IP flow information by sampling traffic flows in ingress and/or egress directions on the interfaces on which it is configured. The samples are then used to create flow records, which are exported to the configured collectors in the IPFIX format. Egress Flow tracking is supported from EOS-4.29.0F on the DCS-7170B-64C series and supported on 7280, 7500 and 7800 series platforms from EOS-4.31.1".

The Dynamic Load Balancing (DLB) feature is currently supported in the DCS-7060 Arista switches in order to provide an alternative to the hash-based ECMP load balancing, which selects the next hop for routed packets using a static hash algorithm. DLB considers the state and quality of the port while assigning egress ports to packets, resulting in a more even flow. The state of each port member is determined by measuring the amount of data transmitted from a given port and the total number of packets enqueued to a given port.

The send support bundle feature adds a new CLI command which creates a ZIP file containing a useful set of logs and

This document describes the support for performing SSH authentication with X.509 certificates. Authentication to SSH can be completed using a number of different methods. Public key, password and keyboard interactive are supported in EOS. Certificate login is a type of public key authentication in which the public key does not have to be stored on the server. Instead trusted certificate authorities are installed. A presented certificate must be signed either directly or indirectly by one of these trusted certificate authorities to allow authentication to the device. Support for OpenSSH certificates (also known as SSH Certificates) was added in 4.22.1F.

Before this feature was introduced, any daemon agent needing to interface with Sysdb for configuration retrieval and status updates had to go through the agent manager within the EOS SDK. Usage of the EOS SDK introduced various ABI issues due to constraints on which compiler, libc and kernel versions the daemon must be built with. This feature offers an alternative mechanism via gRPC, providing more flexibility in how daemon executables are built and used to programmatically interact with and monitor the EOS device.

A traffic storm is a flood of packets entering a network, resulting in excessive traffic and degraded performance. Storm control prevents network disruptions by limiting traffic beyond specified thresholds on individual physical LAN interfaces. Storm control monitors inbound traffic levels over one-second intervals and compares the traffic level with a specified benchmark. The storm-control command configures and enables storm control on the configuration mode physical interface.

This feature adds support for configurable max sFlow datagram size. The current default max datagram size is 1400 bytes, which can cause some sFlow datagrams to be dropped when there is an MTU set. This feature enables the configuration of the max datagram payload size within the range of 200 to 1500 bytes to help avoid fragmentation. Note that this feature only configures software sFlow and is not supported on hardware-accelerated sFlow.

Prior to 4.32.2F, the “reset system storage secure” CLI command can be used to perform a best-effort storage device wipe of all sensitive data. However, this command has the limitation that it wipes EOS from the storage device, leaving the system “stuck” in Aboot. The “reset system storage secure rollback” command provides the same secure erase functionality, but additionally allows the user to preserve a subset of files on the main flash device by copying them into RAM during the secure erase procedure. The set of files that are preserved is configurable. After a successful wipe, the system will return to EOS after the erase is complete if the EOS SWI image and adequate configuration files are preserved (such as boot-config and startup-config).

gNSI (gRPC Network Security Interface) defines a set of gRPC-based microservices for executing security-related operations on network devices.

IS-IS SR Stateful Switchover (SSO) support allows for a switchover from an active supervisor to a standby supervisor where MPLS traffic remains undisrupted during switchover. This involves reconciliation of all Segment Routing related information in the network using IS-IS Graceful Restart procedures. And also installing the same in forwarding hardware in a manner that does not disrupt the ongoing traffic.

In order to support PIM/IPv4 multicast routing on EOS switches with Broadcom Tomahawk4 ASICs, multicast support using ALPM is required. This works in both 3-level Algorithmic Longest Prefix Match (ALPM) capabilities and 2-level ALPM.

This document describes the availability of VLAN ingress and egress counters on R Series platforms. VLAN counters provide the ability to count packets and bytes ingressing or egressing a bridge domain (VLAN).

Overlay IPv6 routing over VXLAN tunnel using an anycast gateway (direct routing) has been previously supported using the “ipv6 virtual-router” configuration for both the data-plane and EVPN (or CVX) control-plane learning environments. 

SwitchApp is an FPGA-based feature available on Arista’s 7130LB-Series and 7132LB-Series platforms. It performs ultra low latency Ethernet packet switching. Its packet switching feature set, port count, and port to port latency are a function of the selected SwitchApp profile. Detailed latency measurements are available in the userguide on the Arista Support site.

This document describes the VRF selection policy and VRF fallback feature. A VRF selection policy contains match rules that specify certain criteria (e.g. DSCP, IP protocol) as well as a resulting action to select a VRF in which to do the FIB lookup. The VRF fallback feature is an extension of these policies which allows users to optionally specify a “fallback” VRF for each VRF. The behavior is such that if the FIB lookup fails in a match rule’s selected VRF, another lookup will be attempted in the configured fallback VRF. Additionally, the fallback VRF itself can have yet another fallback VRF, such that if the lookup in the VRF and fallback VRF fail, the fallback-of-the-fallback VRF will be looked up (see the Configuration section for an example of this).

This document describes the support for VNI policing counters on VNIs where the VNI policing feature has been provisioned. Counters for this feature provide information on how many packets are being allowed or dropped for a VNI specific flow due to configured VNI policers. VNI policing counters are supported in both directions which correspond to incoming traffic from a remote VTEP and outgoing traffic towards a remote VTEP. Counters in each direction are configured separately. Both packet and bytes counts are supported.