- Written by Will Li
- Posted on November 5, 2024
- Updated on November 5, 2024
- 188 Views
Rate limiting of mirrored traffic provides support to control the rate of mirrored traffic that can egress the switch. This feature can be applied to both regular port mirroring and encapsulated mirroring (e.g., mirroring to GRE tunnel), depending on the platform.
- Written by Asang Dani
- Posted on April 17, 2024
- Updated on September 30, 2024
- 2470 Views
The goal of route prioritization is to improve overall network behavior by ensuring that routes classified as having a higher priority are processed and installed in a timely fashion. Activity for lower priority routes must not significantly delay high priority route processing. For example, when a network event affects a large number of BGP routes causing them to be reprogrammed, the programming of an important IGP route that provides underlay connectivity and is affected by a subsequent event should not have to be queued behind the BGP routes. Prioritizing the IGP route programming will improve network convergence. It may also eliminate duplicate work for other routes depending on it.
- Written by David Cronin
- Posted on March 3, 2022
- Updated on November 7, 2024
- 11971 Views
Routing Control Functions (RCF) is a language that can express route filtering and attribute modification logic in a powerful and programmatic fashion.The document covers: Configurations of a RCF function for BGP points of application
- Written by Sergiu Stambolian
- Posted on March 31, 2017
- Updated on June 5, 2024
- 7215 Views
Sampled Mirroring is an extension of the Mirroring feature and sampling is a property of the individual mirroring session: when the session's sample rate N is specified, a packet eligible for mirroring will have a 1/N chance of being mirrored, that is, 1 packet is mirrored for every N packets.
- Written by Haotian Zhang
- Posted on June 4, 2020
- Updated on May 31, 2024
- 8602 Views
This article describes the support for Filtered Mirroring using security ACL. The user can selectively mirror packets based on the statement in the configured IPv4, IPv6 or MAC ACL.
- Written by Athish Rao
- Posted on March 5, 2021
- Updated on May 30, 2024
- 11644 Views
Segment Routing Traffic Engineering Policy (SR-TE) aka SR Policy makes use of Segment Routing (SR) to allow a headend to steer traffic along any path without maintaining per flow state in every node. A headend steers traffic into an SR Policy.
- Written by Gokul Unnikrishnan
- Posted on June 27, 2024
- Updated on June 27, 2024
- 1498 Views
The sFlow VPLS extension adds support for providing VPLS-related information to sFlow packet samples, for VPLS forwarded traffic. Specifically, for customer traffic ingressing on a CE-facing PE interface in a VPLS deployment that uses statically configured LDP pseudowires, information such as the name of the VPLS instance and the ID of the pseudowire that the packet will egress over will be included in the sFlow datagram.
- Written by Gokul Unnikrishnan
- Posted on May 7, 2024
- Updated on May 7, 2024
- 1856 Views
The sFlow VPLS extension adds support for providing VPLS-related information to sFlow packet samples, for VPLS forwarded traffic. Specifically, for customer traffic ingressing on a CE-facing PE interface in a VPLS deployment that uses statically configured LDP pseudowires, information such as the name of the VPLS instance and the ID of the pseudowire that the packet will egress over will be included in the sFlow datagram.
- Written by Thejesh Panchappa
- Posted on May 1, 2015
- Updated on May 13, 2024
- 7930 Views
This is an infrastructure that provides management of SSL certificates, keys and profiles. SSL/TLS is an application-layer protocol that provides secure transport between client and server through a combination of authentication, encryption and data integrity. SSL/TLS uses certificates and private-public key pairs to provide this security.
- Written by Fathima Thasneem
- Posted on August 23, 2022
- Updated on May 30, 2024
- 6347 Views
Interface reflectors are useful to make sure a service provided to customers is working as expected and it's within SLA constraints. Now, we are extending the support to configure subinterfaces as ethernet reflector. The Subinterface Interface Reflector feature allows performing certain actions (such as source/destination MAC address swap) on packets reaching subinterfaces patched to Pseudowire that are reflected back to the source interface. It is useful to test properties and SLAs before deploying the service for a customer.
- Written by Josh Pfosi
- Posted on June 11, 2019
- Updated on November 11, 2024
- 12020 Views
This feature adds support for CPU traffic policy capable of matching and acting on IP traffic which would otherwise
- Written by Deepanshu Shukla
- Posted on August 21, 2020
- Updated on June 3, 2024
- 13614 Views
This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups.
It is intended to help overcome the potential shortcomings of traditional hash-based load balancing by considering the traffic load of members of ECMP groups. DLB considers the state of the port while assigning egress ports to packets, resulting in a more even flow. The state of each port member is determined by measuring the amount of data transmitted from a given port and total number of packets enqueued to a given port.
- Written by Sameer Pakalapati
- Posted on July 3, 2024
- Updated on July 3, 2024
- 1208 Views
The Command-tag feature adds support for grouping multiple configuration units/commands across features using a single command-tag, which is essentially a string. This tag can then be used to enable/disable/remove/disassociate all the associated commands with the tag, using a single CLI command, instead of performing the operation individually for each configuration command.
- Written by Brian Neville
- Posted on November 8, 2023
- Updated on September 30, 2024
- 4619 Views
gNSI (gRPC Network Security Interface) defines a set of gRPC-based microservices for executing security-related operations on network devices.
- Written by Brian Hsieh
- Posted on May 7, 2024
- Updated on May 7, 2024
- 1660 Views
IPv6 Duplicate Address Detection Proxy is a proxy-based mechanism allowing the use of Duplicate Address Detection (DAD) by IPv6 nodes in a point-to-multipoint architecture with a "split-horizon" forwarding scheme. In Split-horizon scenario where the hosts can not directly communicate with each other, but only through a BNG (Broadband Network Gateway).
- Written by Adrian Fettes
- Posted on June 5, 2020
- Updated on May 20, 2024
- 7444 Views
GRE ( Generic Routing Encapsulation ) packet header has a Key extension which is used by Arista to carry packet metadata. Currently packets mirrored at egress to a GRE tunnel destination do not have this information. This feature could be used to enable metadata in egress mirrored packets to GRE destinations.
- Written by Basil Saji
- Posted on November 9, 2020
- Updated on October 11, 2024
- 10807 Views
Private VLAN is a feature that segregates a regular VLAN broadcast domain while maintaining all ports in the same IP subnet. There are three types of VLAN within a private VLAN
- Written by David Jowett
- Posted on April 18, 2024
- Updated on April 18, 2024
- 1987 Views
This feature extends sampled flow tracker to support the selective sampling of certain traffic types (specified globally), such as routed IPv4, routed IPv6, and MPLS pop and route IPv4, per interface. The feature is applicable on interfaces, subinterfaces, port channels, and port channel subinterfaces.
- Written by Patrick MacArthur
- Posted on February 23, 2021
- Updated on April 18, 2024
- 7419 Views
Sub-interfaces can be grouped into logical units called scheduling groups, which are shaped as a single unit. Each scheduling group may be assigned a scheduling policy which defines a shape rate in kbps and optionally a guaranteed bandwidth, also in kbps.
- Written by Jefferson Esteves
- Posted on November 5, 2024
- Updated on November 5, 2024
- 183 Views
The VLAN interface (SVI) counter feature allows the device to count packets received and sent by the device on a per SVI basis. By default, in a VXLAN routing scenario, packets are not counted on the "overlay" SVI. The platform CLI command described below allows for counting on the overlay SVI. When enabled, this feature still permits counting on underlay network SVIs
- Written by Krystian
- Posted on May 15, 2024
- Updated on May 15, 2024
- 1691 Views
Support is added to use VRRP (Virtual Router Redundancy Protocol) virtual IP (Internet Protocol) address as an IPsec ( Internet Protocol Security) tunnel source or destination address. This allows for configurations that offer both security (provided by IPsec tunnels) and redundancy (provided by VRRP).
- Written by Sandeep Kopuri
- Posted on October 7, 2019
- Updated on October 24, 2024
- 11033 Views
Topology Independent Fast Reroute, or TI-LFA, uses IS-IS SR to build loop-free alternate paths along the post-convergence path. These loop-free alternates provide fast convergence.
- Written by Prateek Mali
- Posted on August 19, 2020
- Updated on November 14, 2024
- 20912 Views
Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.
- Written by Eddie Xie
- Posted on January 31, 2024
- Updated on July 15, 2024
- 2306 Views
This TOI supplements the Ingress Traffic Policy applied on ingress port interfaces. Please refer to that document for a description of Traffic Policies and field-sets. This TOI explains the Traffic Policies as applied in the ingress direction on VLAN interfaces.
- Written by Matthew Carrington-Fair
- Posted on March 3, 2023
- Updated on October 24, 2024
- 4634 Views
This feature allows the export of IP FIB (Forwarding Information Base) through the OpenConfig AFT YANG models.
- Written by Victoria Austin
- Posted on June 5, 2023
- Updated on May 2, 2024
- 2856 Views
This feature is disabled by default. It can be enabled by a CLI toggle "logging transceiver communication" under the "monitor layer1" config mode. Note that “logging transceiver” will enable SMBus communication failure and digital optical monitoring syslogs. See under Resources for more information on digital optical monitoring syslogs.
- Written by Pierre Desvallons
- Posted on May 30, 2024
- Updated on July 10, 2024
- 1683 Views
User-defined recovery policy is a type of reset that allows the customer to rollback a device to a previously saved state. A state can be saved by taking a snapshot of the configuration files that the customer wants to save. Once a snapshot has been taken, the device can be reset either through push-button or through the command line interface. This feature provides a trivial way to get back to a tested and working version of EOS.swi with user-defined configs in case of failure.
- Written by Isidor Kouvelas
- Posted on February 28, 2022
- Updated on July 29, 2024
- 14507 Views
Virtual Private LAN Service (VPLS) appears in (almost) all respects as an Ethernet type service to customers of a Service Provider (SP). A VPLS glues together several individual LANs across a packet switched network to appear and function as a single bridged LAN. This is accomplished by incorporating MAC address learning, flooding, and forwarding functions in the context of pseudowires that connect these individual LANs across the packet switched network. LDP signaling is used for the setup and teardown of the mesh of pseudowires that constitute a given VPLS instance.
- Written by Ronish Kalia
- Posted on June 12, 2019
- Updated on April 18, 2024
- 7857 Views
This feature enables policer (using policy-map) on a VTEP to rate limit traffic per VLAN/VNI. The policer can be applied in both input and output directions to rate limit decapsulated and encapsulated VXLAN traffic, respectively. Prior to EOS-4.32.0F, the policers are not applicable on multicast traffic through the VTEP. For platforms supporting rate limiting of both bridged and routed encapsulated traffic, the rate limiting would be done on common policer limits.
- Written by Simon Liang
- Posted on September 5, 2021
- Updated on October 18, 2024
- 9109 Views
This document describes the VRF selection policy and VRF fallback feature. A VRF selection policy contains match rules that specify certain criteria (e.g. DSCP, IP protocol) as well as a resulting action to select a VRF in which to do the FIB lookup. The VRF fallback feature is an extension of these policies which allows users to optionally specify a “fallback” VRF for each VRF. The behavior is such that if the FIB lookup fails in a match rule’s selected VRF, another lookup will be attempted in the configured fallback VRF. Additionally, the fallback VRF itself can have yet another fallback VRF, such that if the lookup in the VRF and fallback VRF fail, the fallback-of-the-fallback VRF will be looked up (see the Configuration section for an example of this).
- Written by Navlok Mishra
- Posted on February 8, 2017
- Updated on May 17, 2024
- 7492 Views
WRED ( Weighted Random Early Detection ) is one of the congestion management techniques.