Tag :: EOS 4.33.0F

Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.

This feature introduces the support for Traffic Policy on VLANs. Traffic Policy allows the user to configure rules to match on certain packets through the packet processing pipeline. The user can also place actions to match packets.

This supports checking that the value of a given x509 certificate OID matches a user-provided value during the TLS handshake in OpenConfig. If the value does not match, no connection will be established.

This feature allows the export of IP FIB (Forwarding Information Base) through the OpenConfig AFT YANG models.

SwitchApp is an FPGA-based feature available on Arista’s 7130LB-Series and 7132LB-Series platforms. It performs ultra low latency Ethernet packet switching. Its packet switching feature set, port count, and port to port latency are a function of the selected SwitchApp profile. Detailed latency measurements are available in the userguide on the Arista Support site.

In TAP Aggregation mode, configuration options are provided to handle special packet types. When receiving a packet whose Frame Check Sequence (FCS) is corrupted, the default behavior is to replace the bad FCS with the correct value and forward it. Configuration options are available to control the FCS behavior, such as to discard errors, pass through the bad FCS, or append a new FCS.

This feature enables applying traffic policies on incoming traffic and redirecting the traffic to a nexthop other than the one the routing logic would choose. This essentially overrides the routing logic decision. If there is no rule matching the packet, the packet is sent to the routing logic to be routed.

Virtual Private LAN Service (VPLS) can be used when one wishes to connect several LANs dispersed across a packet switched network. VPLS can allow the dispersed LANs to act like a single bridged LAN by providing a service to connect the LANs. The service will appear like an Ethernet LAN (in almost all regards). VPLS achieves this by creating a mesh of pseudowires that connect the dispersed LANs, while also processing the traffic that moves through the pseudowires in a similar way to how a L2 service would. For example, MAC address learning, flooding and forwarding functions are applied to the pseudowire traffic in a VPLS. This allows  VPLS to mimic the functionality of an any-to-any L2 service when connecting dispersed LANs.

The VXLAN VNI counters feature allows the device to count VXLAN packets received and sent by the device on a per VNI basis. Specifically, it enables the device to count bytes and packets that are encapsulated and decapsulated as they are passing through.

The VxLAN VTEP and VNI counters feature allows the device to count VxLAN packets received and sent by the device on a per