- Written by Tarun Jaswanth LNU
- Posted on 8月 24, 2020
- Updated on 10月 17, 2024
- 26833 Views
802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.
- Written by Ajay Kini
- Posted on 6月 21, 2020
- Updated on 2月 15, 2024
- 8979 Views
Accumulated IGP Metric (AIGP) is an optional non-transitive BGP attribute used to carry an IGP metric with BGP route advertisements. The AIGP attribute is useful for tie-breaking in BGP bestpath selection so that routing decisions can be made on the basis of shortest path/lowest IGP cost path amongst multiple BGP paths. This is particularly applicable in scenarios where a single administration is subdivided into multiple Autonomous Systems (AS) each with similar routing policies and the same IGP in use such that the IGP metric for a route can be propagated usefully between the ASes so as to let receiving BGP speakers make routing decisions based on the cumulative IGP cost of the route. This set of ASes in a common administrative domain in the context of advertising and receiving the AIGP attribute are referred to as an AIGP administrative domain.
- Written by Ian McCloghrie
- Posted on 1月 30, 2024
- Updated on 1月 30, 2024
- 3834 Views
The multicast boundary specifies subnets where the source traffic entering an interface is filtered to prevent the creation of mroute states on the interface. The multicast boundary can be specified through one standard ACL. However, when providing multicast services via a range of groups per service, an interface could potentially join arbitrary groups and, hence, need arbitrary combinations of ACL rules.
- Written by Dileep Ramesh
- Posted on 2月 6, 2024
- Updated on 2月 6, 2024
- 3087 Views
Support for offloading BFD sessions to hardware. This helps in achieving a high scale of BFD sessions (up to 16000) with aggressive intervals. Highlights of the feature include:
- Written by Jason Shamberger
- Posted on 3月 11, 2020
- Updated on 11月 14, 2024
- 16630 Views
EOS 4.21.3F introduces support for BGP Flowspec, as defined in RFC5575 and RFC7674. The typical use case is to filter or redirect DDoS traffic on edge routers.
- Written by Nandan Saha
- Posted on 8月 24, 2020
- Updated on 5月 22, 2024
- 11684 Views
The BGP-LS extension allows IGPs (OSPF/IS-IS) link state database information to be injected into BGP. This is typically used in deployments where some external component, (like a controller or Path Computation Engine) can do centralized path computations by learning the entire IGP topology through BGP-LS. The controller can then communicate the computed paths based on the BGP-LS updates to the head end device in the network. The mechanism used by the controller to communicate the computed TE paths is outside the scope of this document. Using BGP-LS instead of an IGP peering with the controller to distribute IGP link state information has the following advantages.
- Written by Jason Shamberger
- Posted on 4月 20, 2020
- Updated on 2月 19, 2024
- 11119 Views
RPKI provides a mechanism to validate the originating AS of an advertised prefix.
- Written by Bhavin Patel
- Posted on 3月 24, 2020
- Updated on 2月 15, 2024
- 10391 Views
This feature allows failover to the backup path to occur in constant time per interface going down for features such as RSVP link protection, RSVP node protection, TI-LFA link protection, and BGP PIC. Without this feature enabled, it would take time proportional to the number of paths going over the interface experiencing the link down event to failover to the backup path. With this feature enabled, the failover time would be constant regardless of the number of paths.
- Written by Vivek Subbarao
- Posted on 1月 3, 2023
- Updated on 2月 6, 2024
- 5565 Views
Network Address Translation (NAT) is a feature used to obfuscate private internal addresses to the external world. The feature makes sure that private internal addresses are translated into a publicly visible address which is used by all external hosts and it also does the reverse translation of the public address to the private internal address.
- Written by Vikas Hegde
- Posted on 11月 22, 2017
- Updated on 12月 20, 2024
- 17767 Views
Connectivity Monitor is an EOS feature that allows users to monitor their network resources from their Arista switches. The resources being monitored may or may not be Arista devices. Connectivity monitoring is unidirectional in nature.
- Written by Kaustubh Pimparkar
- Posted on 1月 24, 2024
- Updated on 1月 30, 2024
- 3370 Views
When multiple IPv6 addresses are assigned to an interface, the source address selection is based on the rules in RFC6724. However, when the matching criteria is the same for all addresses, the selection address depends on the Kernel, which is likely to be the address that is added last. This feature allows addresses to be configured as least preferred so that source addresses can be selected in a more deterministic manner.
- Written by Devon McAvoy
- Posted on 10月 4, 2019
- Updated on 7月 31, 2024
- 11007 Views
DirectFlow runs alongside the existing layer 2/3 forwarding plane, enabling a network architecture that incorporates new capabilities, such as TAP aggregation and custom traffic engineering, alongside traditional forwarding models. DirectFlow allows users to define flows that consist of match conditions and actions to perform that are a superset of the OpenFlow 1.0 specification. DirectFlow does not require a controller or any third party integration as flows can be installed via the CLI.
- Written by Nitin Karkhanis
- Posted on 1月 31, 2024
- Updated on 1月 31, 2024
- 3216 Views
DirectFlow allows you to define flows consisting of conditions to match, and actions to perform. This enhancement adds to the packet match conditions by allowing for matching on a subset of http methods.
- Written by Sourabh Bollapragada
- Posted on 12月 22, 2020
- Updated on 1月 29, 2024
- 8601 Views
This feature supports counting ECN-marked packets (ECN = Explicit Congestion Notification) on a per egress port per tx-queue basis. The feature can be used to gather these packet counts via CLI or SNMP. There are two cases when an ECN-marked (congestion) packet is counted on the egress port/queue:
- Written by Tanuj Kumar Jhamb
- Posted on 2月 7, 2024
- Updated on 2月 7, 2024
- 3154 Views
sFlow is a sampling technique which monitors incoming traffic on all interfaces without affecting network performance. Egress sFlow is a feature which samples the packets in the egress pipeline for analytical purposes. Currently egress sFlow is only software based on Arista switches.
- Written by Jacob Sword
- Posted on 2月 16, 2022
- Updated on 3月 7, 2024
- 9829 Views
Multiple dynamic counter features may be enabled simultaneously, primarily configured using the [no] hardware counter feature [feature] CLI commands. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. Changes in counter feature compatibility across EOS releases is detailed below.
- Written by Eric He
- Posted on 2月 7, 2024
- Updated on 2月 7, 2024
- 3243 Views
This feature extends the capabilities of event monitor to include NAT logging. The tracked events are NAT translations creations, NAT translations updates, NAT translations deletions and NAT translations deletion reasons (aging deletion, aging deletion(hw not programmed), peer deletion)
- Written by Aaron Bamberger
- Posted on 4月 23, 2020
- Updated on 11月 7, 2024
- 10381 Views
E-Tree is an L2 EVPN service (defined in RFC8317) in which each attachment circuit (AC) is assigned the role of Root or Leaf. Once roles are assigned, the following forwarding rules are enforced:
- Written by Ayush
- Posted on 1月 31, 2024
- Updated on 1月 31, 2024
- 3999 Views
In network deployments, where border leaf or Superspine act as PEG and it is in the transit path to other multicast VTEPs, the multicast stream will not pass since the border leaf will decapsulate the packet even if it doesn't have a receiver. This transit node is called the Bud Node. The device should be able to send decapsulated packets to any local receivers as well as send the encapsulated packets to other VTEPs.
- Written by Mason Alexander Flowers
- Posted on 1月 30, 2024
- Updated on 7月 2, 2024
- 3318 Views
This feature introduces the show bgp evpn mac [ vni VNI ] and the show bgp evpn arp [ vni VNI ] command. These commands display post imported EVPN type 2 routes. Both of these commands will only display paths that have been imported into a MAC-VRF. show bgp evpn mac displays post imported EVPN type 2 paths that do not have IP information and only have MAC information, while show bgp evpn arp only displays post imported EVPN type 2 routes that do have IP information.
- Written by Chris Hydon
- Posted on 6月 17, 2019
- Updated on 12月 19, 2024
- 22755 Views
Ethernet VPN (EVPN) networks normally require some measure of redundancy to reduce or eliminate the impact of outages and maintenance. RFC7432 describes four types of route to be exchanged through EVPN, with a built-in multihoming mechanism for redundancy. Prior to EOS 4.22.0F, MLAG was available as a redundancy option for EVPN with VXLAN, but not multihoming. EVPN multihoming is a multi-vendor standards-based redundancy solution that does not require a dedicated peer link and allows for more flexible configurations than MLAG, supporting peering on a per interface level rather than a per device level. It also supports a mass withdrawal mechanism to minimize traffic loss when a link goes down.
- Written by Raja Singh
- Posted on 1月 31, 2024
- Updated on 2月 23, 2024
- 3366 Views
This feature enables ARPs learnt on an Port-channel and Ethernet interface to be converted into Host routes which can further be redistributed into BGP protocol to take part in the route selection decision process and to get advertised to the peers. These Host routes are not installed into the hardware and are only being generated for advertisement purposes. This feature works for both static and dynamic ARPs.
- Written by Sujit Kumar Sah
- Posted on 2月 6, 2024
- Updated on 2月 6, 2024
- 3413 Views
This document describes the FEC Dampening feature. When hardware FEC / ECMP resources usage go above the platform limit, Ale (HW Abstraction layer) deletes some routes in the anticipation of freeing up some more hardware FEC resources to allow newly created FEC to get programmed.
- Written by Edwin Tambi
- Posted on 8月 19, 2020
- Updated on 7月 3, 2024
- 20763 Views
EOS supports the ability to match on a single VLAN tag (example: encapsulation dot1q vlan 10) or a VLAN tag pair (example: encapsulation dot1q vlan 10 inner 20) to map matching packets to an interface. In this case, the encapsulation string is considered consumed by the mapped interface before forwarding, which means that the tags are effectively removed from the incoming packet for the purposes of any downstream forwarding.
- Written by Rahul Vasist
- Posted on 4月 20, 2020
- Updated on 1月 29, 2024
- 9671 Views
EOS-4.24.0 adds support for hardware-accelerated sFlow on R3 systems. Without hardware acceleration, all sFlow processing is done in software, which means performance is heavily dependent on the capabilities of the host CPU. Aggressive sampling rates also decrease the amount of processing time available for other EOS applications.
- Written by Binglai Niu
- Posted on 4月 24, 2020
- Updated on 7月 9, 2024
- 8299 Views
On network devices, when a route is programmed, a certain portion of hardware resources is allocated and associated
- Written by Kallol Mandal
- Posted on 12月 12, 2024
- Updated on 12月 12, 2024
- 136 Views
Each ARP/ND packet into a switch may generate an update for the switch ARP/Neighbor table and this update may need to be synchronized with the MLAG peer when VXLAN is configured. Prior to this feature, these updates (on a VXLAN setup) are synchronized by sending an UDP packet (one packet per update) containing the IP/MAC/VLAN information from the MLAG peer where the ARP/ND packet is received to the other MLAG peer.
- Written by Jyothish Kunkumath
- Posted on 1月 6, 2022
- Updated on 12月 2, 2024
- 11912 Views
IPSec tunnel mode support allows the customer to encrypt traffic transiting between two tunnel endpoints.
- Written by Navneet Sinha
- Posted on 6月 29, 2016
- Updated on 11月 18, 2024
- 14467 Views
Segment Routing provides mechanism to define end-to-end paths within a topology by encoding paths as sequences of sub-paths or instructions. These sub-paths or instructions are referred to as “segments”. IS-IS Segment Routing (henceforth referred to as IS-IS SR) provides means to advertise such segments through IS-IS protocol.
- Written by Gary Wassermann
- Posted on 1月 30, 2024
- Updated on 1月 31, 2024
- 3626 Views
IPv4 and IPv6 multicast routing, private VLANs, and egress VLAN translation are supported on EOS, but on prior releases and on certain platforms they did not work correctly when used in combination. In those cases, routed multicast packets that egress on an interface with VLAN translation or on a private VLAN would not egress on the correct VLAN. The configured VLAN translation or private VLAN would not be applied.
- Written by Nathan Kitchen
- Posted on 4月 24, 2020
- Updated on 2月 15, 2024
- 3339 Views
The command "show gnmi get PATH" provides a convenient way to send a Get request to a gNMI server running on the device and display the resulting values. This can be helpful during exploration or debugging when setting up gNMI monitoring.
- Written by David Mirabito
- Posted on 12月 30, 2021
- Updated on 12月 12, 2024
- 15999 Views
MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.
- Written by Abdul Haseeb Jehangir
- Posted on 3月 12, 2020
- Updated on 11月 20, 2024
- 11646 Views
Mirror on drop is a network visibility feature which allows monitoring of MPLS or IP flow drops occurring in the ingress pipeline. When such a drop is detected, it is sent to the control plane where it is processed and then sent to configured collectors. Additionally, CLI show commands provide general and detailed statistics and status.
- Written by Shamit Kapadia
- Posted on 9月 30, 2015
- Updated on 1月 31, 2024
- 10695 Views
In an MLAG setup, routing on a switch (MLAG peer) is possible using its own bridge/system MAC, VARP MAC or VRRP MAC. When a peer receives an IP packet with destination MAC set to one of the aforementioned MACs, the packet gets routed if the hardware has enough information to route the packet. Before introducing this feature, if the destination MAC is peer’s bridge MAC, the packet is L2 bridged on the peer-link and the routing takes place on the peer. This behavior to use the peer-link to bridge the L3 traffic to the peer is undesirable especially when the MLAG peers can route the packets themselves.
- Written by Adrian Fettes
- Posted on 2月 6, 2024
- Updated on 2月 9, 2024
- 3132 Views
This feature allows packets from MPLS and non MPLS flows with the same source and destination IP addresses to be hashed to the same output lag member in tap aggregation mode.
- Written by Wade Carpenter
- Posted on 8月 16, 2018
- Updated on 5月 22, 2024
- 8198 Views
IP traceroute and path MTU (PMTU) discovery both require that routers send ICMP reply messages to the host that invokes each network function. When the route to the destination host traverses an MPLS label-switched path (LSP), the label switching routers (LSRs) will also need to send ICMP reply messages to the originating host.
- Written by Ben May
- Posted on 2月 1, 2024
- Updated on 2月 1, 2024
- 3385 Views
This can be done with multiple groups today, as long as we have enough unique group entries in hardware. In the absence of this configuration ( default behavior ), bridged traffic will be assigned to the default VRF and policies of default VRF will be applied to bridged traffic. With this feature, bridged traffic is never subject to MSS-G configuration.
- Written by Diego Asturias
- Posted on 1月 30, 2024
- Updated on 11月 13, 2024
- 4087 Views
MultiAccess is an FPGA-based feature available on certain Arista 7130 platforms. It performs low-latency Ethernet multiplexing with optional packet contention queuing, storm control, VLAN tunneling, and packet access control. The interface to interface latency is a function of the selected MultiAccess profile, front panel interfaces, MultiAccess interfaces, configuration settings, and platform being used.
- Written by Sunil Bojanapally
- Posted on 1月 31, 2024
- Updated on 1月 31, 2024
- 3499 Views
EOS secures the communication between EOS router instances using IPsec by employing control plane protocol Internet Key Exchange(IKEv1/IKEv2) and data plane protocol ESP(IPsec SA). IKE and IPsec Security Association(SA) use policies to ensure secure communication.
- Written by Niranjan Mahabaleshwar
- Posted on 2月 12, 2024
- Updated on 2月 12, 2024
- 3196 Views
EOS allows the generation of the following SSH keys, which can be used as host keys with default names.
- Written by Sahul Sirpa
- Posted on 1月 31, 2024
- Updated on 1月 31, 2024
- 3387 Views
Support for egress IPv6 PACLs without using packet recirculation. The matching of ACLs can be done on routed packets, and the ACL can be applied to Front Panel Ports ( FPPs ), and also the match criteria in ACL rules are restricted to ipv6-next-header, and dscp ( traffic-class ).
- Written by Chris Roche
- Posted on 12月 12, 2024
- Updated on 12月 12, 2024
- 143 Views
An OSPF router can attract all traffic towards itself from within the OSPF network, by advertising a default route. Often it is desirable to set a route tag in this default route. This feature will add a CLI parameter to default-information originate that allows an external route tag to be set on the default route for both unconditional and conditional modes.
- Written by Ishwar Biliya
- Posted on 2月 15, 2024
- Updated on 2月 15, 2024
- 3154 Views
Currently, in EOS Macsec, padding of partial keys internally prepends both the CAK and CKN hex strings with 0s to satisfy the requirement of Key Derivation Function.This feature allows users to configure the zero padding to either prepend or append the pre-shared CAK/CKN configured in mac security profile. In general, full length CAK/CKN are recommended to be configured. However, this CLI knob can be used in case of configuration of partial CAK/CKN results into issues with derived keys between the peers. Note that the CKN advertised in MACsec control frames will still be without any padding, even when partial CKN is configured.
- Written by Shubham Jangid
- Posted on 11月 9, 2021
- Updated on 10月 8, 2024
- 7207 Views
Policing is typically done on the L2 packet size - that is, the size on the wire, excluding the Preamble, Start Frame Delimiter (SFD), and Interpacket Gap (IPG). To ensure that the policer polices the right amount of L2 packet size, a default packet size adjustment is configured, which is deducted from the size seen on wire. The default packet size adjustment corrects the size observed for every traffic type, except for L3 traffic on DCS-7280R, DCS-7280R2, DCS-7500R, and DCS-7500R2 series (see Description part for details).
- Written by Kaustubh Pimparkar
- Posted on 1月 24, 2024
- Updated on 1月 24, 2024
- 3552 Views
One of the primary functions of a switch is to forward packets to the correct next hop. This necessitates knowing the unique MAC addresses of all connected hosts and switches to a network interface. In dynamic environments like campus networks, the hosts often come and go, which means the number of connected hosts that the switch knows about expands continuously. Therefore, it becomes necessary to have a mechanism for the switch to eventually discard information about MAC addresses that are no longer active in the network.
- Written by Neeraj Joseph
- Posted on 4月 23, 2018
- Updated on 10月 17, 2024
- 8392 Views
The PHY test pattern CLI can be used to check the quality of the physical layer for an Ethernet interface. This is done by
- Written by Gokul Unnikrishnan
- Posted on 3月 1, 2024
- Updated on 12月 12, 2024
- 3156 Views
The purpose of this feature is to mitigate multicast traffic loss when a switch that is using PIM sparse mode as its multicast routing protocol is going under maintenance.
- Written by Ethan Vadai
- Posted on 3月 6, 2020
- Updated on 3月 14, 2024
- 17520 Views
Policy-based routing (PBR) is a feature that is applied on routable ports, to preferentially route packets. Forwarding is based on a policy that is enforced at the ingress of the applied interface and overrides normal routing decisions. In addition to matches on regular ACLs, PBR policy-maps can also include “raw match” statements that look like a single entry of an ACL as a convenience for users.
- Written by Tom Meng
- Posted on 6月 21, 2021
- Updated on 1月 25, 2024
- 8277 Views
Power over Ethernet (PoE) is a way of delivering power and data over the same Ethernet wires. There have been multiple IEEE standards for PoE over the years:
- Written by Tanuj Kumar Jhamb
- Posted on 2月 6, 2024
- Updated on 2月 7, 2024
- 3288 Views
WRED ( Weighted Random Early Detection ) is one of the congestion management techniques. It works at queue level to drop ECN capable and non ECN capable traffic randomly after reaching the given queue threshold even before the queue is full.