EOS 4.32.2F TOI

802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.

The AGM for ECMP feature allows monitoring the number of packets and bytes going through each members of the configured ECMP groups on the system, with a high time resolution. Once enabled, the feature will collect data for the specified duration, write it to the specified files on the system’s storage, then stop.

BGP inbound update processing delay is a feature in EOS where an optional delay is applied prior to processing inbound UPDATE messages from a peer(s). The duration of the delay is configurable per peer. The delay is applied to UPDATE messages for all the address families that are negotiated with the peer. The delay timer starts when the peer becomes established. The routes from such peers are processed only after the timer expires. Any routes received after the timer expired are processed as usual without the delay. Both the default VRF and non-default VRFs are supported.

When a core router has competing advertisements for the same prefix from various PEs, the local edge route should be selected as the best path based on the IGP metric of the resolving routes of those competing advertisements. Without the support mentioned in this TOI, when a BGP route has two or more levels of recursion, the BGP process does not utilize the IGP distance in the route selection process. 

Class Based Forwarding (CBF) provides a means for forwarding traffic through selected tunnels based on the traffic class of the incoming packet. Starting 4.32.2F CBF supports forwarding MPLS labeled traffic based on the EXP value in the incoming packet or the internal traffic class (TC) resolved from the parameters of the packet (e.g TC derived from EXP bits combined with port trust mode). Here, EXP bits refer to the Experimental bits in the MPLS header.

This feature allows the user to reset the forward error correction (FEC) statistics counters shown in the output of

Cluster Load Balancing is a feature designed to ensure optimal load balancing of flows used as part of GPU based cluster communication. When this feature is enabled, a TOR router monitors RoCE traffic flowing between the GPU servers and spine uplinks and ensures optimal load balancing in the network.

This feature can be used to customize hardware reported transceiver DOM thresholds to uniformize part-to-part differences in various parameter thresholds.

This document describes the configuration and behavior of physical interfaces on the DCS-7060X6-series switches including: Speed, Forward Error Correction (FEC), FEC histograms, Logical ports, Precoding, Transceiver Online Insertion and Removal (OIR).

The feature allows to create a named TC to DSCP mapping that can be applied on an interface.DSCP of routed packets egressing out of the interface will be rewritten according to the map.

The FEC (Forward Error Correction) traffic analyzer is designed to estimate the performance of the FEC layer, identify error statistics, and the source of correlated errors on physical interfaces.

Filtered mirroring allows certain packets to be selected for mirroring, rather than all packets ingressing or egressing a mirror source port.

This feature provides a way to distinguish groups of flows within encrypted GRE tunnels. That enables downstream forwarding devices to process multiple flows in parallel while maintaining packet order within individual flows. Parallel processing offers the opportunity for significant aggregate throughput improvement.

Flow control is a data transmission option that temporarily stops a device from sending data because of a peer data overflow condition. If a device sends data faster than the receiver can accept it, the receiver's buffer can overflow. The receiving device then sends a PAUSE frame, instructing the sending device to halt transmission for a specified period.

Forced periodic ARP refresh adds support for a mechanism that allows forcing ARP/NDP refresh requests to be sent in periodic intervals independently of ARP/NDP entries' confirmed time in the kernel. By default, when a neighbor entry gets confirmed by various processes such as ARP synchronization between MLAG peers, an ARP refresh request is not sent for at least another duration of ARP aging timeout (or ND cache expiry time for the IPv6 case). This feature provides support for a configuration to force sending refresh requests at the configured ARP/ND aging timeout regardless of the last confirmed time.

Generic UDP Encapsulation (GUE) is a general method for encapsulating packets of arbitrary IP protocols within a UDP tunnel. GUE provides an extensible header format with optional data. In this release, decap capability of GUE packets of variant 1 header format has been added. This variant allows direct encapsulation using the UDP header without the GUE header. The inner payload could be one of IPv4, IPv6, or MPLS.

The EOS implementation of OSPF uses an alternate Area Border Router (ABR) behavior. This is implemented as an optimization over the standard OSPF so that the packets would not be dropped when a router loses Active backbone connection which could otherwise be successfully forwarded. As per this new behavior, when an ABR loses active backbone connection, it is allowed to consider summary-lsa from non-backbone area during SPF calculation and the subsequent route installation process thus ensuring improved connectivity. The EOS implementation of OSPFv3 also inherits the same behavior.

For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency, queue and congestion information for flows at different times. The inband telemetry feature(INT), based on Inband Flow Analyzer RFC draft -IFA 2.0 and IFA 1.0(on some platforms) , is used to gather per flow telemetry information like path, per hop latency and congestion. INT is supported for both IPv4 and IPv6 traffic.

This feature allows the logging of the packets matching rules in ingress ACLs. This behavior can be enabled by using the log keyword when configuring an ACL rule. A copy of the packet matching those ACL rules is sent to the control plane, where a syslog entry of the packet header is being generated.

PKI (Public Key Infrastructure) is a certificate based authentication solution for IPsec protocol.

The ‘clear isis instance’ command can be used to reset the ISIS instance that is running. All ISIS instance and interface states will be cleared and re-initialized from the configuration so that ISIS rediscovers neighbors and reconverges the different instances in the ISIS routing tables.

Normally, a switch traps L2 protocol frames to the CPU. However, certain use-cases may require these frames to be forwarded or dropped. And in cases where the L2 protocol frames are forwarded (eg: Pseudowire), we may require the frames to be trapped to the CPU or dropped. The L2 Protocol Forwarding feature provides a mechanism to control the behavior of L2 protocol frames received on a port or subinterface.

A L2 sub-interface is a logical bridging endpoint associated with traffic on an interface distinguished by 802.1Q tags, where each <interface, 802.1q tag> tuple is treated as a first class bridging interface.

This feature is used to connect a Layer 3 EVPN VXLAN network to an Adaptive Virtual Topology (AVT) WAN network using dynamic path selection (DPS) tunnels. One or a pair of WAN routers are configured to serve as the VXLAN gateway. On the control plane, the configured VXLAN gateway handles EVPN IP-PREFIX route exchanges between the VXLAN network and the WAN network. On the data plane, the configured VXLAN gateway decapsulates the VXLAN packets received from the VXLAN network and encapsulates them into the DPS tunnels and sends them to the AVT WAN network. 

MetaWatch is an FPGA-based feature available for Arista 7130 Series platforms. It provides precise timestamping of packets, aggregation and deep buffering for Ethernet links. Timestamp information and other metadata such as device and port identifiers are appended to the end of the packet as a trailer.

Mirroring to a GRE tunnel allows mirrored packets to transit to a L3 network using GRE encapsulation.

This feature allows users to configure L2 subinterfaces on MLAG interfaces. L2 subinterfaces are not supported on the MLAG peer-link.

The intended purpose of this feature is to introduce a server streaming RPC. When a client subscribes to this RPC, they will receive a message anytime there is an update to the hardware programming state of an MPLS route or the Nexthop-Group to which it points to. Note that messages will only be streamed in this RPC callback for versioned MPLS routes that point to versioned nexthop-groups. Messages will not be streamed via this RPC for MPLS routes and Nexthop-Groups that don’t meet this criteria.

This feature adds the support for OSPFv3 multi-site domains (currently this feature is added for IPv6 address family only) described in RFC6565 (OSPFv3 as a Provider to Customer Edge Protocol for BGP/MPLS IP Virtual Private Networks (VPNs) ) and enables routes BGP VPN routes to retain their original route type if they are in the same OSPFv3 domain. Two sites are considered to be in the same OSPFv3 domain if it is intended that routes from one site to the other be considered intra-network routes.

[L2 EVPN] and  [Multicast EVPN IRB] solutions allow for the delivery of customer BUM (Broadcast, Unknown unicast

Configuration of arbitrary combinations of speeds on subinterfaces is being restricted on 800G CMIS Arista transceivers. This feature restricts configuring only uniform sets of speeds on applicable transceivers. This affects Arista-branded 800G active optical transceivers.

We now support configuration diffs to be generated and to be streamed via OpenConfig.  Please note that there are limitations to using this feature to obtain the correct configuration diff of consecutive configuration changes.  Subsequent sections will explain:

This feature allows us to obtain system mount points information via OpenConfig.  The information that can be obtained is equivalent to the information that we view by executing the ‘df -k’ linux command.

Hosts in a branch need to access internet bound services. In traditional deployments, edge routers in branches are connected to the internet via WAN port. To secure the internal network from the internet we have ACLs( Access Control Lists ) to filter the traffic in/out from the WAN port. If we want to filter the traffic into the port we have ingress ACL, egress ACL filters the traffic out of the port. By default, without any ACL configuration present on the WAN port, we accept every traffic coming to the WAN port.

This article is intended to discuss how to configure the Phone VLAN on an Arista switch.

The PHY test pattern CLI can be used to check the quality of the physical layer for an Ethernet interface. This is done by

PIM External Gateways (PEGs) allow an EVPN overlay multicast network to interface with an external PIM domain. They can be used to interconnect two data centers using an external PIM domain in between them.

Precoding is used to help reduce the burst error length of DFE (Decision Feedback Equalizer) error events with PAM-4 modulation

In the BGP Update message’s AS_PATH, routers have the capability to perform route aggregation and combine the ASes an update has traversed, merging the discrete entries into an  AS_SET. Routers can also do this within the local confederation with member AS numbers, using an AS_CONFED_SET. Route aggregation can be problematic as it blurs the semantics of what it means to originate a route. RFC 6472 recommends not using AS_SET or AS_CONFED_SET in BGP, and further justifies reasoning as to why, as well as provides a recommended way to handle updates with these messages.

When this feature is enabled, responses to gNMI get requests as well as NETCONF get-config responses will contain the default values for YANG leafs if those leafs do not have any other value. This means that where a leaf value would normally be returned in a response, its default value (as defined in the YANG model) will be returned if the leaf does not have any other value assigned to it. Before this change, leafs that had a default value would not have been included in gNMI get responses.

The goal of route prioritization is to improve overall network behavior by ensuring that routes classified as having a higher priority are processed and installed in a timely fashion. Activity for lower priority routes must not significantly delay high priority route processing. For example, when a network event affects a large number of BGP routes causing them to be reprogrammed, the programming of an important IGP route that provides underlay connectivity and is affected by a subsequent event should not have to be queued behind the BGP routes. Prioritizing the IGP route programming will improve network convergence. It may also eliminate duplicate work for other routes depending on it.

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.

Routing Control Functions (RCF) is a language that can express route filtering and attribute modification logic in a powerful and programmatic fashion.The document covers: Configurations of a RCF function for BGP points of application

RSVP-TE P2MP LSR adds transit support for Point-to-Multipoint (P2MP) LSPs. Specifically the feature adds protocol support for the transit role as described in RFC 4875.

Network administrators require access to flow information that passes through various network elements, for the purpose of analyzing and monitoring their networks. This feature provides access to IP flow information by sampling traffic flows in ingress and/or egress directions on the interfaces on which it is configured. The samples are then used to create flow records, which are exported to the configured collectors in the IPFIX format. Egress Flow tracking is supported from EOS-4.29.0F on the DCS-7170B-64C series and supported on 7280, 7500 and 7800 series platforms from EOS-4.31.1".

The Dynamic Load Balancing (DLB) feature is currently supported in the DCS-7060 Arista switches in order to provide an alternative to the hash-based ECMP load balancing, which selects the next hop for routed packets using a static hash algorithm. DLB considers the state and quality of the port while assigning egress ports to packets, resulting in a more even flow. The state of each port member is determined by measuring the amount of data transmitted from a given port and the total number of packets enqueued to a given port.

The send support bundle feature adds a new CLI command which creates a ZIP file containing a useful set of logs and

This document describes the support for performing SSH authentication with X.509 certificates. Authentication to SSH can be completed using a number of different methods. Public key, password and keyboard interactive are supported in EOS. Certificate login is a type of public key authentication in which the public key does not have to be stored on the server. Instead trusted certificate authorities are installed. A presented certificate must be signed either directly or indirectly by one of these trusted certificate authorities to allow authentication to the device. Support for OpenSSH certificates (also known as SSH Certificates) was added in 4.22.1F.

Before this feature was introduced, any daemon agent needing to interface with Sysdb for configuration retrieval and status updates had to go through the agent manager within the EOS SDK. Usage of the EOS SDK introduced various ABI issues due to constraints on which compiler, libc and kernel versions the daemon must be built with. This feature offers an alternative mechanism via gRPC, providing more flexibility in how daemon executables are built and used to programmatically interact with and monitor the EOS device.

A traffic storm is a flood of packets entering a network, resulting in excessive traffic and degraded performance. Storm control prevents network disruptions by limiting traffic beyond specified thresholds on individual physical LAN interfaces. Storm control monitors inbound traffic levels over one-second intervals and compares the traffic level with a specified benchmark. The storm-control command configures and enables storm control on the configuration mode physical interface.