• Author : Lavanya


Service Accounts (Beta)

Overview Service accounts allow access to our APIs in a controlled manner from CloudVision. Authentication tokens can be created for service accounts that allow authentication to our APIs. A Service Account is essentially a user, except that instead of logging in, we generate credentials for the service account. The service account token credential authenticates a connection as a service account. Usage The token can be used to authenticate any connection to the apiserver, that is: HTTPS/REST, websocket, and GRPC. For websocket/REST APIs, attach the token as a cookie or using the Authorization header. Examples: curl -b access_token=${TOKEN} ... curl -H...
Continue reading →

CloudVision 2020.3.0 Release TOIs

Custom Syslog Events Service Accounts Global Flow Visibility Dashboard Endpoint Search Omnibox for in-product search Updates to Flow Visibility in Topology View Data Disk Autoresize Updated resource requirements for CVP RPM installer

CloudVision 2020.1.0 Release TOIs

Key highlights for the CloudVision Portal release 2020.1.0 are: An updated UI with improved fonts, vibrant colors and consistent navigation Topology View Enhancements – Support for VxLAN tunnel discovery, Cloud Manual topology Layouts Events – Network Constraint Events, CloudTracer events Search (Beta) – Addition of IP address search Enhanced Search in Flow Analytics (Beta) vMotion support for multi-node cluster CVP release 2020.1.0 supports host-to-host vMotion for a multi-node cluster. It is recommended to use vMotion to migrate one node at a time in a multi-node deployment. It should be only performed if all components are up and running. It is...
Continue reading →

CloudVision Portal 2019.1.0 TOIs

The key highlights for the 2019.1.0 release are: New Change Control Workflow – The new change control workflow presents users with a customizable workflow for executing changes with built in and custom actions.The config guide captures the workflow details and the following TOIs covers the specific actions that can be carried out as actions in the workflow. BGP Maintenance Mode and MLAG ISSU Change control actions Change Control Script Actions Change Control API Topology Views – Ability to visualize VLAN segments, Active device and link events and support for visualizing link level metrics from third party devices. Details for each...
Continue reading →

CloudVision Portal 2018.2.3 TOI

The key highlights for the 2018.2.3 release are: Compliance dashboard – A dashboard to provide not just image and configuration compliance but also a proactive assessment for exposure to software defects and security vulnerabilities. Further details are documented in the CloudVision User Guide. VXLAN section in the Devices displaying VNI status and the remote mac address table Support for one-time passwords and multi-factor authentication Safety checks for configuration and image push CVPI status and failover improvements CVP RMA Improvements RPM based install for CloudVision Portal Support for one-time passwords and multi factor authentication This note explains how to configure CVP...
Continue reading →

CloudVision Portal 2018.2.1

CloudVision Portal release 20182.2.1 highlights: vEOS Router provisioning in public clouds Ability to remove inactive devices from inventory view Devices that have an inactive streaming state can now be decommissioned from the UI To decommission a device, click on the inactive device in the device view and use the ‘Decommission Device’ button to remove the device from the inventory. Metrics explorer to discover underlying paths for metrics This release introduces metrics explorer that enables users to find which state is being used for a given metric displayed by the UI Navigate to Metrics Explorer from the Telemetry Settings page Click...
Continue reading →

CloudVision Portal 2018.2.0

The major feature highlights for CVP release 2018.2.0 are: – Network Topology Visualization with traffic overlays for quickly identifying hotspots. Further documentation is available in the CloudVision Configuration Guide – Continuous snapshots for real time monitoring of devices during change controls – Event Alerts for integration common alerting and messaging platforms. Configuring supported email and chat based services are documented in the CloudVision Configuration Guide. Documentation for custom integration with webhooks is available here. – Automated backups with CVPI Before upgrading to 2018.2.0, please refer to the release notes to review major changes in this release and considerations and expectations...
Continue reading →

TapAgg support on MACsec linecards

Introduction Media Access Control Security (MACsec) is an industry standard security technology that provides secure communication for all traffic on Ethernet links. As of EOS 4.20.5F for Arista 7500 lines of switches, users of the tap aggregation features can benefit from using MacSec on tap/tool ports on MacSec capable line cards. Users can use MACsec to secure the communications between their tap/tool ports and ports from other switches which may not necessary be a TapAgg equipment. Enabling MACsec on a port puts it into an “unauthorized” state. Then the interface will not be forwarding any traffic until the MACsec peers successfully complete the MACsec Key Agreement (MKA) procedures. Once...
Continue reading →

EVPN IRB with Vxlan Underlay

EVPN Integrated Routing and Bridging (IRB) with VXLAN In the traditional data center design, inter-subnet forwarding is provided by a centralised router, where traffic traverses across the network to a centralised routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.   To provide a more optimal forwarding model and avoid traffic tromboning, the EVPN inter-subnet draft (draft-sajassi-l2vpn-evpn-inter-subnet-forwarding) proposes integrating the routing and bridging (IRB) functionality directly onto the VTEP, thereby allowing the routing operation to occur as close to the...
Continue reading →

MP BGP for v4 multicast

Introduction The feature MP-BGP Multicast provides a way to populate the MRIB (Multicast Routing Information Base). MRIB is an alternate routing table used in PIM’s RPF (Reverse Path Forwarding) lookup. Up until now, there was only one way to populate the routes in the MRIB. Users can add a static route into the MRIB via the ip mroute or rpf route command under router multicast ipv4 or ipv6. With BGP support for multicast SAFI, users can advertise multicast static routes and connected routes to other PIM routers. These routes learned via BGP are stored in the MRIB.   While selecting...
Continue reading →

CloudVision Portal 2017.2.0 – TOI

CloudVision Portal release 2017.2.0 introduces support for the network-wide Telemetry framework consisting of the following components: NetDB based State Streaming CloudVision Analytics Engine CloudVision Telemetry Application Deployment and Configuration State Streaming deployment details: Minimum supported EOS version for state streaming is 4.17.3F EOS version 4.19 and later are not supported in this release but will be supported in the next release The latest version of state streaming (v0.19.5) is bundled with CVP 2017.2.0 as an extension that can be deployed on supported EOS versions Configuration required to enable state streaming on EOS devices is packaged in this release as a...
Continue reading →

7050QX-32S Port Renumbering

Starting EOS release 4.15.2F, the ability to re-number front-panel ports of 7050QX-32S is supported.   1) By default, 7050QX-32S front panel ports are numbered in the following way:   SFPs : 1 – 4 QSFPs: 5/1 – 36   2) Following configuration/show CLI commands have been introduced to change/view port numbering:   boot port numbering qsfp dense              Above command, after user chooses to proceed, will erase startup-config, reboot the switch,            and upon reboot, after the switch comes out of ZTP mode, the ports will be numbered like this:      ...
Continue reading →

L3 sub-interface counters

Sub-interface counters provide ability to count packets and bytes incoming and outgoing on L3 sub-interfaces. This feature is available on supported platforms starting 4.15.2F. Platform compatibility DCS-7280E DCS-7500E Configuration Configure the counter engine for sub-interface counters to be supported. Arista(config)#hardware counter feature subinterface in Status Show Commands show hardware counter feature subinterface Shows the status of sub-interface counters on the system Arista#show hardware counter feature show interfaces counters [ incoming | outgoing | rates ] Shows counters for all the interfaces. EOS-4.15.2F onwards, this will include sub-interface counters as well if enabled. Arista#show interface counters Port InOctets InUcastPkts InMcastPkts InBcastPkts Et1 256 16...
Continue reading →

Unidirectional links

Unidirectional links is a feature that configures an Ethernet interface transmit and receive paths to be independent. Specifically, the transmit path can be up or down independent of the receive path being up or down.  EOS-4.15.2F introduced unidirectional link support on 100G links with DCS-7280E and DCS-7500E series hardware. Starting in EOS-4.24.2F, unidirectional link support is enabled on DCS-7280R3, DCS-7500R3, and DCS-7800R3 series hardware.  There are 3 unidirectional link modes: send-only, receive-only, and send-receive. In send-only mode, the interface can only send packets but cannot receive any packet. In receive-only mode, the interface can only receive packets but cannot send...
Continue reading →

VMTracer enhancements

As of EOS-4.15.2F, VM Tracer adds support for VMware NSX-V. This includes supporting NSX-V specific features, improved integration of NSX-V and VMware vShield Manager within core VM Tracer commands, and improved consistency of CAPI models provided by VM Tracer. EOS-4.15.2F also adds the ability to filter some output using a user-provided VM MAC address. Status show vmtracer vm The show vmtracer vm and show vmtracer vm detail command can be used to display VM interfaces accessible to VmTracer-enabled switch interfaces. It is possible to filter on either VM name or VNic MAC address which produces output in the detailed format produced by show vmtracer vm detail....
Continue reading →

Filtered Mirroring of MPLSoGRE Packets

MPLSoGRE Filtered Mirroring is a specialized version of Mirroring to GRE Tunnel and Filtered Mirroring in which IPv4oMPLSoGRE and IPv6oMPLSoGRE packets entering a GRE tunnel endpoint on which an MPLS lookup is performed may also be be selected for mirroring based on the destination IP address field in the inner IPv4 or IPv6 header. Packets selected for mirroring will have the following header format: The packets described above when forwarded based on either the L2 or outer L3 header destination address will not be subject to mirroring. When mirroring to a GRE tunnel, the payload of the outgoing GRE packet...
Continue reading →

EOS-4.18.2F Release – Transfer of Information

Arista Platform Independent Features BFD SSO Arista 7500E/7280E/7500R/7280R Features SNMP MIB for nexthop-group counters Filtered Mirroring of MPLSoGRE packets For a complete list of supported features on these platforms, please refer to the Supported Feature Matrix.

Tap Aggregation – Caveats and Limitations

Caveats and Limitations Platform List DCS-7280E/R series DCS-7500E/R series Truncation Truncation Size: Truncation size is not available per interface. Available only as a system-level configuration. The only truncation size currently supported is 169 bytes. Starting from EOS-4.20.5F, this limitation applies only for egress (Tool port) truncation. Tap ports can be configured independently to an arbitrary truncation size. Note: if both ingress and egress truncation are configured for a packet stream, and ingress truncation size is larger than egress truncation size then the packet will be truncated only once and the resulting packet will have the size configured on the Tap...
Continue reading →

SVI blocking for RACLs

When configuring or modifying a RACL applied to a VLAN interface, the VLAN will be blocked while applying the updated RACL.  This will prevent inconsistent forwarding of traffic to or from the VLAN interface while the RACL is being modified.  As with ACLs applied to ports, the default blocking behavior can be overridden using the hardware access-list update default-result permit command. Platform compatibility 7010T 7050Q 7050S 7050T 7050QX 7050SX 7050TX 7060CX 7060CX2 7250QX 7260CX 7260QX 7304 7308 7316 Configuration This feature is the default behavior for ACL configuration. In order to prevent any traffic from being dropped during RACL configuration...
Continue reading →

Overlay IPv6 routing over VXLAN

Overlay IPv6 routing over VXLAN Tunnel is simply routing IPv6 packets in and out of VXLAN Tunnels, similar to VXLAN overlay IPv4 routing. Underlay ( Outer IP Header ) in VXLAN still uses IPv4, and common for both overlay IPv4 and IPv6 . Hence VXLAN configuration remains exactly same for both IPv4 and IPv6 overlay routing support. This feature enables IPv6 networks/hosts get connected through VXLAN Tunnels. Following figure illustrates IPv6 routing followed by VXLAN encapsulation to reach a remote host across the VXLAN tunnel.   Following figure illustrates VXLAN decapsulation and routing of an IPv6 packet. Platform compatibility DCS-7050X DCS-7060X DCS7260X DCS-7050X2 DCS-7250X DCS-7304 / DCS-7308 /...
Continue reading →


Get every new post on this blog delivered to your Inbox.

Join other followers: