• Author : Lavanya

 
 

MSS-G on CVP

Feature description MSS-G or Group-Based Segmentation Security is a security feature that allows users to classify endpoints into segments and define forwarding policies between segments. A given segment contains a set of endpoints that should have identical security properties within the network. Policies are then defined between segments rather than between endpoints, and EOS devices enforce the specified policies in hardware. EOS shipped MSS-G support in 4.25. CVP on-prem support will ship in 2021.2 and requires EOS 4.26.1 or later with a minimum TerminAttr version of 1.16.2. It will also be supported in CVaaS. This support includes a way to...
Continue reading →

DHCP Endpoints in Address Search

This is an expansion of the ‘Endpoint Search’ feature introduced in the Howard Release. For more information on what Endpoint Search is and how to access it, refer to the previous TOI on ‘Endpoint Search’. Searching for DHCP Endpoints This add-on to the Endpoint Search feature can be seen when a user searches for a DHCP device name or a MAC address associated with a DHCP device. A search for the DHCP endpoint can also be accomplished by clicking on one of the MAC Address links to Address Search in the Connected Endpoints table. DHCP devices can be found in...
Continue reading →

CloudVision 2021.2.0 Release TOIs

EAPI over TerminAttr AAA Providers – OAUTH and SAML support Change Control Templates Scheduled Change Control Auto-Execute Change Control DHCP Endpoints in Address Search Topology Flows Inband Telemetry Traffic Flows GreenT/INT support CloudVision Studios User Guide MSS-G Segmentation features on CVP + Forescout integration

CloudVision 2021.1.0 Release TOIs

Features: Configurable DOM Threshold Events Dashboards 802.1X Metrics Aggregated Logs for on-prem CVP Upgrade Checkpointing Network Overlays Topology Tag Filtering Non-Author Approval for Change Control Beta Features (Enabled by a toggle in the Settings page): New Events App Connectivity Monitor with VRF Support Image Management APIs: REST API Examples

802.1X Metrics

802.1X information shows which endpoints have authenticated, are undergoing authentication, or have failed to authenticate to the network. This information is available to view in two locations from CloudVision: the 802.1X page in the Devices application, and the Dashboards application. 802.1X Devices Page The 802.1X page under Devices shows a quick overview of all of the endpoints that have authenticated, are undergoing authentication, or have failed to authenticate with the switch. The left donut shows the total number of endpoints, as well as the counts for each of the authentication status categories underneath: (Success, Failed, Web Auth Start, Waiting, Timeout,...
Continue reading →

Service Accounts (Beta)

Overview Service accounts allow access to our APIs in a controlled manner from CloudVision. Authentication tokens can be created for service accounts that allow authentication to our APIs. A Service Account is essentially a user, except that instead of logging in, we generate credentials for the service account. The service account token credential authenticates a connection as a service account. Usage The token can be used to authenticate any connection to the apiserver, that is: HTTPS/REST, websocket, and GRPC. For websocket/REST APIs, attach the token as a cookie or using the Authorization header. Examples: curl -b access_token=${TOKEN} ... curl -H...
Continue reading →

CloudVision 2020.3.0 Release TOIs

Custom Syslog Events Service Accounts Global Flow Visibility Dashboard Endpoint Search Omnibox for in-product search Updates to Flow Visibility in Topology View Data Disk Autoresize Updated resource requirements for CVP RPM installer

CloudVision 2020.1.0 Release TOIs

Key highlights for the CloudVision Portal release 2020.1.0 are: An updated UI with improved fonts, vibrant colors and consistent navigation Topology View Enhancements – Support for VxLAN tunnel discovery, Cloud Manual topology Layouts Events – Network Constraint Events, CloudTracer events Search (Beta) – Addition of IP address search Enhanced Search in Flow Analytics (Beta) vMotion support for multi-node cluster CVP release 2020.1.0 supports host-to-host vMotion for a multi-node cluster. It is recommended to use vMotion to migrate one node at a time in a multi-node deployment. It should be only performed if all components are up and running. It is...
Continue reading →

CloudVision Portal 2019.1.0 TOIs

The key highlights for the 2019.1.0 release are: New Change Control Workflow – The new change control workflow presents users with a customizable workflow for executing changes with built in and custom actions.The config guide captures the workflow details and the following TOIs covers the specific actions that can be carried out as actions in the workflow. BGP Maintenance Mode and MLAG ISSU Change control actions Change Control Script Actions Change Control API Topology Views – Ability to visualize VLAN segments, Active device and link events and support for visualizing link level metrics from third party devices. Details for each...
Continue reading →

CloudVision Portal 2018.2.3 TOI

The key highlights for the 2018.2.3 release are: Compliance dashboard – A dashboard to provide not just image and configuration compliance but also a proactive assessment for exposure to software defects and security vulnerabilities. Further details are documented in the CloudVision User Guide. VXLAN section in the Devices displaying VNI status and the remote mac address table Support for one-time passwords and multi-factor authentication Safety checks for configuration and image push CVPI status and failover improvements CVP RMA Improvements RPM based install for CloudVision Portal Support for one-time passwords and multi factor authentication This note explains how to configure CVP...
Continue reading →

CloudVision Portal 2018.2.1

CloudVision Portal release 20182.2.1 highlights: vEOS Router provisioning in public clouds Ability to remove inactive devices from inventory view Devices that have an inactive streaming state can now be decommissioned from the UI To decommission a device, click on the inactive device in the device view and use the ‘Decommission Device’ button to remove the device from the inventory. Metrics explorer to discover underlying paths for metrics This release introduces metrics explorer that enables users to find which state is being used for a given metric displayed by the UI Navigate to Metrics Explorer from the Telemetry Settings page Click...
Continue reading →

CloudVision Portal 2018.2.0

The major feature highlights for CVP release 2018.2.0 are: – Network Topology Visualization with traffic overlays for quickly identifying hotspots. Further documentation is available in the CloudVision Configuration Guide – Continuous snapshots for real time monitoring of devices during change controls – Event Alerts for integration common alerting and messaging platforms. Configuring supported email and chat based services are documented in the CloudVision Configuration Guide. Documentation for custom integration with webhooks is available here. – Automated backups with CVPI Before upgrading to 2018.2.0, please refer to the release notes to review major changes in this release and considerations and expectations...
Continue reading →

TapAgg support on MACsec linecards

Introduction Media Access Control Security (MACsec) is an industry standard security technology that provides secure communication for all traffic on Ethernet links. As of EOS 4.20.5F for Arista 7500 lines of switches, users of the tap aggregation features can benefit from using MacSec on tap/tool ports on MacSec capable line cards. Users can use MACsec to secure the communications between their tap/tool ports and ports from other switches which may not necessary be a TapAgg equipment. Enabling MACsec on a port puts it into an “unauthorized” state. Then the interface will not be forwarding any traffic until the MACsec peers successfully complete the MACsec Key Agreement (MKA) procedures. Once...
Continue reading →

EVPN IRB with Vxlan Underlay

EVPN Integrated Routing and Bridging (IRB) with VXLAN In the traditional data center design, inter-subnet forwarding is provided by a centralised router, where traffic traverses across the network to a centralised routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.   To provide a more optimal forwarding model and avoid traffic tromboning, the EVPN inter-subnet draft (draft-sajassi-l2vpn-evpn-inter-subnet-forwarding) proposes integrating the routing and bridging (IRB) functionality directly onto the VTEP, thereby allowing the routing operation to occur as close to the...
Continue reading →

MP BGP for v4 multicast

Introduction The feature MP-BGP Multicast provides a way to populate the MRIB (Multicast Routing Information Base). MRIB is an alternate routing table used in PIM’s RPF (Reverse Path Forwarding) lookup. Up until now, there was only one way to populate the routes in the MRIB. Users can add a static route into the MRIB via the ip mroute or rpf route command under router multicast ipv4 or ipv6. With BGP support for multicast SAFI, users can advertise multicast static routes and connected routes to other PIM routers. These routes learned via BGP are stored in the MRIB.   While selecting...
Continue reading →

CloudVision Portal 2017.2.0 – TOI

CloudVision Portal release 2017.2.0 introduces support for the network-wide Telemetry framework consisting of the following components: NetDB based State Streaming CloudVision Analytics Engine CloudVision Telemetry Application Deployment and Configuration State Streaming deployment details: Minimum supported EOS version for state streaming is 4.17.3F EOS version 4.19 and later are not supported in this release but will be supported in the next release The latest version of state streaming (v0.19.5) is bundled with CVP 2017.2.0 as an extension that can be deployed on supported EOS versions Configuration required to enable state streaming on EOS devices is packaged in this release as a...
Continue reading →

7050QX-32S Port Renumbering

Starting EOS release 4.15.2F, the ability to re-number front-panel ports of 7050QX-32S is supported.   1) By default, 7050QX-32S front panel ports are numbered in the following way:   SFPs : 1 – 4 QSFPs: 5/1 – 36   2) Following configuration/show CLI commands have been introduced to change/view port numbering:   boot port numbering qsfp dense              Above command, after user chooses to proceed, will erase startup-config, reboot the switch,            and upon reboot, after the switch comes out of ZTP mode, the ports will be numbered like this:      ...
Continue reading →

L3 sub-interface counters

Sub-interface counters provide ability to count packets and bytes incoming and outgoing on L3 sub-interfaces. This feature is available on supported platforms starting 4.15.2F. Platform compatibility DCS-7280E DCS-7500E Configuration Configure the counter engine for sub-interface counters to be supported. Arista(config)#hardware counter feature subinterface in Status Show Commands show hardware counter feature subinterface Shows the status of sub-interface counters on the system Arista#show hardware counter feature show interfaces counters [ incoming | outgoing | rates ] Shows counters for all the interfaces. EOS-4.15.2F onwards, this will include sub-interface counters as well if enabled. Arista#show interface counters Port InOctets InUcastPkts InMcastPkts InBcastPkts Et1 256 16...
Continue reading →

Unidirectional links

Unidirectional links is a feature that configures an Ethernet interface transmit and receive paths to be independent. Specifically, the transmit path can be up or down independent of the receive path being up or down. Feature History Release Update 4.15.2F Initial introduction of unidirectional link support on 100G links on DCS-7280E and DCS-7500E Series 4.24.2F Support of DCS-7280R3, DCS-7500R3 and DCS-7800R3 Series 4.26.2F Support of DCS-7170 Overview There are 3 unidirectional link modes: send-only, receive-only, and send-receive. In send-only mode, the interface can only send packets but cannot receive any packet. In receive-only mode, the interface can only receive packets...
Continue reading →

VMTracer enhancements

As of EOS-4.15.2F, VM Tracer adds support for VMware NSX-V. This includes supporting NSX-V specific features, improved integration of NSX-V and VMware vShield Manager within core VM Tracer commands, and improved consistency of CAPI models provided by VM Tracer. EOS-4.15.2F also adds the ability to filter some output using a user-provided VM MAC address. Status show vmtracer vm The show vmtracer vm and show vmtracer vm detail command can be used to display VM interfaces accessible to VmTracer-enabled switch interfaces. It is possible to filter on either VM name or VNic MAC address which produces output in the detailed format produced by show vmtracer vm detail....
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: