• Author : Lavanya

 
 

CloudVision Portal 2018.2.3 TOI

The key highlights for the 2018.2.3 release are: Compliance dashboard – A dashboard to provide not just image and configuration compliance but also a proactive assessment for exposure to software defects and security vulnerabilities. Further details are documented in the CloudVision User Guide. VXLAN section in the Devices displaying VNI status and the remote mac address table Support for one-time passwords and multi-factor authentication Safety checks for configuration and image push CVPI status and failover improvements CVP RMA Improvements Support for one-time passwords and multi factor authentication This note explains how to configure CVP when using Multi-Factor Authentication (MFA) and...
Continue reading →

CloudVision Portal 2018.2.1

CloudVision Portal release 20182.2.1 highlights: vEOS Router provisioning in public clouds Ability to remove inactive devices from inventory view Devices that have an inactive streaming state can now be decommissioned from the UI To decommission a device, click on the inactive device in the device view and use the ‘Decommission Device’ button to remove the device from the inventory. Metrics explorer to discover underlying paths for metrics This release introduces metrics explorer that enables users to find which state is being used for a given metric displayed by the UI Navigate to Metrics Explorer from the Telemetry Settings page Click...
Continue reading →

CloudVision Portal 2018.2.0

The major feature highlights for CVP release 2018.2.0 are: – Network Topology Visualization with traffic overlays for quickly identifying hotspots. Further documentation is available in the CloudVision Configuration Guide – Continuous snapshots for real time monitoring of devices during change controls – Event Alerts for integration common alerting and messaging platforms. Configuring supported email and chat based services are documented in the CloudVision Configuration Guide. Documentation for custom integration with webhooks is available here. – Automated backups with CVPI Before upgrading to 2018.2.0, please refer to the release notes to review major changes in this release and considerations and expectations...
Continue reading →

TapAgg support on MACsec linecards

Introduction Media Access Control Security (MACsec) is an industry standard security technology that provides secure communication for all traffic on Ethernet links. As of EOS 4.20.5F for Arista 7500 lines of switches, users of the tap aggregation features can benefit from using MacSec on tap/tool ports on MacSec capable line cards. Users can use MACsec to secure the communications between their tap/tool ports and ports from other switches which may not necessary be a TapAgg equipment. Enabling MACsec on a port puts it into an “unauthorized” state. Then the interface will not be forwarding any traffic until the MACsec peers successfully complete the MACsec Key Agreement (MKA) procedures. Once...
Continue reading →

EVPN IRB with Vxlan Underlay

EVPN Integrated Routing and Bridging (IRB) with VXLAN In the traditional data center design, inter-subnet forwarding is provided by a centralised router, where traffic traverses across the network to a centralised routing node and back again to its final destination. In a large multi-tenant data center environment this operational model can lead to inefficient use of bandwidth and sub-optimal forwarding.   To provide a more optimal forwarding model and avoid traffic tromboning, the EVPN inter-subnet draft (draft-sajassi-l2vpn-evpn-inter-subnet-forwarding) proposes integrating the routing and bridging (IRB) functionality directly onto the VTEP, thereby allowing the routing operation to occur as close to the...
Continue reading →

MP BGP for v4 multicast

Introduction The feature MP-BGP v4 Multicast provides a way to populate the MRIB (Multicast Routing Information Base). MRIB is an alternate routing table used in PIM’s RPF (Reverse Path Forwarding) lookup. Up until now, there was only one way to populate the routes in the MRIB. Users can add a static route into the MRIB via the ip mroute command. With BGP support for multicast SAFI in EOS 4.20.1F, users can advertise multicast static routes and connected routes to other PIM routers. These routes learned via BGP are stored in the MRIB. Additionally, users should be aware that the RPF...
Continue reading →

CloudVision Portal 2017.2.0 – TOI

CloudVision Portal release 2017.2.0 introduces support for the network-wide Telemetry framework consisting of the following components: NetDB based State Streaming CloudVision Analytics Engine CloudVision Telemetry Application Deployment and Configuration State Streaming deployment details: Minimum supported EOS version for state streaming is 4.17.3F EOS version 4.19 and later are not supported in this release but will be supported in the next release The latest version of state streaming (v0.19.5) is bundled with CVP 2017.2.0 as an extension that can be deployed on supported EOS versions Configuration required to enable state streaming on EOS devices is packaged in this release as a...
Continue reading →

7050QX-32S Port Renumbering

Starting EOS release 4.15.2F, the ability to re-number front-panel ports of 7050QX-32S is supported.   1) By default, 7050QX-32S front panel ports are numbered in the following way:   SFPs : 1 – 4 QSFPs: 5/1 – 36   2) Following configuration/show CLI commands have been introduced to change/view port numbering:   boot port numbering qsfp dense              Above command, after user chooses to proceed, will erase startup-config, reboot the switch,            and upon reboot, after the switch comes out of ZTP mode, the ports will be numbered like this:      ...
Continue reading →

L3 sub-interface counters

Sub-interface counters provide ability to count packets and bytes incoming and outgoing on L3 sub-interfaces. This feature is available on supported platforms starting 4.15.2F. Platform compatibility DCS-7280E DCS-7500E Configuration Configure the counter engine for sub-interface counters to be supported. Arista(config)#hardware counter feature subinterface in Status Show Commands show hardware counter feature subinterface Shows the status of sub-interface counters on the system Arista#show hardware counter feature show interfaces counters [ incoming | outgoing | rates ] Shows counters for all the interfaces. EOS-4.15.2F onwards, this will include sub-interface counters as well if enabled. Arista#show interface counters Port InOctets InUcastPkts InMcastPkts InBcastPkts Et1 256 16...
Continue reading →

100G unidirectional links

Starting 4.15.2F, this feature provides a capability to use a 100G link as a unidirectional link. There are 3 unidirectional link modes: send-only, receive-only, and send-receive. In send-only mode, the interface can only send packets but cannot receive any packet. In receive-only mode, the interface can only receive packets but cannot send any packet. In send-receive mode, the interface can both send and receive packets. However, the interface sends packets to one partner interface but receives packets from a completely different partner interface. In unidirectional link modes, any protocol that requires two-ways interactions on the link will not work properly....
Continue reading →

VMTracer enhancements

As of EOS-4.15.2F, VM Tracer adds support for VMware NSX-V. This includes supporting NSX-V specific features, improved integration of NSX-V and VMware vShield Manager within core VM Tracer commands, and improved consistency of CAPI models provided by VM Tracer. EOS-4.15.2F also adds the ability to filter some output using a user-provided VM MAC address. Status show vmtracer vm The show vmtracer vm and show vmtracer vm detail command can be used to display VM interfaces accessible to VmTracer-enabled switch interfaces. It is possible to filter on either VM name or VNic MAC address which produces output in the detailed format produced by show vmtracer vm detail....
Continue reading →

Filtered Mirroring of MPLSoGRE Packets

MPLSoGRE Filtered Mirroring is a specialized version of Mirroring to GRE Tunnel and Filtered Mirroring in which IPv4oMPLSoGRE and IPv6oMPLSoGRE packets entering a GRE tunnel endpoint on which an MPLS lookup is performed may also be be selected for mirroring based on the destination IP address field in the inner IPv4 or IPv6 header. Packets selected for mirroring will have the following header format: The packets described above when forwarded based on either the L2 or outer L3 header destination address will not be subject to mirroring. When mirroring to a GRE tunnel, the payload of the outgoing GRE packet...
Continue reading →

EOS-4.18.2F Release – Transfer of Information

Arista Platform Independent Features BFD SSO Arista 7500E/7280E/7500R/7280R Features SNMP MIB for nexthop-group counters Filtered Mirroring of MPLSoGRE packets For a complete list of supported features on these platforms, please refer to the Supported Feature Matrix.

Tap Aggregation – Caveats and Limitations

Caveats and Limitations Platform List DCS-7280E/R series DCS-7500E/R series Truncation Truncation Size: Truncation size is not available per interface. Available only as a system-level configuration. The only truncation size currently supported is 169 bytes. Starting from EOS-4.20.5F, this limitation applies only for egress (Tool port) truncation. Tap ports can be configured independently to an arbitrary truncation size. Note: if both ingress and egress truncation are configured for a packet stream, and ingress truncation size is larger than egress truncation size then the packet will be truncated only once and the resulting packet will have the size configured on the Tap...
Continue reading →

SVI blocking for RACLs

When configuring or modifying a RACL applied to a VLAN interface, the VLAN will be blocked while applying the updated RACL.  This will prevent inconsistent forwarding of traffic to or from the VLAN interface while the RACL is being modified.  As with ACLs applied to ports, the default blocking behavior can be overridden using the hardware access-list update default-result permit command. Platform compatibility 7010T 7050Q 7050S 7050T 7050QX 7050SX 7050TX 7060CX 7060CX2 7250QX 7260CX 7260QX 7304 7308 7316 Configuration This feature is the default behavior for ACL configuration. In order to prevent any traffic from being dropped during RACL configuration...
Continue reading →

Overlay IPv6 routing over VXLAN

Overlay IPv6 routing over VXLAN Tunnel is simply routing IPv6 packets in and out of VXLAN Tunnels, similar to VXLAN overlay IPv4 routing. Underlay ( Outer IP Header ) in VXLAN still uses IPv4, and common for both overlay IPv4 and IPv6 . Hence VXLAN configuration remains exactly same for both IPv4 and IPv6 overlay routing support. This feature enables IPv6 networks/hosts get connected through VXLAN Tunnels. Following figure illustrates IPv6 routing followed by VXLAN encapsulation to reach a remote host across the VXLAN tunnel.   Following figure illustrates VXLAN decapsulation and routing of an IPv6 packet. Platform compatibility DCS-7050X DCS-7060X DCS7260X DCS-7050X2 DCS-7250X DCS-7304 / DCS-7308 /...
Continue reading →

OpenStack Enhancements

This release introduces enhancements to the CloudVision eXchange and OpenStack integration. The following features were added as part of this release: OpenStack Ironic Integration OpenStack Keystone v3 support OpenStack DVR support OpenStack Ironic Integration Through OpenStack Ironic integration with Neutron, it is possible to provision bare metal servers that are attached to Arista switches and connect them to tenant networks. All of the features that Arista supports for provisioning networks for VMs is extended to bare metal servers. This includes automatic VLAN-to-VNI mapping and Hierarchical Port Binding. Security groups can be applied as ACLs on switch interfaces connected to bare...
Continue reading →

IPv6 Support for Decap Groups

The document describes an extension of the decap group feature, that allows IPv6 addresses to be configured and used as part of a group. IP-in-IP packets with v6 destination matching a configured decap group IP will be decapsulated and forwarded based on the inner header. That will allow any IP-to-IP packet type to be decapsulated, i.e. v4 in v4, v4 in v6, v6 in v4 and v6 in v6. Platform compatibility DCS-7050X DCS-7500X DCS-7260X DCS-7500R DCS-7500E DCS-7280R DCS-7280E Configuration Configuration is similar to IPv4-only decap group. Additional option of configuring IPv6 address is now available after the “decap-ip” keyword. If...
Continue reading →

EVPN extension to BGP using VXLAN

Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers within a tunnel [1]. In EOS 4.18.1F VXLAN tunnel support was introduced [2]. The available features are: Single-homing L2 routes (EVPN type 2 and type 3), with MLAG used as the L2 multi-homing solution. Multi-homing L2 routes (EVPN type 1 and type 2) are received and installed, with up to two all-active remote paths per destination (additional paths...
Continue reading →

Coherent Modulation Formats and 7500R-8CFPX-LC

The 7500R-8CFPX-LC linecard with ACO CFP2 optics provides connectivity over DWDM systems and links. 7500R-8CFPX-LC currently only supports connections to other 7500R-8CFPX-LC linecards. 7500R-8CFPX-LC when used with Linear CFP2-ACO supports three modulation formats allowing three different combinations of reach and data rate as required by the application. Enhancements for 7500R-8CFPX-LC Modulation Formats Capabilities The show interfaces capabilities command has been enhanced to show the available modulations for coherent interfaces. Arista#show interfaces Ethernet4/1/1-4/2/1 capabilities Ethernet4/1/1 Model: 7500R-8CFPX-LC Type: 100G-DWDM-E Speed/Duplex: 100G/full(default) Flowcontrol: rx-(off,on),tx-(off) Error Correction: Reed-Solomon: 100G Modulation: DP-QPSK,8QAM,16QAM(default) Ethernet4/1/2 Model: 7500R-8CFPX-LC Type: 100G-DWDM-E Speed/Duplex: 100G/full(default) Flowcontrol: rx-(off,on),tx-(off) Error Correction: Reed-Solomon:...
Continue reading →