• Author : Shyam Kota

 
 

EOS-4.21.0F TOI Index Page

Support for new OpenConfig paths Reload Console Logs Ahost DHCPv6 Snooping Remote-ID (Option-37) Insertion DhcpRelay agent source-address option Dhcpv6 Relay agent Client Link Layer Address PTP Monitoring MPLS Tunnel Support for Traceroute and PMTU Discovery PHY test pattern CLI CLI Command “show interfaces capabilities default” RIB Route Control: FIB Policy BGP Labeled-Unicast (LU) path NH resolution over Tunnel RIB entries IS-IS Clear Command: clear isis neighbor ISIS-SR Global Adj-SID Tap aggregation QoS handling on tap ports Multicast Route Counters Tap Aggregation support per-linecard TCAM profile configuration Qos Policy Map Counter Set TTL for PBRed packets L2 Protocol Forwarding Health Tracker...
Continue reading →

EOS-4.20.6F TOI Index Page

LAG hashing enhancement for configuring member-selection method Stateful Switchover on DCS-7300x TAP Aggregation – FCS error handling Advanced Mirroring Features Cloud High Availability Support for PBR in any VRF PBR Support on Arista 7050X/7250X/7160/7300X EVPN Centralized Anycast Gateway Uniform Tx/Rx DOM Thresholds

BGP LU/SR (labeled-unicast with segment routing) support in multi-agent mode

This feature implements RFC3107 that allows carrying a label stack with BGP route updates, using multi-protocol BGP. It also implements segment routing extensions that allow accepting and carrying the transitive segment-index (SID) attribute in LU route updates. This implementation is for multi-agent mode. BGP LU for ribd mode is supported since 4.17.0F, see details in the following location: https://eos.arista.com/eos-4-17-0f/bgplu/ The following BGP LU features are supported starting from release 4.20.5F: Basic IPv4 BGP LU, both receiving LU updates and originating/re-advertising LU routes to other peers IBgp and EBgp peering for LU peers Using ISIS-SR (or other MPLS tunnels) as the...
Continue reading →

IS-IS Counters

IS-IS Counters feature adds support to monitor per interface count of received, transmitted and dropped IS-IS PDUs at the Rib/Isis agent level. The counters start getting incremented once IS-IS is enabled on an interface and persist until IS-IS is disabled on it or the Rib/Isis agent restart. This feature can be used to debug protocol related issues of interconnected neighbors. Platform compatibility IS-IS Counters feature is supported on all EOS platforms. Configuration No additional configuration is necessary to enable this feature. It is enabled by default whenever IS-IS is configured on an interface. Status The counters are displayed using show...
Continue reading →

Agent Snapshot Core CLI Command

EOS’s architecture is built around the notion of agents. While the CLI show commands offer great insights into the operational status of the switch, their output can become voluminous in highly scaled route environments affecting the operational stability of the switch. The agent <agent> snapshot core CLI command quickly and safely creates a core snapshot file that can be exported off the switch to provide the same operational status information without affecting switch stability. Platform compatibility This feature is platform independent. Configuration The agent CLI command has new parameter snapshot. The new snapshot parameter has a new parameter core. These...
Continue reading →

Common Encryption Key for internal storage of neighbor passwords

Introduction This feature will provide a common encryption key to be used across all protocols to encrypt the neighbor password data for BGP, OSPFv2, BMP, ISIS, OSPFv3 and FHRP/VRRP for secure internal storage in the configuration. Prior to this feature, each protocol used its own algorithm based on neighbor IP or peer group to derive the password encryption key value. An unintended consequence of this original method is that the user cannot copy the encrypted password from one part of the configuration to another as the key to decrypt the passwords cannot be derived by all neighbors outside the original...
Continue reading →

Inverting match result for communities and extcommunities in route maps

The route map feature ‘invert-result’ has been added to the ‘match community’ and ‘match extcommunity’ statements which permits or denies routes when provided communities or extended communities are missing. Configuration Arista(config)#route-map <route-map name> permit 10 Arista(config-route-map-name)#match invert-result community <community-list-name> or Arista(config)#route-map <route-map name> permit 10 Arista(config-route-map-name)#match invert-result extcommunity <extcommunity-list-name> Example In this example, the route-map will match any community except 100:300. Arista(config)#ip community-list standard clist permit 100:300 Arista(config)#route-map foo permit 10 Arista(config-route-map-foo)#match invert-result community clist The below configuration will prepend the as-path with “1000” if the path does not have both 100:1 AND 100:2. Arista(config)#ip community-list standard BAR permit 100:1 100:2...
Continue reading →

802.1x Mac Based Authentication

MAC Based Authentication is a facility which allows a set of MAC addresses to be programmed into the RADIUS server. Such MAC addresses (MAC Based Authentication supplicants) do not have to speak 802.1X and may still be allowed access to the network. The authenticator identifies devices which do not support 802.1X and uses the MAC address of these devices as username/password in its RADIUS request packets. Depending on the MAC Based Authentication setting on the server, the server then decides whether to authenticate the supplicant or not. This is also different from 802.1x in the sense that every supplicant trying...
Continue reading →

802.1x Dynamic VLAN Assignment

Instead of statically assigning access VLAN on the authenticator port, it’s sometimes desirable to offload the work of VLAN assignment to the RADIUS server in case of a successful authentication. The Radius server communicates the VLAN information to the authenticator through some radius attributes. The authenticator interprets this information and then uses that information to program the access VLAN. Typically only the RADIUS server indicates the desired VLAN using the tunnel attributes with the Access-Accept but the supplicant can also request for a particular VLAN to be assigned by including the tunnel attributes within the Access-Request. Following tunnel attributes are...
Continue reading →

EOS-4.20.5F TOI Index Page

Multi-Line / Python Input for the Event Handler Actions DirectFlow ARP converted Host Routes injection into BGP IS-IS Speed-based metric IS-IS Partial SPF BGP IPv6 link-local peering support (RFE 60498) Ping and Traceroute Source Configuration L2EVPN MPLS L2 EVPN MPLS on DCS-7280R, DCS-7280R2, DCS-7500R, DCS-7500R2 series 802.1x Dynamic VLAN Assignment 802.1x Mac Authentication Bypass Management Tech-Support Policy Port-Channel Min-links Enhancement Ingress per-port IPv4, IPv6 counters Block Frames Not Matching Any Vlan Mappings on Trunk Ports Block Untagged Frames on Dot1Q-Tunnel Port Asset Tagging OSPF and OSPFv3 Non Stop Forwarding LANZ configurable global thresholds for Ethernet ports Two Rate Three Color...
Continue reading →

Arista EOS-4.20.1F TOI Index Page

Arista Platform Independent Features Config Checkpoint OpenConfig – NETCONF and Interface Counter Models eAPI – Support for multiple VRFs Connectivity Monitor CVX VIP VLAN Aware bundle mode for EVPN BGP route-map match on route-type Advertise-only option to the aggregate-address command Route-map URL BFD for Static routes IS-IS GR support IPv6 Neighbor Discovery Enhancements UCMP over Labeled Unicast Tunnels for IPv4 RFC 7606 – BGP enhanced error handling OSPFv3 Flood Pacing Support for BGP IPv6 Labeled Unicast MP-BGP for v4 Multicast BGP Monitoring Protocol L3 EVPN MPLS IPv6 RA inconsistent logging Redistribute static routes pointing to next-hop group via BGP Host...
Continue reading →

802.1br-E/VN Tag Stripping

Description This article describes a feature for Tap Aggregation mode, which strips IEEE 802.1BR E-Tag and Cisco VN-Tag headers from all tagged packets received on tap interface before delivering them out of tool interfaces. Untagged packets are unaffected. This feature may be useful for third-party tools and/or packet analyzers which cannot parse these headers. Platform Compatibility DCS-7280R/R2/R3 DCS-7500R/R2/R3 DCS-7800R3 DCS-7020R Configuration By default, Arista switches do not strip BR-E/VN tags from ingress packets. On DCS-7280R/R2, DCS-7500R/R2, and DCS-7020R BR-E/VN tag stripping is globally configured for Tap Aggregation. This means that packet ingressing any tap port will have their BR-E/VN tags...
Continue reading →

Igmp Snooping Proxy

IGMP Snooping Proxy feature is an optimization over IGMP snooping. When IGMP Snooping Proxy is enabled, the switch gathers IGMP reports from downstream hosts by sending queries periodically and updates its local state. Later, when it receives a query from an upstream router, the switch responds with a report immediately based on its local state. When IGMP Snooping Proxy is not enabled, IGMP Snooping floods the query in the VLAN for the hosts to respond with a report and the reports are flooded to ports that are known to have multicast routers. Enabling IGMP Snooping Proxy prevents a sudden burst...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: