• Author : Anuraag

 
 

Macro-Segmentation Service (MSS) for L3 Firewalls

Feature description Arista Macro Segmentation Service (MSS) is a service in CloudVision which dynamically places a firewall (FW) in the path of traffic between devices attached to front panel ports on Arista switches based on policies tagged by the user in the FW (using predetermined tags configured on CVX). In a traditional L3 FW deployment, the gateway for endpoints in a subnet is hosted on the FW and configured as the default route on the endpoint. In this integration, the firewall can be a Layer-3 attached system to the network. MSS running in CloudVision uses APIs provided by the FW...
Continue reading →

DirectFlow/OpenFlow enhancements

The following new enhancements to DirectFlow and/or OpenFlow are added in EOS-4.15.0F: DirectFlow redirect to CPU DirectFlow non-persistent flows DirectFlow/OpenFlow MAC/VLAN rewrite DirectFlow redirect to CPU DirectFlow now supports inserting a flow entry that matches on some specified criteria and redirects matching traffic to the switch CPU. This is useful for cases where the user has a custom agent running on EOS and wants to trap specific traffic and send to the agent. Configuration As part of a flow definition, the user can configure action output interface cpu to redirect traffic matching this flow entry to the CPU. For example: Arista(config)#directflow Arista(config-directflow)#flow...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: