Installing EOS hot fixes with CloudVision Portal

Installing hotfixes via CloudVision Portal   One of the major strengths of EOS is the open nature of the operating system.  By being able to add software to Arista switches, one can extend the capabilities of the operating system (that’s where the ‘E’ in EOS comes from after all).  One scenario where this is perhaps most beneficial is in the realm of security updates.  The majority of security updates to Arista’s operating system are initially delivered in the form of an extension prior to rolling the update into a new release of EOS.  There are some clear advantages to this method...
Continue reading →

L2 port-channels and L3 ECMP hashing

Each Arista switch platform has a different set of options that can be used to manage the hash algorithm to a port-channel; some are common, but some are unique. The options available are dependent on the ASIC’s capabilities in each hardware model.  For ECMP we take the same algorithm and allow a seed value to be used in order to avoid route polarization to the same paths as L2.   This article will examine the defaults per platform, as well as how to view and modify the current settings on each platform. Hashing defaults The default settings for port-channel and...
Continue reading →

Restricting access to the switch

In this article we demonstrate how you can enable your Arista switch to restrict access to various network services. By default, Arista EOS implements a control-plane ACL to restrict the packets going to the CPU.  This is done for security purposes, but in its default configuration is very permissive.  As such, it is recommended that the sources which can access the switch be restricted using the methods described below. To view the default ACL issue the following command: Arista#sh ip access-lists default-control-plane-acl IP Access List default-control-plane-acl [readonly] statistics per-entry 10 permit icmp any any [match 4, 11 days, 20:46:23 ago]...
Continue reading →