• Author : Addison Chi


Securing eAPI

Introduction In this article we will talk about a few tips to secure our eAPI access, for example, HTTPS, changing port, certificate, ACL, on-box, AAA, vrf etc. Turning on/off eAPI First of all, the most secure way is turning off eAPI, which is by default. myswitch#configure myswitch(config)#management api http-commands myswitch(config-mgmt-api-http-cmds)#shutdown To turn eAPI on by “no shutdown”, by default the HTTPS protocol is running and HTTP is turned off for secure purpose, because HTTP send user and password in clear text. HTTP can be used by “protocol http”, however, we recommend using HTTPS. Both HTTP and HTTPS can be used concurrently. myswitch#configure terminal myswitch(config)#management api http-commands...
Continue reading →

Arista eAPI 101

In this article, you will get some quick ideas to use Arista eAPI to configure the switch via JSON-RPC remotely. Here is one Youtube video on eAPI if you prefer to watch something live: EOS Bits & Bytes – Episode 3 “Command API” The Arista Command eAPI is a simple and complete API that allows you to configure and monitor your Arista switches. Once the API is enabled, the switch accepts HTTP(S)  requests containing a list of industry standard CLI commands, and responds with machine-readable output and errors serialized in JSON (served over HTTP or HTTPS). eAPI was first introduced in...
Continue reading →

Decoding UTC from the timestamps on 7150 Series

Overview Arista 7150 Series allows packets going through the switch to be timestamped using a 31-bit high-resolution (350Mhz) tick counter which rolls over every ~6.135seconds (every tick corresponds to ~2.857ns). In order to enable UTC-recovery, the switch can be configured to send a special type of packets called keyframes, which contain the mapping between the hardware counter and UTC time. More details about the exact format of the keyframes can be found here. Decoding PCAP captures The PCAPDecoder script can be used in order to recover UTC for a packet capture generated using tcpdump or a similar tool. The capture...
Continue reading →


Get every new post on this blog delivered to your Inbox.

Join other followers: