• Author : Bharath Somayaji

 
 

IP Locking + Release Updates

Description IP Locking is an EOS feature configured on an Ethernet Layer 2 port.  When enabled, it ensures that a port will only permit IP and ARP packets with IP source addresses that have been authorized. IP Locking prevents another host on a different interface from claiming ownership of an IP address through ARP spoofing. On an IP Locked Port, ARP probes with 0.0.0.0 as Sender Protocol Address (SPA) will be allowed for duplicate address detection (DAD). Incoming DHCP server response packets are dropped to avoid rogue device(s) acting as DHCP server(s). Incoming DHCP client request packets are allowed for...
Continue reading →

DHCP relay in VXLAN EVPN (Anycast usecase)

In VXLAN EVPN deployments, a distributed anycast address is often used as the gateway address for end devices connected to the Vxlan Tunnel End Points (VTEPs). Similarly, in MLAG configurations in a VXLAN environment, ip address virtual could be used on both MLAG peers. A DHCP Relay agent running on such switches needs to forwards DHCP requests originating from end devices to the DHCP Server. In such deployments, the DHCP Relay Agent will not be able to use the anycast address or the virtual IP address to communicate with the server. In order to enable the server to uniquely identify...
Continue reading →

DHCPv6 Prefix Delegation

DHCPv6 Prefix Delegation support enables a DHCP relay agent to program routes for addresses assigned by a DHCP server. The assigned prefixes could either be DHCPv6 IA_PD prefix delegation addresses, or DHCPv6 IA_NA global /128 addresses. The routes added for the assigned prefixes can also be redistributed into BGP. Configuration DHCP routes are not programmed by default. To enable the addition of DHCP routes, the following command must be entered in the config-if mode for the interface with ipv6 dhcp relay destination <server-ip> configured: Arista(config-if-Vl100)# ipv6 dhcp relay install routes To disable the addition of DHCP routes and to remove...
Continue reading →

IS-IS SPF Timers

SPF Timers can be used in IS-IS to throttle the frequency of shortest-path-first (SPF) computations. In networks with a lot of churn, using these timers will help in containing the effect of network disruptions arising out of frequent SPF runs. SPF intervals are configured by specifying a max-wait interval, and optionally, an initial-wait interval and a hold-time. The interval between successive SPF runs is determined by using the values of the three knobs mentioned above. SPF is scheduled to run after the initial-wait interval for the first SPF run following a period of inactivity. In the event that there is...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: