• Author : Michelle Wang

 
 

Support for SWI extension (SWIX) verification

Description EOS provides a way to extend its capabilities through the installation of extensions. An extension is a pre-packaged optional feature or a set of scripts, typically in an RPM Package Manager (RPM) or Software image extension (SWIX) format. A SWIX file is a zip file typically containing RPMs, scripts, or other installation mediums that can be installed to alter the base behavior of EOS. SWIX Verification allows for SWIX files to be cryptographically signed with a signature that will be verified by EOS before the extension is installed. This verification process provides the following security benefits: Shows that the...
Continue reading →

Interface Profiles

Description In a typical switch deployment, multiple ports can have the same configuration, such as description and access VLAN. With the interface profile feature, a user can define a set of ethernet configurations in an “interface profile.” Then, the profile can be applied to one or more ethernet interfaces, so that all the commands defined in the profile will be configured on the interface. Any changes made in the profile will automatically update the configurations of the interfaces using the profile. Platform Compatibility All platforms support this feature. Configuration The following shows how to configure an interface profile and an...
Continue reading →

SSH Certificates

Description SSH certificates (as implemented by OpenSSH, introduced in version 5.4) allow for easy management of user authentication and authorization for passwordless logins, as well as host verification. User authentication is achieved through having a certificate authority (CA) that signs user public keys with its private key, while configuring sshd to trust that CA’s public key. User authorization is achieved by signing the user key with specific principals, which define which accounts the user is allowed to login as. Signing the user key with the CA private key generates the user’s certificate, which the user will present when attempting to...
Continue reading →

Interface Profiles

Description In a typical switch deployment, multiple ports can have the same configuration, such as description and access VLAN. With the interface profile feature, a user can define a set of ethernet configurations in an “interface profile.” Then, the profile can be applied to one or more ethernet interfaces, so that all the commands defined in the profile will be configured on the interface. Additionally, modifying a profile will automatically update the configurations of the interfaces that use the profile. Platform compatibility All platforms support this feature. Configuration The following shows how to configure an interface profile and an interface...
Continue reading →

EOS SWI image verification

Description SWI Image Verification is a feature that allows one to determine if their SWI image has been tampered with. It verifies that the SWI image was authorized by Arista Networks for release and unaltered post-release. To achieve this, starting from EOS-4.21.3F, a cryptographic signature has been added to Arista EOS images. The cryptographic signature has two major components: a signing certificate, and a signature that was signed by the signing certificate. The signing certificate is trusted by a root certificate stored in the SWI, by default Arista’s root certificate. Together, this information allows one to determine if their SWI image...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: