Why Java APIs and Industry-Standard CLIs are Different

In the past few years, the tech industry has watched with increasing concern as various entrenched participants have brandished copyright law as a weapon to stifle competition and innovation. Recently, we have been treated to yet another novel claim: that after over a decade of broad adoption, the industry-standard set of commands that a user types into a command line interface (or CLI) to configure a network device is subject to copyright. This startling claim raises many questions, but today I want to address one in particular: What effect, if any, does the recent decision in Oracle v. Google have...
Continue reading →

Using Jinja Templates on CVP

ContentsWhy use Jinja?Usage of Jinja2 on CVPDigging deep into the example.py scriptRendering information into templatesNotes to remember Why use Jinja? Jinja2 is a user-friendly template engine for Python. It is easy to learn and use, and also fast – as a result, a lot of developers use it these days. It is easy to model since its syntax is quite similar to Python; debugging is easy, in fact quite similar to Python’s debugging capabilities. To install Jinja, download Jinja2 from https://pypi.python.org/pypi/Jinja2 and install it in the /cvp/pythonlab/Lib folder. Usage of Jinja2 on CVP In CVP, we have the facility of...
Continue reading →

Using an SFP/SFP+ transceiver in a QSFP+/QSFP100 port

Introduction Situations may arise where a QSFP+ or QSFP100 (QSFP28) port must be utilized by an SFP+ or SFP adapter. Mellanox has a physical adapter (P/N: MAM1Q00A-QSA). This adapter is a physical cage that fits into a QSFP port and has an opening that fits an SFP or SFP+ transceiver. NOTE: Specific hardware used in this exercise: DCS-7150S-64-CL-R, Software image version: 4.17.3F. You should check the release notes for your version of EOS and model hardware to insure support. Currently, this adapter is tested with SFP (1G) or SFP+(10G) —  (not SFP28/25G). Objective An SFP+ or SFP transceiver can be fit...
Continue reading →

VXLAN: security recommendations

ContentsAbstractIntroductionVXLAN backgroundVXLAN implementation optionsFlood listMulticast groupVXLAN Control Service on CVXBGP EVPNSecurity threats and mitigation techniquesAttacks from underlay networksAttacks from overlay networksMac-floodingMAC-flooding in flood list type of configuration for VXLANMAC-flooding in multicast group, CVX, BGP EVPN types of VXLAN configurationMAC-address spoofingMAC-address spoofing in flood list and type of VXLAN configurationMAC-address spoofing in multicast group VXLAN configurationMAC-address spoofing in CVX type of VXLAN configurationMAC-address spoofing in BGP EVPN type of VXLAN configurationARP spoofingUDP floodingTCP SYN attacksBGP as a control plane and its securityScalability considerationsRegistering rogue VTEP on VXLAN controllerEnd-to-End securityConclusionResources Abstract This document provides recommendations that are advised to implement in order to increase...
Continue reading →

Arista 7280QR-C36 Load Balancing Optimization for Dual Homed Systems and Networks

ContentsArista 7280QR-C36 Optimized Internal Load-balancingBest practice recommendations:Changing load-balancing mode on DCS-7280QR-C36For ECMP:For LAG:Summary Arista 7280QR-C36  The Arista DCS-7280QR-C36 switch is a purpose built flexible fixed configuration 1RU system capable of supporting a wide range of interface choices. Its designed for the highest performance environments such as IP Storage, Content Delivery Networks, Data Center Interconnect and IP Peering. The 7280QR-C36 is optimized for environments with dual connected nodes such as storage and for spine applications with dual homed leaf switches. This technical application note describes the internal optimized load-balancing mechanism used within the switch and how network architects can best deploy this...
Continue reading →

Load Balancing with ECMP: Hardware Configuration Lookup

ContentsAbstract:Initial configuration:Question:Recursive lookup for the actual path:Conclusion:Useful commands: Abstract: This publication illustrates a technique which can be used to find exactly how Arista devices program routes to send traffic across multiple available paths. An example will be given on the Arista DCS-7150S-52-CL-R running EOS version 4.14.8M. Initial configuration: As an IGP we are using OSPF with maximum paths feature configured: Arista(config)#router ospf 1 Arista(config-router-ospf)#maximum-paths 32 There are two iBGP peers configured via a peer-group “pg1”: Arista(config)#router bgp 65001 Arista(config-router-bgp)#neighbor pg1 maximum-routes 16000 Arista(config-router-bgp)#neighbor 172.20.18.49 peer-group pg1 Arista(config-router-bgp)#neighbor 172.20.18.121 peer-group pg1 iBGP advertisements: * >   10.82.2.32/27       172.20.16.143    0  ...
Continue reading →

MBR (Multicast Border Router)

Intro Enabling PIM MBR on an interface (where we don’t have an upstream PIM neighbor) will allow multicast traffic from remote sources that are outside of our PIM domain to be treated as locally connected sources. We typically see this scenario when we are receiving multicast feeds from a remote Exchange and a PIM neighbourship is not established on our upstream links. In the current PIM implementation (EOS 4.14.0F and later) EOS will drop multicast traffic that is not considered to be locally connected by default and we need to configure MBR to allow this multicast data. In the interfaces...
Continue reading →

Installing EOS hot fixes with CloudVision Portal

Installing hotfixes via CloudVision Portal   One of the major strengths of EOS is the open nature of the operating system.  By being able to add software to Arista switches, one can extend the capabilities of the operating system (that’s where the ‘E’ in EOS comes from after all).  One scenario where this is perhaps most beneficial is in the realm of security updates.  The majority of security updates to Arista’s operating system are initially delivered in the form of an extension prior to rolling the update into a new release of EOS.  There are some clear advantages to this method...
Continue reading →

Understanding EOS Software Download Options

This post is to help explain the different Software Download options for a particular EOS release. For recommendations on which train or version of EOS you should use, please take a look at our Software Lifecycle, and Recommended Release pages. This advice only concerns images located in the Active and Support Only Releases folder. Images from the Other Releases and EFT folders are not for general use. Those releases are available only for specific deployments, and should only be used when specifically recommended by Arista. In this case, I’m taking a look at EOS-4.17.1F and you can see from the...
Continue reading →

Common AAA Requirements

This article describes sample configuration for most common AAA requirements. It covers default behavior of EOS and a basic configuration guide with respect to Authentication and Authorization through local, RADIUS and TACACS+. The article also includes sample TACACS+ config files and RADIUS dictionary files ContentsAuthenticationSSH AuthenticationConsole AuthenticationAuthorization Authorization execLocal role based command authorizationAuthorization through RADIUS Authorization through TACACS+Console AuthorizationRemoving admin credentials AAA Fallback Debugging CommandsAdditional Reading Authentication SSH Authentication To have users locally authenticated, configure by entering the command: Arista(config)#aaa authentication login default local Other methods available are TACACS+ and RADIUS. Console Authentication By default console login will derive authentication method from the...
Continue reading →

Troubleshooting Multicast packets to CPU

ContentsOverviewTopologyScenarios1. Unsolicited traffic2. Multicast TTL == 13. Traffic received on OIL4. No Route to the RP or back to FHR Overview This article covers different scenarios where undesirable multicast traffic can be punted to CPU.   Topology   Scenarios 1. Unsolicited traffic When the switch receives multicast traffic, there are two main checks made: 1.Is the source locally connected (i.e. is the source IP of the traffic in the same subnet as the IIF) OR 2. Is there a valid mroute state for the S,G If neither or the above apply, the multicast data traffic will be punted to CPU...
Continue reading →

Arista EOS Hardening Guide

ContentsIntroductionGeneral Security PrinciplesMonitor Security Advisories and ResponsesLog Collection and MonitoringEOS binary distributionEOS core OSThe internal process treeEOS servicesThe Control Plane ACLA sample of the default CP ACLA sample of the default CP policy mapVLAN ManagementTrunk configurationDevice AccessPassword ManagementFIPS restrictionsUser Role ManagementConsole AccessEmergency Console AccessManagement InterfaceTACACS+/RADIUSAuthentication, Authorization, and AccountingLogin BannerNetwork Time ProtocolDNS ConfigurationLoggingSNMP AccessRouting ProtocolsIGP Routing ProtocolsBGP Routing ProtocolThe default system security configurationSupported Management and Security Features Frequent QuestionsTips & Tricks:SSH tunnels Introduction This document is provided as a template to securing Arista devices. Configurations alone are not able to completely secure a network. Due operational diligence including threat assessment and reaction...
Continue reading →

Running vEOS in GNS3 1.5

How to Run vEOS 4.16.6M in GNS3 1.5 ContentsIntroPrerequisitesRunning vEOS and GNS3 on a Windows machineRunning vEOS and GNS3 on a Mac OS X machineRunning vEOS and GNS3 locally on one box Running vEOS in VMware vSphere (without GNS3) Intro This document will go over how to install a vEOS vm instance on both your Windows 7 OS as well as Mac OS X. The steps are exactly the same between OSes. We will first start with Windows 7 installation and will then show a few screenshots on the Mac. Finally we will conclude this post by going over the...
Continue reading →

Installing CloudVision eXchange (CVX) on Ubuntu / KVM

ContentsIntroductionInstallation ProcedureInstall StepsPython XML Creation Script – generateXmlForKvm.pyInput XML Template – kvmTemplate.xml Introduction This post is intended to give step-by-step instructions on how to install CVX on a KVM Hypervisor on Ubuntu LINUX. The Cloudvision Configuration Guide provides provides excellent instructions on configuring CVX after the install process is complete. You can also browse to the guide via the Support > Product Documentation pages on arista.com. Basic familiarity with Linux is needed in order to complete this task. Installation Procedure Refer to Section 1.1 of the Cloudvision Configuration Guide for host system requirements. Install Steps Download the Aboot and EOS software from https://www.arista.com/en/support/software-download. (CVX is really just an instance of EOS...
Continue reading →

VMTracer Visibility and Call Flows

ContentsIntroductionQuick Configuration Notes:VMTracer Call FlowVMTracer Visibility for the Network OperatorAutomationFurther Reading Introduction Arista EOS has been supporting the VMTracer feature since vSphere 4.0 was introduced and continues to support the latest version.  The EOS User Manual (found for various releases at https://www.arista.com/en/support/software-download) provides a very good description and background to the feature along with configuration details.  This technical note adds additional call flow information to better understand the feature and the network visibility it provides to operators, as well covering NSX-V visibility details. To set the baseline, the VMTracer logical diagram from the User Manual is redrawn here: This diagram shows...
Continue reading →

Using and Customizing Arista EOS Roles for Ansible

The Ansible automation framework includes functionality defined as a role – a means of grouping playbook tasks, handlers, and variable files to help simplify the process of working with large playbooks, as well as reusing playbook information for multiple configurations. This article will describe the use of Arista EOS Roles for Ansible, beginning with a basic overview of Ansible Roles, then installing and working with Arista EOS roles, and concluding with a more in-depth look at customizing those roles for your specific needs. ContentsThe BasicsAnsible RolesArista EOS Roles for AnsibleRole InstallationRole UsageRole CustomizationBasic Structure of a RoleCustomizing an Arista EOS Role for...
Continue reading →

An Introduction to the Golang eAPI

ContentsIntroductionInstallationConfigurationUsing GoeapiSummary Introduction Since the release of Arista EOS Command API (eAPI) many have grown to appreciate its stability and easy-to-use syntax which allow applications or scripts complete programmatic control over EOS. Development of applications that interface with your Arista device for the purpose of configuration or monitoring is simple and fairly straight forward. With a little knowledge of Python, Perl, Ruby, or your favorite language of choice, and familiarity with the underlying transport mechanism (JSON-RPC), it’s easy to write some custom functionality to help with deployments, provisioning, configurations and many other things.  Arista has continued its ongoing effort to...
Continue reading →

A comparison of virtual ip commands

ContentsThe ‘ip virtual-router’ commandHow does the host resolve ARP for the default gateway/vIP?How do the switches resolve ARP for the host?The ‘ip virtual-router’ command with maskHow does the host resolve ARP for the default gateway/vIP?How do the switches resolve ARP for the host?ARP syncThe ‘ip address virtual’ commandHow does the host resolve ARP for the default gateway/vIP?How do the switches resolve ARP for the host?ARP syncSuggested reading The ‘ip virtual-router’ command Switch1:   Switch1(config)#interface vlan 10   Switch1(config-if-Vl10)#ip address 10.0.0.2/24   Switch1(config-if-Vl10)#ip virtual-router address 10.0.0.1   Switch1(config)#ip virtual-router mac-address 00:1c:73:00:00:99 Switch2:   Switch2(config)#interface vlan 10   Switch2(config-if-Vl10)#ip address 10.0.0.3/24   Switch2(config-if-Vl10)#ip virtual-router address 10.0.0.1   Switch2(config)#ip virtual-router mac-address...
Continue reading →

Arista + Ansible – Getting Started

The Ansible 2.1 release made it easier than ever to manage Arista switches.  The following article describes how to leverage Ansible for EOS configuration management. The Basics If you’re brand new to Ansible, it might be helpful to take a spin through their Overview and Getting Started just to familiarize yourself with some of the basic concepts. The Ansible documentation has a great introduction to Ansible for Networking – definitely check it out before reading on. EOS Modules  Ansible modules do all of the heavy-lifting, and there’s a module to do just about anything you could possible think of, from copying a...
Continue reading →

Troubleshooting congestion – Investigating and taking corrective steps

  Contents1) Introduction2) MeasuringMeasuring your baselineMeasuring your maximum stress capacityConclusion on metrics3) Application behaviour and causesTCP Retransmits  Application / Storage LatencyTCP behavior4) Flow-Control / PFCChoices: QoS, FC, PFC5) Buffer management and Queues usageQoS to classify traffic and use more queues in the systemQoS classification – Configuration exampleHow to implement Buffer management:Conclusion 1) Introduction Congestion might not be obvious, it can be discovered reactively in disastrous situations, or proactively by collecting statistics off equipment and investigating symptoms demonstrated by the applications and systems.   Deep buffers on switches is a blanket and effortless solution to the problem, but it might not be...
Continue reading →

MLAG ISSU

ContentsOverviewMLAG considerations before upgradeI. Check for configuration inconsistencies II. Resolve ISSU warningsIII. Choose the correct upgrade code pathUpgrade Procedure Overview MLAG ISSU (In-Service Software Upgrade) upgrades EOS software on one MLAG peer with minimal traffic disruptions on active MLAG interfaces and without changing the network topology. Note: Traffic impact could be seen for orphan links, active partial links and packets in flight   MLAG considerations before upgrade   I. Check for configuration inconsistencies Following features should be configured consistently on each switch: VLANs Switchport configuration on port channel interfaces that are configured with an MLAG ID STP configuration (global) In EOS...
Continue reading →

Valid Python Scripts may fail in OS X ‘El Capitan’

Python scripts can be run on OS X using eAPI to access Arista Switches or vEOS instances. Python Scripts can also be run on OS X to automate the installation of vEOS: (https://github.com/arista-eosplus/packer-veos). After installing or upgrading to OSX ‘El Capitan’ (OS X version 10.11.5) Python Scripts that previously worked fine under earlier versions of OS X or work on other operating systems may fail. This is evident when making a Python Script executable after issuing the chmod +x command.  This is due to operating system changes Apple has introduced in ‘El Capitan’. Although, this problem may affect eAPI and...
Continue reading →

Deploying Virtual SAN Over L2/L3 Networks with Arista Networking Devices

This is a great posting from on how to deploy Virtual SANs over an Arista underlay networks with the actual switch configurations. Here is the video on how to automate the deployment of a VSAN infrastructure from the same blog – VMware Virtual SAN Stretched Cluster Automated Deployments with PowerCLI Thought our user community would benefit from these blog postings. Happy reading!    

Introduction to Managing EOS Devices – Memory Utilisation

A common question that users new to EOS have is concerning the high levels of memory utilisation seen on Arista switches (~70% utilised). Typically this is first flagged by the NMS and triggers a low memory warning or alarm. Unlike a traditional switching OS, EOS uses Linux page caching. Most free memory is used as a live cache and very low ‘free memory’  numbers are entirely normal, providing that enough memory is available from the buffers and cached memory for applications demanding more RAM. In this case, the OS is capable of freeing up memory from cache as processes demand it. Memory...
Continue reading →

Arista 7150 Series Hardware Based NAT For Unicast Traffic

Arista 7150 series switches use Intel’s Fulcrum FM6000 (code named ‘Alta’) ASIC for packet processing. The ASIC includes several features for IP header translation including Network Address Translation (NAT). In doing so, packets to be NAT’d are processed by the ASIC which is known as Hardware NAT rather than by CPU known as Software NAT. Hardware NAT provides much better scale and performance compared to Software NAT.  The 7150 series switches can provide 10/40Gbps line rate hardware based NAT  across all Ethernet ports at the same time. The number of available ports varies depending on the particular model – it...
Continue reading →

Monitoring EOS with tcollector and OpenTSDB

EOS is a Linux distribution (based on Fedora), which means, among other things, that it can be monitored like any Linux server running Fedora.  In this post we show how to package a popular open-source monitoring framework, tcollector, as an EOS extension. A bit of history OpenTSDB is a distributed time series database used for infrastructure monitoring in many medium to large scale environments.  It uses a push model, meaning that OpenTSDB is not responsible for pulling monitoring from a set list of targets to monitor, rather the targets themselves are responsible for pushing their monitoring data to OpenTSDB, be...
Continue reading →

Virtual Routing and Forwarding (VRF) Fundamentals

This document will provide a summary over an Arista EOS switch and how an administrator can use Virtual Routing and Forwarding (VRFs) to achieve a desired solution. The number of VRFs varies per switch due to the amount of RAM and CPU on a switch.  As of this writing, VRF scale are the following per model. Configuration of a VRF is fairly straightforward and all VRFs have their own separate forwarding tables.  As with everything in EOS, all VRFs meet at SysDB. As these numbers may change in the future (as new features are added), please refer to the Release...
Continue reading →

Arista Certified Engineering Associate (ACE-A) Exam

We are happy to announce the first of our Arista Certified Engineering (ACE) certifications, the ACE Associate. The official page for the Arista Certified Engineering Associate (ACE-A) can be found here: http://solutions.arista.com/ace-a-exam  

CloudVision Deployment Guide using Python API

ContentsAudiencePurposeTopologyCloudVision Web Portal – Network Provisioning(Logical View)Pre-RequisitesKnown Caveats:First stepsWorking with CVP variablesWorking with CVP premade functionsCreating a ConfigletCreating a ContainerWorking with CVP Devices Generating ECMP fabric(Tier2-Tier3)Generating Bowtie MLAG(Tier1-Tier2)Handling CVP related ErrorsSample prompts from CVP server Further ReadingAppendixConfiglet Appearance in CloudVision PortalCVP Python Script Audience This document is intended for those that are familiar with, or have intermediate abilities with python scripting. This script is meant for deployment in a greenfield environment, but can be modified to be used in a brownfield environment as well.  With either deployment scenario it is advisable to contact your SE/TAC for a code review or...
Continue reading →

Slow SSH Login

A common issue is when accessing a switch via SSH it takes a long time for the user to login and then after that the connection flows smoothly. This is generally due to the fact that SSH does a reverse DNS lookup for the remote device and the DNS query times out. Another common issue is that the management interface is in a VRF but the name servers are not defined in the VRF. To configure a name server in the vrf “management” ip name-server vrf management 10.1.1.10 Ensure that you can ping the DNS server from the switch. If the DNS server...
Continue reading →

ARP replies in a VxLAN plus routing Data Center Inter-connect deployment

Overview VxLAN and routing with DCI inter-connect can cause ARP issues with VLAN segment extensions between datacenters. The goal of this article is to outline the issue relating to ARP replies with VxLAN routing and VARP. We will show the use of a workaround today (recommended) and how the new ARP-Reply feature will resolve the problem.  This feature will be introduced in later version of EOS. The date will be announced in the future. Issue: VxLAN with the directing routing model for DCI will requires a unique VARP MAC address per DC. This is needed when  when there are two...
Continue reading →

Config Sessions Tips

Description: You want to implement human error prevention, 4-eyes-principle, task separation and delegation in your network? Then read on. We’ll show you how you can delegate configuration preparation to the operators team, retaining the control to commit the submitted changes, and having a delayed roll-back as a safety network in case something went wrong. Please also refer to the article “How to keep last X startup configs” for further tips on config handling and versioning. User Management: Let’s create two roles: one for the Network Operations team, that is allowed to use “configure session” to prepare changes, but is not...
Continue reading →

Can OpenStack Run Over a VXLAN Fabric Without an Overlay Controller?

At the OpenStack Summit in Hong Kong at the end of 2013, I gave a talk (video, slides) on the requirements, tradeoffs, and potential designs for deploying OpenStack over a VXLAN fabric. It’s been long enough that it feels like it’s time to revisit the topic. More specifically, I want to focus on the question of whether you can now build such a fabric with a mix of both hardware and software networking elements while only running standalone Neutron, which wasn’t really possible back when I originally gave the talk. Using an external overlay controller was considered the only way to...
Continue reading →

Deploying Arista Switches using CloudVision Portal

Deploying Arista switches using CloudVision Portal (CVP) Introduction CloudVision Portal or CVP is an automation and orchestration tool for management and deployment of switch configuration across an entire IP based data center network. CVP uses a container hierarchy for organizing devices into logical groups and splits the device configurations into ‘configlets’ which can be applied at varying levels of the hierarchy to provide inheritance and de-duplication of effort when developing device configuration. This approach reduces human error thru inheritance of configuration. Operators can focus on the device specific configuration, knowing that general configuration, such as, AAA, domain name and DNS...
Continue reading →

Spotify’s SDN Internet Router

How does one build an Internet-scale router using data center switches and a bit of SDN grease? One solution is what Spotify built with their open-source SIR (SDN Internet Router). Before we go any further, let us address the why. Why would one want to do this? The price-performance ratio between a data center switch and an Internet router is on the order of 10x. Data center switches based on merchant silicon can offer three times the density of high-end routers for a third of the price. For this reason, replacing expensive high-end routers with programmable data center switches using...
Continue reading →

Arista + Ansible: A Dramatically Simple New Approach

On February 18th, 2016 Ansible (Red Hat) announced a new initiative to help bring years of systems administration experience to the network by creating a new set of modules built specifically for network devices.  This announcement signals a new direction for Ansible, a technology that previously omitted native support for the majority of network vendors.  What does this announcement mean and how can you get started with your Arista devices? ContentsA Brief HistoryA New ApproachA Sample PlaybookHow Will Arista Contribute?Getting Started A Brief History Astute readers may be wondering, “Why does this matter? I can already manage my Arista device with Ansible.” That’s...
Continue reading →

OpenConfig: the emerging industry standard API for network elements

The OpenConfig working group is tackling a number of challenging problems that have hindered multi-vendor network programmability: Creating vendor-independent models to represent all the aspects of a network element; Making these models programmatically accessible and modifiable; Changing from a pull model to a push model, with subscriptions and update streaming. We are very excited about this effort and we believe it has a good chance of succeeding as it is driven by some of the biggest cloud and service provider operators. For the past year, we have been working closely with members of the working group and in particular with...
Continue reading →

VXLAN Without Controller for Network Virtualization with Arista physical VTEPs

  Contents1) Introduction2) Design – Fundamentals2.1) VLAN2.2) VTI  – VXLAN interface IP address.2.3) VNI – VXLAN Network identifier2.4) Unicast Replication for  B.U.M. traffic3) Ethernet Bridging Fundamentals also matters with VXLAN3.1) Silent Layer2 network3.2) Flooding of Unknown Layer2 Destinations, and MAC learning4) BUM traffic with VXLAN5) MAC addresses knowledge for VXLAN6) VXLAN implementation differences7) Complete configuration examples7.1) VXLAN service with CVX7.2) VXLAN without CVX 1) Introduction This article assumed an understanding of the VXLAN concepts. This article aims at guiding the design and implementation of network virtualization with VXLAN, employing physical VTEPs. This controller-less design provides Layer2 communication across a Layer3...
Continue reading →

How to Install & Configure Arista’s DirectFlow Assist for Palo Alto Firewalls

Contents Summary Prerequisite Summary Prerequisite Concepts Configuring QoS Markings Configuring the DFA Modes DFA Installation Palo Alto Configuration Troubleshooting SUMMARY For the high level solution brief, view the Palo Alto Solution Brief. One of the many features of having an Arista switch is the ability to install extensions on the box. Remember that you can manage the Arista switch as if it was a Linux server (it actually is, but that’s outside the scope of this article) – and because of this we can install RPM packages. One of the packages we can install is Arista’s DirectFlow Assist (DFA), which...
Continue reading →

Migration to VXLAN

ContentsMigration to VXLAN IntroductionWhy do we need Data Center Interconnect?What are some of the open standards DCI solutions available?Why deploy VXLAN as DCI solution?Typical deploymentArista’s VXLAN SupportVXLAN ConfigurationMigrating from OTV to VXLANScenario:Migration steps:Final Configuration of Arista VXLANArista DCI with VXLAN Redundancy: Migration to VXLAN Introduction This document describes the operation and configuration of Data Center Interconnect (DCI) by using open standards protocols VXLAN (RFC 7348) and how to migrate away from existing solutions. Refer to the following document for a VXLAN deep dive: Arista DCI with VXLAN design guide VXLAN bridging and routing   Why do we need Data Center Interconnect? A requirement...
Continue reading →

Automate switch port configuration with EosSdk

Switch migrations are part of life in any datacenter, whether to add capacity with a larger system or new capabilities with a later product generation. There are two parts to this task – loading a configuration and the “rack and stack” of physical installation and cabling. Configuring the new new leaf switch is greatly simplified by tools such as ZTPServer. You can even use LLDP to verify that you’ve cabled the switch to its neighbors correctly. However, when it comes to plugging in servers, you still depend on a very manual process. This can be straight forward when you’ve a single VLAN...
Continue reading →

Importing Existing switches into CloudVision Portal

Introduction CloudVision Portal (CVP) abstracts the physical network to support turn-key automation for zero touch provisioning, configuration management and network-wide upgrades and rollback. CVP allows the user to quickly deploy new switches into the network using predefined, user created, configuration snippets called configlets. This functionality allows the user to simply automate the deployment of new network elements. What happens if the network elements are already deployed in the network and the user wishes to introduce CVP to automate configuration updates? How would these switches be brought into CVP and their configurations integrated into the configuration hierarchy? This guide will look...
Continue reading →

Arista EOS – BGP Selective Route Download

Today, various content provided through the Internet continues to grow exponentially. Content Providers have spent significant CapEx dollars for their infrastructure typically peering with multiple providers to give their customers the best experience possible. This classically calls for BGP peering between these providers and leveraging one provider as a transit with a default route. Given the fact that many views of the global Internet routing table show approximately 580,000 IPv4 prefixes and 20,000 IPv6 prefixes (December 2015), large expensive routers are traditionally used in this capacity. This is because traditional deployments in the past took all the routes in the...
Continue reading →

Maintenance Mode Lab – Example of BGP on Spine

Maintenance Mode Introduced in Arista’s EOS 4.15.2F, Maintenance Mode is a method to allow for easy maintenance of a switch or specific elements of a switch. The goal is to provide a set of commands with a wide range of flexibility that make our network operations lives a bit simpler. And along the way try to help drive down human error. With Maintenance Mode we expect to make the removal and reintroduction of a whole switch or portions of the switch a graceful operation that minimizes network downtime. The initial introduction of Maintenance Mode was aimed at BGP, Interfaces and the Switch as...
Continue reading →

SDN Starter Kit Quick Start Guide v2015.1

Introduction The Quick Start Guide is intended to provide an introduction to Arista Networks switches, Extensible Operating System (EOS) and recently released CloudVision management. It is intended to help the reader quickly deploy Arista switches and leverage the power of automation by using CloudVision. The setup, installation and configuration from start to finish should not take more than a couple hours.  Audience This guide is intended for the following audience:  • End user getting familiar with CloudVision • End user getting familiar with Arista’s EOS CLI CloudVision – Network Automation Key CloudVision features include point and click interface to simplify bulk tasks,...
Continue reading →

Hint – Naming ACLs for easier contextual help and auto-complete

You might like to name your ACLs with a suffix “ACL-” or  similar, so that when you type question mark  (‘?’) or TAB for auto-complete, you would automatically get the ACL name, without having to remember it (often cause of typos): Example: Arista(config)#show ip access-lists ? <==== asking for ACL name <WORD>; not listing all the ACLs by default as there could be too many WORD Access-list name summary Access list summary > Redirect output to URL >> Append redirected output to URL | Output modifiers <cr> Arista(config)#show ip access-lists ACL? <==== the contextual help now lists all the ACL...
Continue reading →

Palo Alto / Arista LAG HOWTO

This is a quick guide on configuring a LAG (802.1ad LACP) between a PAN-5060 firewall and an Arista switch. * *Pre-requisite: PANOS 6.1 or above PAN Cli config:  set network interface aggregate-ethernet ae1 layer2 lacp enable yes set network interface ethernet ethernet1/3 aggregate-group ae1 set network interface ethernet ethernet1/4 aggregate-group ae1 set network interface aggregate-ethernet ae1 layer2 units ae1.100 tag 100 set address 192.168.1.1 ip-netmask 192.168.1.1/24 set network profiles interface-management-profile Trust https yes set network profiles interface-management-profile Trust ssh yes set network profiles interface-management-profile Trust snmp yes set network profiles interface-management-profile Trust ping yes set network interface vlan units vlan.100...
Continue reading →

Understanding Deduplication in Tap Aggregation (NPB)

  Contents1) What is deduplication ?2) Hardware impacts the Deduplication performance2.1) Processing performance2.2) Hardware tables 2.3) Why do hardware table size matter?2.4) Conclusion on the impact of hardware on deduplication 3) You might need duplicates4) SPAN/Mirroring: 5) How to configure SPAN/Mirroring to avoid duplicates? 5.1) Selecting the ports and direction yourself rather than getting unknown origin 5.2) Filtering mirrored traffic 6) How to save bandwidth and storage space?  6.1) Storage deduplication 6.2) Keeping full visibility of all packets while saving space with slicing 6.3) Filtering7) How to deduplicate on the capture tool (instead of on the Tap Aggregator) 7.1) Software Analyzer 7.2) NIC  8) Conclusion 1) What is deduplication ? Deduplication in the context of packet broker networks (Tap Aggregation)...
Continue reading →

Using vEOS with Vagrant and VirtualBox

Beginning with EOS 4.15.2F, vEOS is available as a Vagrant box for VirtualBox.  This single-file VM package makes it one of the fastest ways to get started with vEOS and is ideal for testing in automated environments.  Multiple VMs may be defined within a single Vagrantfile, including non-vEOS VMs, allowing an entire topology to be defined in a single file.  A customized Vagrantfile, checked in to revision control, is an effective way for multiple users to consistently recreate a complete environment. Prior to EOS 4.15.2F, the vEOS vmdk and Aboot.iso files can be converted to a Vagrant box by following the directions...
Continue reading →

How Rapid Spanning Tree Protocol (RSTP) Handles Topology Changes

For this exploration I’m using Arista’s Virtual Extensible Operating System (vEOS) version 4.15.0F running in GNS3(Which is pretty awesome).  The virtual switches have been configured in rapid-pvst mode. Here is the topology: EtherSwitches have been added only to capture traffic off of monitoring sessions set up on Switch1 and Switch2 to look at in Wireshark.  The Ubuntu server can be ignored for the purposes of this blog entry. Only VLAN 1 is present on all switches and Switch1 is configured to be the primary root, while Switch2 is configured to be the secondary. Here’s the current state of the network:...
Continue reading →