Why Java APIs and Industry-Standard CLIs are Different

In the past few years, the tech industry has watched with increasing concern as various entrenched participants have brandished copyright law as a weapon to stifle competition and innovation. Recently, we have been treated to yet another novel claim: that after over a decade of broad adoption, the industry-standard set of commands that a user types into a command line interface (or CLI) to configure a network device is subject to copyright. This startling claim raises many questions, but today I want to address one in particular: What effect, if any, does the recent decision in Oracle v. Google have...
Continue reading →

Arista 7280R Series 40G/100G systems Multi-Speed Port Configuration

ContentsOverviewWhat are the 7280R SeriesFlexible Port Combinations7280QR-C727280QRA-C36S Overview In high performance leaf and spine networks the Arista 7280R Series enables a high level of flexibility with a common consistent architecture, with a choice of 1RU and 2RU fixed systems, 10G to 100G interface speeds and port density up to 72 ports of 40G and 60 ports of 100G. The 7280R Series include the ability for enabling multiple speeds on QSFP ports, with a per interface configuration that is optimized for the maximum overall system flexibility. On some members of the 7280R Series to maximise the total system port count, and...
Continue reading →

vEOS Router Architecture

One of the benefits of the vEOS router is that it runs the same code as normal EOS, but in a virtual machine instead of on a hardware switch. Thanks to the EOS’s modular architecture, supporting a virtual machine instance is as simple as adding different agents to the system to accommodate the virtual network drivers. In this post, I describe how the different virtual networking options work with vEOS both on a server and in the cloud. Then I will explore some of the differences between vEOS router, vEOS-lab, and EOS on a hardware switch. For more information on...
Continue reading →

How to install EVE-NG and add Arista vEOS and CloudVision

ContentsIntroductionDeploy EVE-NG from an OVA file in VMWare ESXi 6.5Bare-metal install EVE-NG on Ubuntu (skip if deploying OVF file)EVE-NG Wizard for base configurationPrepare EVE-NG for the use of vEOS-lab switch-imagesPrepare EVE-NG for the use of CloudVision-imagesTest EVE-NG with the new Arista vEOS and CloudVision images Introduction EVE-NG is a client-less multivendor network emulation software that empowers network and security professionals with huge opportunities in the networking world. Arista vEOS and Arista CloudVision together with the new EVE-NG platform is ready for today’s requirements. It allows customers to create virtual proof of concepts, solutions and training environments. This small guide explains...
Continue reading →

Deploy Arista vEOS-lab 4.19.0F (VirtualBox, VM Workstation, VM Fusion, vCenter 6.5)

How to deploy Arista vEOS-lab 4.19.0F     ContentsSummaryVirtualBoxVM WorkstationVMware vCenter 6.5VM Fusion Summary   One great way to test drive an Arista switch is to download the free vm of the switch called vEOS-lab. This is the actual OS used on physical switches, but in a vmdk format that can be deployed on major hypervisors from VMware ESXi, vCenter, VM Workstation, VM Fusion, and VirtualBox. Because of the wide variety of hypervisors on the market, Arista has deploy this vm as a vmdk. The second file required is the Aboot iso. These files are uploaded as IDE devices onto...
Continue reading →

WinSCP with Arista Switches

WinSCP with Arista Switches ContentsSummaryStep 1 – Create a user account with Priv 15Step 2 – Skip User ModeStep 3 – Change Shell to bashConclusion Summary WinSCP is a popular tool for quickly uploading and downloading files between hosts. On a Linux or Mac, scp is a CLI tool already built in and can be invoked by using the scp command. However, unlike Linux and Mac, there is no native CLI for scp on Windows.   One tool that can be installed is pscp.exe from the guys who brought you PuTTY, found here. This post will go over the WinSCP,...
Continue reading →

Arista Hybrid Cloud – IPSec between vEOS Router and Linux

This document provides the steps and running configuration for setting up an IPsec connection between vEOS Router and a Linux Compute Node instance in AWS. On the Linux Compute Node Install Strongswan You might have to enable epel repository for yum on AWS. (https://aws.amazon.com/premiumsupport/knowledge-center/ec2-enable-epel/) yum install strongswan   Create a GRE tunnel on the machine ip tunnel add tun0 mode gre remote <ip addr on veos et> local <ip addr on client eth> ip link set tun0 up ip addr add <ip addr> dev  tun0 ip route add <prefix> dev tun0   In /etc/strongswan/ipsec.conf, add the configuration for the Ipsec...
Continue reading →

CloudVision Portal RESTful API Client

Arista Cloudvision® Portal (CVP) provides a central point of management for Arista network switches through shared snippets of configuration (configlets) enabling Network Engineers to provision the network more consistently and efficiently. While CVP highlights a graphical user interface for configuration and management of devices, it also includes a full-featured RESTful API that provides all of the same functionality available via the GUI which can be used to automate workflows and integrate with other tools. CVPRAC is a wrapper client for CVP’s RESTful APIs which greatly simplifies usage of the API and more elegantly handles the connections to the CVP nodes....
Continue reading →

CVP APIs: A Non-Programmer’s Guide

Contents1. What are CVP APIs?2. Why are CVP APIs useful?3. How are CVP APIs used?4. Which approach of using the CVP APIs is best?5. What information is actually exchanged when using CVP APIs?6. What CVP API documentation exists?6.1 What documentation gives an overview of all the APIs?6.2 What documentation exists for using the Python CVP REST API client?6.3 What documentation exists about the underlying CVP implementation?7. What do some illustrative examples look like?7.1 What is the Python with requests library implementation?7.2 What is the Python with CVPRAC implementation?8. What are some recommended first steps in actually getting started using the...
Continue reading →

Configure Linux or Microsoft DHCP Server for ZTP using CloudVision

Configure Linux or Microsoft DHCP for ZTP using CloudVision   ContentsSummaryLinux DHCP StepsStep 1 – Edit the DHCPD.CONF fileStep 2 – Option 3 Router and DHCP Relay ConfigStep 3 – Enable the DHCP ScopeStep 4 – Optional – Static DHCP MappingsStep 5 – Optional – Multiple DHCP Subnets on CloudVision ServerStep 6 – Optional – Vendor Class ID Code OptionStep 7 – Configure the ZTP switch in CloudVisionZero Touch Replacement and CloudVisionStep 1 – Initiate ZTRStep 2 – Execute the Pending TaskConfiguring Microsoft Windows DHCP ServerConclusion Summary One of the many features CloudVision offers along with Configuration management, image management,...
Continue reading →

Demo: CloudVision skill for Amazon Alexa

Great APIs accelerate development of new applications and integration with existing tools and services. Check out the sample CloudVision skill for Amazon Alexa that the EOS+ Consulting Services team put together one afternoon! Please share and use the comments to tell us about other integrations that you would find interesting and useful!

Common Issues When Deploying CVX 4.18.2F on vCenter 6 or 6.5

Common Issues When Deploying CVX 4.18.2F on vCenter 6 or 6.5  ContentsSummaryCVX Deployment InstructionsReceived an “OVF package is invalid and cannot be deployed” when using an OVF method of installation VM keeps rebooting, showing “This is not a bootable disk. Please insert a bootable floppy and press any key to try again..Conclusion Summary   This article will go over how to install CVX on a vCenter 6 appliance. Starting from vCenter 6, there was a change in the OVFTool built into vCenter that changes the SHA hashing algorithm from 1 to 256. There is also an issue with 6.5 where it...
Continue reading →

Using dynamic Ansible inventories to manage CloudVision switches.

ContentsAnsible Dynamic libraries with CloudVision  SummaryCloud vision API Please copy the following files from CVP to you’re Python library files before moving forward. Python script CVP Implementation  Ansible Dynamic libraries with CloudVision  The common question when talking with customers about CloudVision is are we able to also use a configuration management tool such as Ansible along with CloudVision?  You can use CVP and Ansible to both manage your Arista devices.  This is a guide to dynamically pull CloudVision for its devices and automatically have Ansible use those CVP managed devices.  Arista has supported Ansible EOS modules for quite some time and are still innovating on...
Continue reading →

Alias – Simple yet powerful

Alias – Simple yet powerful About: Alias mySimpleAlias <a maybe complicated command you would never remember> Alias commands can be composed of multiple lines and embed variables. Below is an example of alias used as configuration template for automating configuration with just few arguments. Sunch template can satisfy complex configurations and be highly reusable. This high-level scripting or command bundling is simple to implement yet powerful. The below example is a multi-line alias with variables (%<x>) alias set-baremetal !! Syntax : set-baremetal <INTF> <Po ID> <DESCR> <VLAN> !! Example: set-baremetal e1,2 po1 “To Server 42” 200 10 config 20 interface...
Continue reading →

Changing the switchport default mode

By default all ports on an Arista switch are configured to be switch ports, as you would expect. If you are mostly dealing with routed ports, this behaviour may not be totally desirable. Starting in EOS-4.18.0, this behaviour is configurable e.g. we can have all interfaces in routed mode by default. switch1...11:10:56(config)#show run int et 1-4interface Ethernet1interface Ethernet2interface Ethernet3interface Ethernet4switch1...11:11:00(config)#show interface Et1-4 switchport | i Name|Switchport:Name: Et1Switchport: EnabledName: Et2Switchport: EnabledName: Et3Switchport: EnabledName: Et4Switchport: Enabled To change the default, simply issue the configuration command switchport default mode routed As you can see, all interfaces are now in routed mode by default:...
Continue reading →

VM Tracer configuration on a layer 2 switch

Introduction There are many network architectures, which include a separate network for out-of-band management. All Arista switches come with at least one designated management interface that is VRF-aware. When VM Tracer is configured on an Arista switch, by default, vCenter communication will be sourced from the management interface. There are situations where a layer 2 switch has the management interface configured in a separate VRF, not reachable from the vCenter network segment.  Objective Create reachability to vCenter from layer 2 switches that have the management interface configured in a separate VRF, not reachable from the vCenter network segment.  Prerequisites Proper VM Tracer configuration...
Continue reading →

Export CVP Functionality to Ansible

In some network environments there is a separation of responsibility for the network infrastructure and the server side equipment. In these environments, different groups responsible for managing different equipment could use different tools for the job. This guide will discuss one of the several options for integrating Arista’s network management tool, CloudVision Portal (CVP), into an Ansible environment. ContentsSummaryImplementationNetwork TeamServer TeamExample playbook and setup Summary In this example, the environment uses Ansible as the configuration management tool for server provisioning but uses CVP for network management. The environment is set up to allow the server team to provision top of...
Continue reading →

Leveraging CVP Telemetry and ZTP in an Ansible Environment

This guide will discuss one of several options for integrating Arista’s network management tool, CloudVision Portal (CVP), into an Ansible environment. ContentsSummaryImplementationScripts and Config fileScript 1: Initial Provisioning scriptScript 2: Ansible Handoff scriptConfig file: config.ymlExample Summary In data center environments where Ansible is used for configuration management of all devices including networking equipment, the network operations team may want to leverage the telemetry and Zero Touch Provisioning (ZTP) functionality provided by the CloudVision Portal product. In this example, CVP will be used for ZTP, image upgrades, and telemetry while Ansible will be used to manage the switch configuration directly. Documentation...
Continue reading →

Analyzing Packet Header Timestamps in Wireshark

ContentsArista Packet Header TimestampsHeader FormatLua in WiresharkThe Timestamp Dissector Loading the dissector Arista Packet Header Timestamps EOS 4.18.1F added header time stamping of all packets received on any tap interface in Tap Aggregation mode on the 7500/7280E and 7500/7280R. Full details on the implementation can be found in the feature’s TOI: https://eos.arista.com/eos-4-18-1f/tap-aggregation-ingress-header-time-stamping/ Since the timestamp is a new ethernet header, Wireshark doesn’t yet have a built in dissector for the protocol. We can write a dissector in Lua to do this for us. Header Format First we need to understand the new header format. The timestamp header is a new Ethernet/L2 header...
Continue reading →

Managing EOS configuration with Puppet and Templates

Availability, stability, and effort (time) to complete maintenance are key factors for network management. Taking advantage of automated configuration management tools such as Puppet enable network engineers to ensure consistency in configurations, test changes before applying them to production networks, and multiply their effort when making changes that touch multiple devices. Puppet is a versatile tool which can require a ramp up period. However, there are significant long-term benefits when multiple organizations (server, application, etc.) within your company share the same tool set and knowledge. The introduction of the eos_switchconfig Puppet resource type to the EOS module eases the transition for...
Continue reading →

Graphing Arista EOS with Grafana,Telegraf and influxDB

ContentsIntroRequirementsInstall influxDB Install GrafanaInstall Telegraf on EOS Grafana Dashboard Intro Arista devices leverage the Extensible Operating System(EOS): at the core of every Arista devices lies an unmodified Linux Kernel running a distribution of Fedora Core Linux.  Therefore, EOS devices behavior very similarly to Linux servers.  For a very long time Linux administrators have used a process on each Linux server to send metrics to a external data base and observe those metrics with a graphing tool. Since EOS is Linux-based, we are able to run the same collector agents on a Arista EOS device to collect metrics. This post will be a bit elaborate in...
Continue reading →

CloudVision Automated snapshot using Cloudvision API

ContentsPurposePrerequisitesStepsStep 1 – Create a snapshot templateStep 2 – Write a python script to perform Snapshot operation Step 3 – Create a cron job (Supported in Linux/Unix/Mac OS)Step 4 – Check the automated Snapshots on the GUI Appendix Further Reading Purpose The purpose of this document is to build an automated task to create container based snapshots using the CloudVision API along with a scheduled cron job from any reachable Unix/Linux/Mac server. This script will come in handy to compare network status/configuration of your entire network by taking snapshot on a predefined schedule and can be modified if an administrator’s requirements change....
Continue reading →

Arista Data Center Interconnect Solutions – Next-Generation 7500R 200G Coherent DWDM Platform

Introduction The latest smartphone app, mobile game, instant messaging tool or video sharing site hits the media, and all of a sudden everyone over the age of 20 discovers what the under-20’s have known for a while and download, install, use and share it. This trend repeats and repeats. This is the modern world of mobile, cloud networks and mega-scale datacenters. Keeping up with the latest trends is not just a problem for those old enough to remember texting with numeric keypads but also for the operators of these datacenters.   More content, in more locations and at significantly faster...
Continue reading →

Datacenter Deployment Automated

Planning Methodology There is a lot of talk about automation in the datacenter which indeed saves time but a lot of effort still goes into planning. After all, failing to plan is planning to fail. I needed a way to start automating some of the planning and repetitive tasks needed for deploying the same blueprint across various sites. One of the bigger tasks is the IP Plan and making sure that the correct IP’s get used in configurations. Additionally making sure that the same methodology gets used on different sites. Initially, I set out to use a very nice utility...
Continue reading →

Interface Errors Explained

“show interface” is one of the more common commands that every network engineer uses. However, sometimes it’s not always clear what some of the displayed interface-level errors mean. This article explains some of the more common errors, their meaning, and possible causes. SymbolErrors * device receives invalid symbols in the frame * points to physical problems Alignment Errors – both conditions must be met: * The number of bits received is an odd byte count * The frame has a Frame Check Sequence (FCS) error * points to MAC layer or physical problems FCS Errors = frames failing FCS check...
Continue reading →

Using Jinja Templates on CVP

ContentsWhy use Jinja?Usage of Jinja2 on CVPDigging deep into the example.py scriptRendering information into templatesNotes to remember Why use Jinja? Jinja2 is a user-friendly template engine for Python. It is easy to learn and use, and also fast – as a result, a lot of developers use it these days. It is easy to model since its syntax is quite similar to Python; debugging is easy, in fact quite similar to Python’s debugging capabilities. To install Jinja, download Jinja2 from https://pypi.python.org/pypi/Jinja2 and install it in the /cvp/pythonlab/Lib folder. Usage of Jinja2 on CVP In CVP, we have the facility of...
Continue reading →

Using an SFP/SFP+ transceiver in a QSFP+/QSFP100 port

Introduction Situations may arise where a QSFP+ or QSFP100 (QSFP28) port must be utilized by an SFP+ or SFP adapter. Mellanox has a physical adapter (P/N: MAM1Q00A-QSA). This adapter is a physical cage that fits into a QSFP port and has an opening that fits an SFP or SFP+ transceiver. NOTE: Specific hardware used in this exercise: DCS-7150S-64-CL-R, Software image version: 4.17.3F. You should check the release notes for your version of EOS and model hardware to insure support. Currently, this adapter is tested with SFP (1G) or SFP+(10G) —  (not SFP28/25G). Objective An SFP+ or SFP transceiver can be fit...
Continue reading →

VXLAN: security recommendations

ContentsAbstractIntroductionVXLAN backgroundVXLAN implementation optionsFlood listMulticast groupVXLAN Control Service on CVXBGP EVPNSecurity threats and mitigation techniquesAttacks from underlay networksAttacks from overlay networksMac-floodingMAC-flooding in flood list type of configuration for VXLANMAC-flooding in multicast group, CVX, BGP EVPN types of VXLAN configurationMAC-address spoofingMAC-address spoofing in flood list and type of VXLAN configurationMAC-address spoofing in multicast group VXLAN configurationMAC-address spoofing in CVX type of VXLAN configurationMAC-address spoofing in BGP EVPN type of VXLAN configurationARP spoofingUDP floodingTCP SYN attacksBGP as a control plane and its securityScalability considerationsRegistering rogue VTEP on VXLAN controllerEnd-to-End securityConclusionResources Abstract This document provides recommendations that are advised to implement in order to increase...
Continue reading →

Arista 7280QR-C36 Load Balancing Optimization for Dual Homed Systems and Networks

ContentsArista 7280QR-C36 Optimized Internal Load-balancingBest practice recommendations:Changing load-balancing mode on DCS-7280QR-C36For ECMP:For LAG:Summary Arista 7280QR-C36  The Arista DCS-7280QR-C36 switch is a purpose built flexible fixed configuration 1RU system capable of supporting a wide range of interface choices. Its designed for the highest performance environments such as IP Storage, Content Delivery Networks, Data Center Interconnect and IP Peering. The 7280QR-C36 is optimized for environments with dual connected nodes such as storage and for spine applications with dual homed leaf switches. This technical application note describes the internal optimized load-balancing mechanism used within the switch and how network architects can best deploy this...
Continue reading →

Load Balancing with ECMP: Hardware Configuration Lookup

ContentsAbstract:Initial configuration:Question:Recursive lookup for the actual path:Conclusion:Useful commands: Abstract: This publication illustrates a technique which can be used to find exactly how Arista devices program routes to send traffic across multiple available paths. An example will be given on the Arista DCS-7150S-52-CL-R running EOS version 4.14.8M. Initial configuration: As an IGP we are using OSPF with maximum paths feature configured: Arista(config)#router ospf 1 Arista(config-router-ospf)#maximum-paths 32 There are two iBGP peers configured via a peer-group “pg1”: Arista(config)#router bgp 65001 Arista(config-router-bgp)#neighbor pg1 maximum-routes 16000 Arista(config-router-bgp)#neighbor 172.20.18.49 peer-group pg1 Arista(config-router-bgp)#neighbor 172.20.18.121 peer-group pg1 iBGP advertisements: * >   10.82.2.32/27       172.20.16.143    0  ...
Continue reading →

MBR (Multicast Border Router)

Intro Enabling PIM MBR on an interface (where we don’t have an upstream PIM neighbor) will allow multicast traffic from remote sources that are outside of our PIM domain to be treated as locally connected sources. We typically see this scenario when we are receiving multicast feeds from a remote Exchange and a PIM neighbourship is not established on our upstream links. In the current PIM implementation (EOS 4.14.0F and later) EOS will drop multicast traffic that is not considered to be locally connected by default and we need to configure MBR to allow this multicast data. In the interfaces...
Continue reading →

Installing EOS hot fixes with CloudVision Portal

Installing hotfixes via CloudVision Portal   One of the major strengths of EOS is the open nature of the operating system.  By being able to add software to Arista switches, one can extend the capabilities of the operating system (that’s where the ‘E’ in EOS comes from after all).  One scenario where this is perhaps most beneficial is in the realm of security updates.  The majority of security updates to Arista’s operating system are initially delivered in the form of an extension prior to rolling the update into a new release of EOS.  There are some clear advantages to this method...
Continue reading →

Understanding EOS Software Download Options

This post is to help explain the different Software Download options for a particular EOS release. For recommendations on which train or version of EOS you should use, please take a look at our Software Lifecycle, and Recommended Release pages. This advice only concerns images located in the Active and Support Only Releases folder. Images from the Other Releases and EFT folders are not for general use. Those releases are available only for specific deployments, and should only be used when specifically recommended by Arista. In this case, I’m taking a look at EOS-4.17.1F and you can see from the...
Continue reading →

Common AAA Requirements

This article describes sample configuration for most common AAA requirements. It covers default behavior of EOS and a basic configuration guide with respect to Authentication and Authorization through local, RADIUS and TACACS+. The article also includes sample TACACS+ config files and RADIUS dictionary files. ContentsAuthenticationSSH AuthenticationConsole AuthenticationAuthorization Authorization execLocal role based command authorizationAuthorization through RADIUS Authorization through TACACS+Console AuthorizationRemoving admin credentials AAA Fallback Debugging CommandsAdditional Reading Authentication SSH Authentication To have users locally authenticated, configure by entering the command: Arista(config)#aaa authentication login default local Other methods available are TACACS+ and RADIUS. Console Authentication By default console login will derive authentication method from the...
Continue reading →

Troubleshooting Multicast packets to CPU

ContentsOverviewTopologyScenarios1. Unsolicited traffic2. Multicast TTL == 13. Traffic received on OIL4. No Route to the RP or back to FHR Overview This article covers different scenarios where undesirable multicast traffic can be punted to CPU.   Topology   Scenarios 1. Unsolicited traffic When the switch receives multicast traffic, there are two main checks made: 1.Is the source locally connected (i.e. is the source IP of the traffic in the same subnet as the IIF) OR 2. Is there a valid mroute state for the S,G If neither or the above apply, the multicast data traffic will be punted to CPU...
Continue reading →

Arista EOS Hardening Guide

ContentsIntroductionGeneral Security PrinciplesMonitor Security Advisories and ResponsesLog Collection and MonitoringEOS binary distributionEOS core OSThe internal process treeEOS servicesThe Control Plane ACLA sample of the default CP ACLA sample of the default CP policy mapVLAN ManagementTrunk configurationDevice AccessPassword ManagementFIPS restrictionsUser Role ManagementConsole AccessEmergency Console AccessManagement InterfaceTACACS+/RADIUSAuthentication, Authorization, and AccountingLogin BannerNetwork Time ProtocolDNS ConfigurationLoggingSNMP AccessRouting ProtocolsIGP Routing ProtocolsBGP Routing ProtocolThe default system security configurationSupported Management and Security Features Frequent QuestionsTips & Tricks:SSH tunnels Introduction This document is provided as a template to securing Arista devices. Configurations alone are not able to completely secure a network. Due operational diligence including threat assessment and reaction...
Continue reading →

Running vEOS in GNS3 1.5

How to Run vEOS 4.16.6M in GNS3 1.5 ContentsIntroPrerequisitesRunning vEOS and GNS3 on a Windows machineRunning vEOS and GNS3 on a Mac OS X machineRunning vEOS and GNS3 locally on one box Running vEOS in VMware vSphere (without GNS3) Intro This document will go over how to install a vEOS vm instance on both your Windows 7 OS as well as Mac OS X. The steps are exactly the same between OSes. We will first start with Windows 7 installation and will then show a few screenshots on the Mac. Finally we will conclude this post by going over the...
Continue reading →

Installing CloudVision eXchange (CVX) on Ubuntu / KVM

ContentsIntroductionInstallation ProcedureInstall StepsPython XML Creation Script – generateXmlForKvm.pyInput XML Template – kvmTemplate.xml Introduction This post is intended to give step-by-step instructions on how to install CVX on a KVM Hypervisor on Ubuntu LINUX. The Cloudvision Configuration Guide provides provides excellent instructions on configuring CVX after the install process is complete. You can also browse to the guide via the Support > Product Documentation pages on arista.com. Basic familiarity with Linux is needed in order to complete this task. Installation Procedure Refer to Section 1.1 of the Cloudvision Configuration Guide for host system requirements. Install Steps Download the Aboot and EOS software from https://www.arista.com/en/support/software-download. (CVX is really just an instance of EOS...
Continue reading →

VMTracer Visibility and Call Flows

ContentsIntroductionQuick Configuration Notes:VMTracer Call FlowVMTracer Visibility for the Network OperatorAutomationFurther Reading Introduction Arista EOS has been supporting the VMTracer feature since vSphere 4.0 was introduced and continues to support the latest version.  The EOS User Manual (found for various releases at https://www.arista.com/en/support/software-download) provides a very good description and background to the feature along with configuration details.  This technical note adds additional call flow information to better understand the feature and the network visibility it provides to operators, as well covering NSX-V visibility details. To set the baseline, the VMTracer logical diagram from the User Manual is redrawn here: This diagram shows...
Continue reading →

Using and Customizing Arista EOS Roles for Ansible

The Ansible automation framework includes functionality defined as a role – a means of grouping playbook tasks, handlers, and variable files to help simplify the process of working with large playbooks, as well as reusing playbook information for multiple configurations. This article will describe the use of Arista EOS Roles for Ansible, beginning with a basic overview of Ansible Roles, then installing and working with Arista EOS roles, and concluding with a more in-depth look at customizing those roles for your specific needs. ContentsThe BasicsAnsible RolesArista EOS Roles for AnsibleRole InstallationRole UsageRole CustomizationBasic Structure of a RoleCustomizing an Arista EOS Role for...
Continue reading →

An Introduction to the Golang eAPI

ContentsIntroductionInstallationConfigurationUsing GoeapiSummary Introduction Since the release of Arista EOS Command API (eAPI) many have grown to appreciate its stability and easy-to-use syntax which allow applications or scripts complete programmatic control over EOS. Development of applications that interface with your Arista device for the purpose of configuration or monitoring is simple and fairly straight forward. With a little knowledge of Python, Perl, Ruby, or your favorite language of choice, and familiarity with the underlying transport mechanism (JSON-RPC), it’s easy to write some custom functionality to help with deployments, provisioning, configurations and many other things.  Arista has continued its ongoing effort to...
Continue reading →

A comparison of virtual ip commands

ContentsThe ‘ip virtual-router’ commandHow does the host resolve ARP for the default gateway/vIP?How do the switches resolve ARP for the host?The ‘ip virtual-router’ command with maskHow does the host resolve ARP for the default gateway/vIP?How do the switches resolve ARP for the host?ARP syncThe ‘ip address virtual’ commandHow does the host resolve ARP for the default gateway/vIP?How do the switches resolve ARP for the host?ARP syncSuggested reading The ‘ip virtual-router’ command Switch1:   Switch1(config)#interface vlan 10   Switch1(config-if-Vl10)#ip address 10.0.0.2/24   Switch1(config-if-Vl10)#ip virtual-router address 10.0.0.1   Switch1(config)#ip virtual-router mac-address 00:1c:73:00:00:99 Switch2:   Switch2(config)#interface vlan 10   Switch2(config-if-Vl10)#ip address 10.0.0.3/24   Switch2(config-if-Vl10)#ip virtual-router address 10.0.0.1   Switch2(config)#ip virtual-router mac-address...
Continue reading →

Arista + Ansible – Getting Started

The Ansible 2.1 release made it easier than ever to manage Arista switches.  The following article describes how to leverage Ansible for EOS configuration management. The Basics If you’re brand new to Ansible, it might be helpful to take a spin through their Overview and Getting Started just to familiarize yourself with some of the basic concepts. The Ansible documentation has a great introduction to Ansible for Networking – definitely check it out before reading on. EOS Modules  Ansible modules do all of the heavy-lifting, and there’s a module to do just about anything you could possible think of, from copying a...
Continue reading →

Troubleshooting congestion – Investigating and taking corrective steps

  Contents1) Introduction2) MeasuringMeasuring your baselineMeasuring your maximum stress capacityConclusion on metrics3) Application behaviour and causesTCP Retransmits  Application / Storage LatencyTCP behavior4) Flow-Control / PFCChoices: QoS, FC, PFC5) Buffer management and Queues usageQoS to classify traffic and use more queues in the systemQoS classification – Configuration exampleHow to implement Buffer management:Conclusion 1) Introduction Congestion might not be obvious, it can be discovered reactively in disastrous situations, or proactively by collecting statistics off equipment and investigating symptoms demonstrated by the applications and systems.   Deep buffers on switches is a blanket and effortless solution to the problem, but it might not be...
Continue reading →

MLAG ISSU

ContentsOverviewMLAG considerations before upgradeI. Check for configuration inconsistencies II. Resolve ISSU warningsIII. Choose the correct upgrade code pathUpgrade Procedure Overview MLAG ISSU (In-Service Software Upgrade) upgrades EOS software on one MLAG peer with minimal traffic disruptions on active MLAG interfaces and without changing the network topology. Note: Traffic impact could be seen for orphan links, active partial links and packets in flight   MLAG considerations before upgrade   I. Check for configuration inconsistencies Following features should be configured consistently on each switch: VLANs Switchport configuration on port channel interfaces that are configured with an MLAG ID STP configuration (global) In EOS...
Continue reading →

Valid Python Scripts may fail in OS X ‘El Capitan’

Python scripts can be run on OS X using eAPI to access Arista Switches or vEOS instances. Python Scripts can also be run on OS X to automate the installation of vEOS: (https://github.com/arista-eosplus/packer-veos). After installing or upgrading to OSX ‘El Capitan’ (OS X version 10.11.5) Python Scripts that previously worked fine under earlier versions of OS X or work on other operating systems may fail. This is evident when making a Python Script executable after issuing the chmod +x command.  This is due to operating system changes Apple has introduced in ‘El Capitan’. Although, this problem may affect eAPI and...
Continue reading →

Deploying Virtual SAN Over L2/L3 Networks with Arista Networking Devices

This is a great posting from on how to deploy Virtual SANs over an Arista underlay networks with the actual switch configurations. Here is the video on how to automate the deployment of a VSAN infrastructure from the same blog – VMware Virtual SAN Stretched Cluster Automated Deployments with PowerCLI Thought our user community would benefit from these blog postings. Happy reading!    

Introduction to Managing EOS Devices – Memory Utilisation

A common question that users new to EOS have is concerning the high levels of memory utilisation seen on Arista switches (~70% utilised). Typically this is first flagged by the NMS and triggers a low memory warning or alarm. Unlike a traditional switching OS, EOS uses Linux page caching. Most free memory is used as a live cache and very low ‘free memory’  numbers are entirely normal, providing that enough memory is available from the buffers and cached memory for applications demanding more RAM. In this case, the OS is capable of freeing up memory from cache as processes demand it. Memory...
Continue reading →

Arista 7150 Series Hardware Based NAT For Unicast Traffic

Arista 7150 series switches use Intel’s Fulcrum FM6000 (code named ‘Alta’) ASIC for packet processing. The ASIC includes several features for IP header translation including Network Address Translation (NAT). In doing so, packets to be NAT’d are processed by the ASIC which is known as Hardware NAT rather than by CPU known as Software NAT. Hardware NAT provides much better scale and performance compared to Software NAT.  The 7150 series switches can provide 10/40Gbps line rate hardware based NAT  across all Ethernet ports at the same time. The number of available ports varies depending on the particular model – it...
Continue reading →