Automating L2 EVPN instances deployment using CloudVision Portal

The intention of this article is to show how CloudVision Portal can be used to deploy L2 EVPN instances on one switch, or many switches, using CloudVision Portal configlet builder. The configlet builder example provided at GitHub Arista repo covers L2 EVPN deployments using MLAG, single interface, VLAN trunk, access VLAN, symmetric routing and asymmetric routing. The configlet builder example can be used on top of any EVPN underlay and overlay. Below is a step by step procedure is described to import and start to use the configlet builder in CloudVision Portal. 1. Download the configlet builder example at Arista...
Continue reading →

MLAG: Traffic flow for single-homed hosts

ContentsObjectiveIntroductionTraffic flowsBridged traffic within an MLAG domainFlow 1: Traffic sent to Leaf-1Flow 2: Traffic sent to Leaf-2Configuration considerationsRouted traffic within a leaf MLAG pairConfiguration considerationsBridged or routed traffic between racks in a Layer 2 Leaf-Spine fabricConfiguration considerations VXLAN bridged or routed traffic between racks in a Layer 3 Leaf-Spine fabricConfiguration considerations External controller integrated with the VXLAN Control Service (VCS)Design considerations Objective The objective of this document is to explain the traffic flows, best practice designs, and configuration details when single-homed devices are connected to an MLAG domain.  It is assumed that the reader is familiar with the concept of Leaf-Spine fabrics, MLAG, and...
Continue reading →

vEOS-Lab on Hyper-V

ContentsIntroductionPre-requisitesInstructionsStepsNote Introduction There are multiple ways to setup a vEOS-Lab environment if you have a linux system or on hypervisors such as VMware ESXi, vCenter, VM Workstation, VM Fusion, Virtualbox, etc using the vmdk provided in the Software downloads page. But if you have a Windows machine or a Windows server, the vmdk will not be useful. So here are the steps on how you can convert the vmdk to a  vhdx and create a vEOS VM on Hyper-V. Pre-requisites 1. Hyper-V Manager and Hyper-V 2. vEOS-Lab vmdk 3. Aboot ISO  Instructions Steps 1. Download the vEOS vmdk for the EOS...
Continue reading →

Multicast Fastdrops

Overview In IP multicast protocols, every (S,G) or (*,G) route is associated with an inbound RPF (reverse path forwarding) interface. Packets arriving on an interface not associated with the route may need CPU-dependent PIM processing, so packets received by non-RPF interfaces are sent to the CPU by default, causing heavy CPU processing loads. However, it is not necessary for multicast routing protocols to process subsequent non-RPF packets all the time. The CPU therefore updates the hardware MFIB with a fast-drop entry when it receives a non-RPF interface packet that PIM does not require. Additional packets that match the fast-drop entry are...
Continue reading →

Arista Salt integration

ContentsWhat is Salt?Salt High Speed Network BusSalt Terminology Salt Lab on Vagrant Accepting the Salt Keys from the Minions.Salt GrainsTargeting DevicesConfiguring a Device by Loading Config and Rendering Templates Salt StatesSalt ReactorsSlack Notifications and Reactors What is Salt? Salt is an event driven infrastructure management tool. It sounds really complex but it’s not. Salt is similar to most of the configuration tools that we use in our every day lives to configure infrastructure but there are many key differences in the way salt is architected. Salt is very unique as it has a ZeroMQ high speed messaging bus between the salt minions (in...
Continue reading →

Arista Any Cloud Platform – Security Use Case

ContentsIntroductionObjectivePrerequisitesTopologyConfigurationStep 1: Verify the two IPsec tunnels defined in the topology above are established prior to any changesStep 2: Create an AWS Internet Gateway and attach it to the Transit VPCStep 3: Add a default route to the AWS routing table for the Transit VPC, pointing to the newly created IGW Step 4: Create an AWS Elastic IP and associate it with the outside interface of the Palo Alto in the Transit VPCStep 5: Add a default route to the Palo Alto, pointing to the outside interfaceStep 6: Create a Redistribution Profile on the Palo Alto to redistribute the default route...
Continue reading →

Docker containers on Arista EOS

ContentsDocker on EOS Docker Networking  Docker Run time examples Running a load balancer on the switch with HAproxy   Docker on EOS  In this article we will talk about what is a container, how it is applicable to Arista EOS switches and pulling containers from a public or private repot to run on a Arista physical or virtual device.  A docker container is simply a way to abstract and decouple an application from a linux(and now windows) operating system to run as a process on a host machine with the bare minimum requirements.   Docker makes creating cloud portable applications extremely easy.  So a application...
Continue reading →

Creating A Multi-node vEOS Vagrant Enviroment

ContentsIntroductionPrerequisites InstructionsStep 1: Step 2:Notes: Introduction Beginning with EOS 4.15.2F, vEOS is available as a Vagrant box for VirtualBox. Vagrant is great whether you are simply getting started with vEOS or want to easily create a complex test environment.  With Vagrant, multiple VMs may be defined within a single ‘Vagrant file’, including non vEOS VMs allowing for an entire topology to be instantiated using a single file. For more info on Vagrant, check out their documentation.  This document will go through the details of how to use the predefined Vagrantfile shared below to instantiate a Spine&Leaf topology with vEOS. The topology that will be...
Continue reading →

Reversing The Airflow of a Running Switch

Occasionally customers have a switch in production that they need to change the airflow direction of e.g. from a front-to-rear (-F) to a rear-to-front (-R), or vice-versa, without shutting down the switch. The following procedure outlines the steps to follow in order to accomplish this. This procedure assumes that you already have the replacement fans and PSUs on hand and are ready to perform the swap. Start with the switch powered up, both power supplies powered and providing power to the switch. Gain access to the switch’s serial console to check status and run CLI commands as need be. Add...
Continue reading →

Using eAPI to Provide SNMP Extensions

EOS utilizes net-snmp which offers provisions to extend OIDs.  The following script leverages eAPI to gather OSPFv3 interface information and populates the SNMP ospfv3IfTable. The OSPFV3-MIB can be downloaded from here: http://www.oidview.com/mibs/0/OSPFV3-MIB.html #!/usr/bin/python -u # # Arista Networks, Inc. # # Script: ospfv3IfTable.py v1.6 # # This script populates the ospfv3IfTable via a net-snmp extension # # 1. Copy this script to /mnt/flash as ospfv3IfTable.py # # 2. Copy snmp_passpersist to /mnt/flash # https://github.com/nagius/snmp_passpersist # # 3. Enable management api (script uses a unix socket) # management api http-commands # protocol unix-socket # no shutdown # # 4. Configure snmp to...
Continue reading →

Using stunnel (TLS Proxy) to secure OpenFlow on EOS

Do you have an OpenFlow controller that supports communication channel encryption via TLS and you’d like to take advantage of that option with an Arista switch? No problem! Just follow these simple steps and in mere minutes you’ll have a secure TLS connection up and running. Just imagine the look of shock and amazement on the faces of your friends, family and coworkers as you extend the capabilities of your EOS powered switch in near real time! 1) Please download Stunnel from here: http://dl.fedoraproject.org/pub/archive/fedora/linux/releases/14/Fedora/i386/os/Packages/stunnel-4.33-1.fc14.i686.rpm   2) Copy it to flash on the switch: switch#copy scp://@//stunnel-4.33-1.fc14.i686.rpm flash:   3) Install the...
Continue reading →

Configure groups of interfaces based on description regex

A simple python eAPI script to find groups of interfaces to configure based on a regex match to interface descriptions. The most interesting part is that the script types out the “interface <list of matching interfaces>” command in an interactive manner as if the EOS CLI user typed it. The command is even saved in the command history. Give it a try!   1) Configure a command alias: alias intRegex bash sudo /mnt/flash/intRegex.py %1   2) Load the script in flash: #!/usr/bin/env python # # intRegex.py ver 1.12 # Arista Networks, Inc. import jsonrpclib, os, re, socket, sys, fcntl, termios...
Continue reading →

EVPN Configuration – Layer 2 EVPN design with Type-2 routes

ContentsIntroductionLeaf spine underlay architectureLayer 2 VPNsOverlay network – eBGP EVPN configurationOverlay network – Layer 2 VPN configurationNetwork load-balancing in the Overlay network Introduction This document describes the operation and configuration of BGP EVPN with a VXLAN forwarding plane, for the construction of multi-tenant Layer 2 networks, termed L2VPNs within this document, over a layer 3 leaf-spine network. The configuration and guidance within the document unless specifically noted are based on the platforms and EOS releases noted in the table below Platform Software Release 7050X Series EOS release 4.18.1 7050X2 series EOS release 4.18.1 7060X Series EOS release 4.18.1 7160 series...
Continue reading →

Automating CVX BugAlert Database Updates

Bug Alert Update Automation Intro Arista Networks released the Bug Alert feature as part of EOS 4.17.0F. Arista publishes a database in JSON format of bugs. This database is installed on the CloudVision Exchange (CVX) that provides NetDB services to your Universal Cloud Network. Using the included CLI a user can report on her environment for know bug exposures based on the actual configuration and EOS versions of the switches. This is indeed a powerful feature and in this article we will explain how to automate the updating of the Bug Alerts database with a simple script.   For more...
Continue reading →

Migrating from a VXLAN Controllerless implementation to a Cloud Vision eXchange (CVX) Controller

ContentsIntroductionLab DiagramCurrent Configuration with VXLAN Manual HERVerify and view current VXLAN interface configuration on L1 and L3.  Procedure for migrating to a CVX based controller with VCSMigration Steps Introduction This post is intended to give step-by-step instructions on how to migrate from a controllerless VXLAN implementation that is using manual Head End Replication (HER) with static flood lists to a controller based model using Cloud Vision eXchange (CVX) with VXLAN Control Services (VCS).  The order of the steps we are going perform in the migration section of this document were tested and found to cause the least amount of impact in terms...
Continue reading →

Arista Any Cloud Platform: Hybrid Cloud vEOS Router in AWS Deployment Guide

ContentsIntroductionOverviewPrerequisitesTopologyDeployment CriteriaAWS LoginVPC and its componentsCreate a VPCCreate Subnets within the VPCCreate and update Routing TablesCreate Internet Gateway for the VPCCreate VPC PeeringUpdate Security GroupsEC2 Instances and its ComponentsvEOS Router AMI image ProcurementCreate a Key PairCreate network interfaces for all the EC2 instancesInstantiate a vEOS Router instanceInstantiate a Linux instanceConfigure Elastic IP’s for vEOS Router instancesUpdate Routing TablesConnect to the vEOS Router instanceConclusionAppendix Introduction In this document we demonstrate deployment of Arista’s vEOS Router in Amazon Web Service (AWS).  Sections of this document have been set forth based on order of execution, hence it is pertinent that the order is...
Continue reading →

Arista 7280R Series 40G/100G systems Multi-Speed Port Configuration

ContentsOverviewWhat are the 7280R SeriesFlexible Port Combinations7280QR-C727280QRA-C36S Overview In high performance leaf and spine networks the Arista 7280R Series enables a high level of flexibility with a common consistent architecture, with a choice of 1RU and 2RU fixed systems, 10G to 100G interface speeds and port density up to 72 ports of 40G and 60 ports of 100G. The 7280R Series include the ability for enabling multiple speeds on QSFP ports, with a per interface configuration that is optimized for the maximum overall system flexibility. On some members of the 7280R Series to maximise the total system port count, and...
Continue reading →

Deploy Arista vEOS-lab 4.19.0F (VirtualBox, VM Workstation, VM Fusion, vCenter 6.5)

How to deploy Arista vEOS-lab 4.19.0F     ContentsSummaryVirtualBoxVM WorkstationVMware vCenter 6.5VM Fusion Summary   One great way to test drive an Arista switch is to download the free vm of the switch called vEOS-lab. This is the actual OS used on physical switches, but in a vmdk format that can be deployed on major hypervisors from VMware ESXi, vCenter, VM Workstation, VM Fusion, and VirtualBox. Because of the wide variety of hypervisors on the market, Arista has deploy this vm as a vmdk. The second file required is the Aboot iso. These files are uploaded as IDE devices onto...
Continue reading →

WinSCP with Arista Switches

WinSCP with Arista Switches ContentsSummaryStep 1 – Create a user account with Priv 15Step 2 – Skip User ModeStep 3 – Change Shell to bashConclusion Summary WinSCP is a popular tool for quickly uploading and downloading files between hosts. On a Linux or Mac, scp is a CLI tool already built in and can be invoked by using the scp command. However, unlike Linux and Mac, there is no native CLI for scp on Windows.   One tool that can be installed is pscp.exe from the guys who brought you PuTTY, found here. This post will go over the WinSCP,...
Continue reading →

Arista Hybrid Cloud – IPSec between vEOS Router and Linux

This document provides the steps and running configuration for setting up an IPsec connection between vEOS Router and a Linux Compute Node instance in AWS. On the Linux Compute Node Install Strongswan You might have to enable epel repository for yum on AWS. (https://aws.amazon.com/premiumsupport/knowledge-center/ec2-enable-epel/) yum install strongswan   Create a GRE tunnel on the machine ip tunnel add tun0 mode gre remote <ip addr on veos et> local <ip addr on client eth> ip link set tun0 up ip addr add <ip addr> dev  tun0 ip route add <prefix> dev tun0   In /etc/strongswan/ipsec.conf, add the configuration for the Ipsec...
Continue reading →