• Blog

 
 

Why Java APIs and Industry-Standard CLIs are Different

In the past few years, the tech industry has watched with increasing concern as various entrenched participants have brandished copyright law as a weapon to stifle competition and innovation. Recently, we have been treated to yet another novel claim: that after over a decade of broad adoption, the industry-standard set of commands that a user types into a command line interface (or CLI) to configure a network device is subject to copyright. This startling claim raises many questions, but today I want to address one in particular: What effect, if any, does the recent decision in Oracle v. Google have...
Continue reading →

CVP to K8s: full-scale production network simulation

Intro Network simulation environments have always been limited to a single compute node, which made the labbing of a full-scale production network an exercise in compromise and trade-offs. At the same time compute resources are cheap and abundant and modern application designs are making use of them by adopting meshed scale-out architectures, treating multiple hosts as a single pool of resources. In this post, we’ll see how (with just a few clicks*) we can build a replica of a real production network, orchestrated by Kubernetes based on information extracted from Arista’s CloudVision Portal (CVP). * Assuming all the prerequisites are met

CVP TIP – Encrypt local username passwords with Configlet Builder

Introduction   Arista CloudVision Portal (CVP) uses configlets to create configuration snippets for individual or groups of switches based on user selection. These configlets can be either static or dynamic. Static configlets include static EOS CLI configuration statements as if they were right on the switch configuration file. These configlets are used to create the full configuration for the network switches. An example of a static configlet in Arista CloudVision Portal: Below example is a static Arista EOS CLI configuration. These small pieces of configuration snippets can be applied as configlets in Network Provisioning view to selected device or devices....
Continue reading →

vEOS Router ECMP HA Deployment Guide in GCP

vEOS Router ECMP HA Deployment Guide in GCP ContentsIntroductionOverviewPrerequisitesTopologyStep-by-Step GuideCreate a VPCAdd a new SubnetCreating the vEOS topologyLaunch vEOS InstancesLaunch host VMsAdding Firewall RulesAdding Route Entries ( Internal VPC’s )Configuring High Availability( HA ) through GCPConfiguring vEOS Routers ( Ipsec and BGP )vEOS in the Public VPCvEOS in the Internal VPC Introduction In this document we demonstrate deployment of Arista vEOS Router in Google Cloud Platform  (GCP). Currently, vEOS Router on GCP doesn’t support Cloud HA. We will use GCP routes and priorities to support HA and ECMP. A vEOS Router can be used to create a virtual machine instance that...
Continue reading →

How to source Splunk Forwarder traffic from a Loopback Interface

The diagram below describes the use case: SWITCH1 has a Splunk Forwarder that needs to send traffic to SPLUNK at 10.0.0.10.  SWITCH2 is originating a default route via BGP. SWITCH1 is only advertising its Loopback0 interface into BGP.  The Splunk Forwarder CLI configuration does not currently support specifying a source interface, and in this scenario this is a problem because SWITCH3 has no route to reach 192.168.255.0, which would be the source IP for any traffic that SWITCH1 sends to SPLUNK.  SWITCH3 does however have a route to SWITCH1’s Loopback0 interface. We verify this by pinging SPLUNK from SWITCH1 and...
Continue reading →

Using CloudVision Portal to Manage Arista AnyCloud

ContentsIntroductionObjectiveTopologyCloudVision Network Provisioning StructureNetwork Provisioning ExampleImport vEOS Routers into CVPPre CVP 2018.2.0 ProcedureDevice Import for CVP 2018.2.0 +  ProcedurevEOS Router ConfigsTelemetry ViewsMonitoring the Control PlaneCloud TracerSummaryAppendix Introduction There are many advantages to using Arista’s vEOS Router and CloudVision Portal (CVP) in hybrid cloud environments. Among those advantages are: Arista EOS is a proven and stable network operating system used in some of the largest networks in the world. The same EOS that runs on our physical switches also runs in the public cloud. CloudVision Portal provides a common management model for network devices whether running in a customer’s private data...
Continue reading →

Data rate, FEC and auto-neg features of Arista’s 7020R series

Data rate, FEC and auto-neg features of Arista’s 7020R series The Arista 7020R Series, including the 7020SR, 7020TR and 7020TRA, are high performance 1RU fixed systems built for high density data center deployments.  The 7020SR provides SFP+ and QSFP100 ports, while the 7020TR / TRA provide 100M/1G RJ45 ports and SFP+ ports. The RJ45, SFP+ and QSFP100 ports on the 7020R series are capable of supporting a wide range of data rates, from 100M to 100G. Different FEC and auto-negotiation options are supported on the various ports. The range of port capabilities of the 7020R series are summarized in the...
Continue reading →

Enterprise Internet Routing

ContentsOverviewTerminologyPre RequisiteHardware Platform RequirementsArista Switch Models with Full Internet Routing Table SupportBGP OverviewDeployment DetailsReference DiagramConfigurationPrep Work (Reboot Required)Arista Router 1 ConfigurationArista Router 2 ConfigurationConfiguration NotesVerification CommandsAppendixBFDDealing with Port Flapping Overview The objective of this document is to cover the most common Enterprise Internet Routing use case. The information provided here is based on two Arista switches peering with two ISP’s (Internet Service Providers) for redundancy. There are many other valid deployment models that are not covered in this document. Terminology BGP – Border Gateway Protocol ISP – Internet Service Provider BGP Peering – a session between two BGP routers that...
Continue reading →

ClearPass TACACS+ Authorization with CVP

ClearPass TACACS+ Authorization with CVP Introduction The purpose of this article is to learn how to correctly set up the TACACS+ service in Aruba ClearPass in order to successfully authenticate on the CVP GUI as a network admin. Our goal is to configure ClearPass Policy Manager [CPPM] to send us the cvp-roles=network-admin attribute in the TACACS+ Authorization reply packet. By default this does not happen, because cvp-roles is a custom attribute that has to be added to the TACACS+ dictionary on any type of TACACS+ implementation. Without this, the default role of network-operator will be allocated to the user, that...
Continue reading →

Packets FAQs

Packets is a cloud based network analysis and visual troubleshooting tool. Here are a few frequently asked questions and useful tips.   What file formats are supported? Captures with the formats – .pcap, .cap, .wcap, .pkt and .pcapng – are supported. Both wireless and wire-side captures are supported.   How do I capture the packets on my network? You can use tools like Wireshark to capture packets on your network. If you are on Mac, you can install AirTool or use Wireless Diagnostics.   What other tools can be integrated with Packets? AirTool users can upload traces from AirTool directly...
Continue reading →

Getting Started With Packets

  Packets is a cloud based network analysis and visual troubleshooting tool. The workflow is pretty simple and straightforward. Here is a quick guide to get you started with the tool.       Uploading A Tracefile On login you will be presented with the Home page as shown below. The Home Page allows you upload new traces or to manage already uploaded traces.   To upload a new trace, simply drag and drop it in the section marked as ‘Drag Your Traces Here’ or you can also click on the ‘Select Files’ text to browse and select a file...
Continue reading →

Layer 2 Data Center Interconnect – Reference Designs

ContentsIntroductionDesign 1: Multi-domain OverlayDesign 2: Single-domain Overlay2.1. End to End EVPN2.2. CVX + EVPN Comparison of the two designsResources Introduction VxLAN is a popular choice for extending Layer 2 both intra and inter DC using overlays. Arista offers multiple control plane choices for VxLAN: Static HER, CVX and EVPN. In this article, two approaches to designing a L2 DCI over a L3 underlay are discussed. High-level technical details of each design approach is described first, followed by a comparison of the two options along with their typical use cases. Design 1: Multi-domain Overlay In this design, two overlay domains are...
Continue reading →

Enabling eAPI on Multiple Devices using Netmiko

ContentsPrefaceModulesYAML FileCodeCompleted Code Preface In standard Arista deployments, one of the most powerful and common tools that will be used is the EOS API (eAPI). It is good practice to enable this on every initial deployment. One of the best ways to do this is via Zero Touch Provisioning (ZTP), but in some cases, ZTP is not an option. When this becomes the case, it can be easy to enable eAPI on all of your devices quickly through the use of the Python programming language and SSH (which is enabled by default on all Arista Switches). Throughout this document, we...
Continue reading →

Applying Hot Patches to EOS Software with CloudVision Portal

Maintaining a secure posture within any enterprise is a difficult task. This task can be particularly difficult on the network infrastructure due to a variety of reasons including software quality and network downtime availability. Arista’s unique software architecture has often enabled most security patches to be delivered as hot patches that can be applied to a live running system with low to no impact to the network dataplane eliminating some of the most difficult challenges with maintaining a secure software posture. The only challenge that remains is the effort required to distribute these software patches. In this article, we are...
Continue reading →

IPv4 & IPv6 MPLS VPN Configuration Guide

ContentsIPv4 and IPv6 VPN OverviewDiagramsIPv4 & IPv6 VPN Sample Topology OverviewConfiguring & Verifying the IP VPNs Appendix A:  Router Configurations. IPv4 and IPv6 VPN Overview   RFC 4364 allows for Service Providers and Enterprises to use their backbone infrastructure to provide the services to multiple such customers, or internal departments, while: Maintaining privacy Allowing for IP address overlap amongst customers Constrained route distribution – so that only the service provider routers which need the routes have them.   This is achieved through the usage of VRFs, Route Distinguishers and Route-Targets   The IPv4/IPv6 VPN Standard RFC 4364 does the following: Specifics...
Continue reading →

Writing your own webhook relay – sending event alerts to Discord

Writing your own webhook relay – sending event alerts to Discord   Introduction Starting from version 2018.2.0, CVP supports configuring event alerts, where receivers can be email, Slack, PagerDuty, webhooks and others. The purpose of this article is to demonstrate how easy it is to write your own webhook relay app that will forward alerts to your favorite webhook endpoint, in my case, a Discord channel. Discord is getting more and more popular, not only amongst gamers, but also lots of companies started to use it. I’ve been using it for a couple of years now, and it made sense...
Continue reading →

Deploy a Transit VPC with vEOS using IGW (Public IP)

Deploy a Transit VPC with vEOS using IGW (Public IP) fanyang@arista.com   This document focuses on the steps to build a Transit VPC solution using Internet Gateway (IGW) vs. VPC peering. There are certain advantages to use IGW as transport. This eliminate the limits on how many VPC peering can be created and gives customer a larger scale deployment. It also enables spoke VPCs to communicate with each other directly with one hop, which can potentially save data cost. Besides, even it’s public ip to public ip communication, if both IPs belong to AWS, AWS will route the traffic through...
Continue reading →

BGP Peering – Configuration Best Practices – Security and Manageability

      ContentsBGP Peering – Configuration Best PracticesSecurity and Manageability1) Introduction2) Arista EOS Security – General3) BGP Security – overviewBGP protocol TTLBGP connections to the control-planeAS-Path filteringPrefix filteringBGP protocol peer ASN4) BGP security with Prefix filteringGuidance on prefix-list for Arista EOSRoute-map hierarchy can helpBogons listsBogons lists to use on Arista EOS[short] source-seed.txt [short] standalone.cfg[full] seed_ipv4.txt, seed_ipv6.txt5) BGP connections to the control-plane5.a) Copy the default control-plane ACL5.b) Tune the new ACL to restrict BGP (and other protocols)5.c) Apply the new control-plane ACL6) Maximum accepted routes7) BGP authentication8) Improved Visibility8.1) BMP – BGP Monitoring Protocol8.2) Streaming8.3) SNMP9) BGP Convergence – BFD10) Additional Filtering10.1) Private...
Continue reading →

Traffic Generator on Arista

The following tools can be used to generate traffic on Arista switches for testing purposes :– Iperf – Ethxmit Both Iperf and Ethxmit tools are pre-installed on Arista switches and no additional configuration is required to use them.                                                                                                                              ...
Continue reading →

Traffic Engineering with Segment Routing and sFlow

ContentsIntroductionComponents7280R Series PlatformYaBGP ControllersFlow-RTTopologyTraffic EngineeringThe ScriptPushing a Common Segment ListIdentifying Top-talker Altering Traffic Path of Top-TalkerBGP Labeled Unicast (LU) ExampleReferences Introduction Segment Routing (SR) solves a number of issues the existing MPLS IP networks face. Among the many benefits of Segment Routing, Traffic Engineering is a key one. Based on live telemetry events, traffic can be steered intelligently across a network using MPLS label paths a.k.a segment lists. The example discussed in this article shows how you can leverage BGP SR policy to alter traffic paths based on sFlow telemetry data. An SR Policy, discussed in detail here, is identified using a...
Continue reading →

Monitoring some agent’s memory utilisation

  ContentsMonitoring some agent’s memory utilisation1) Introduction2) Check memory with EOS commands3) Monitor with telemetry4) Monitor with SNMP5) Check with Bash commands6) Remediation (last resort only)Credits Monitoring some agent’s memory utilisation   This article develops further https://eos.arista.com/introduction-to-managing-eos-devices-memory-utilisation/ authored by Colin MacGiollaEain to bring the context to a specific agent’s memory utilisation and how to remediate.   1) Introduction Monitoring the memory usage of specific EOS processes maybe useful to detect which features consume the control-plane resources, as a first step to clarify whether it is a normal behaviour or not. In abnormal circumstances the overall system may be running low on memory,...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: