Changing the switchport default mode

By default all ports on an Arista switch are configured to be switch ports, as you would expect. If you are mostly dealing with routed ports, this behaviour may not be totally desirable. Starting in EOS-4.18.0, this behaviour is configurable e.g. we can have all interfaces in routed mode by default. switch1...11:10:56(config)#show run int et 1-4interface Ethernet1interface Ethernet2interface Ethernet3interface Ethernet4switch1...11:11:00(config)#show interface Et1-4 switchport | i Name|Switchport:Name: Et1Switchport: EnabledName: Et2Switchport: EnabledName: Et3Switchport: EnabledName: Et4Switchport: Enabled To change the default, simply issue the configuration command switchport default mode routed As you can see, all interfaces are now in routed mode by default:...
Continue reading →

VM Tracer configuration on a layer 2 switch

Introduction There are many network architectures, which include a separate network for out-of-band management. All Arista switches come with at least one designated management interface that is VRF-aware. When VM Tracer is configured on an Arista switch, by default, vCenter communication will be sourced from the management interface. There are situations where a layer 2 switch has the management interface configured in a separate VRF, not reachable from the vCenter network segment.  Objective Create reachability to vCenter from layer 2 switches that have the management interface configured in a separate VRF, not reachable from the vCenter network segment.  Prerequisites Proper VM Tracer configuration...
Continue reading →

Export CVP Functionality to Ansible

In some network environments there is a separation of responsibility for the network infrastructure and the server side equipment. In these environments, different groups responsible for managing different equipment could use different tools for the job. This guide will discuss one of the several options for integrating Arista’s network management tool, CloudVision Portal (CVP), into an Ansible environment. ContentsSummaryImplementationNetwork TeamServer TeamExample playbook and setup Summary In this example, the environment uses Ansible as the configuration management tool for server provisioning but uses CVP for network management. The environment is set up to allow the server team to provision top of...
Continue reading →

Leveraging CVP Telemetry and ZTP in an Ansible Environment

This guide will discuss one of several options for integrating Arista’s network management tool, CloudVision Portal (CVP), into an Ansible environment. ContentsSummaryImplementationScripts and Config fileScript 1: Initial Provisioning scriptScript 2: Ansible Handoff scriptConfig file: config.ymlExample Summary In data center environments where Ansible is used for configuration management of all devices including networking equipment, the network operations team may want to leverage the telemetry and Zero Touch Provisioning (ZTP) functionality provided by the CloudVision Portal product. In this example, CVP will be used for ZTP, image upgrades, and telemetry while Ansible will be used to manage the switch configuration directly. Documentation...
Continue reading →

Analyzing Packet Header Timestamps in Wireshark

ContentsArista Packet Header TimestampsHeader FormatLua in WiresharkThe Timestamp Dissector Loading the dissector Arista Packet Header Timestamps EOS 4.18.1F added header time stamping of all packets received on any tap interface in Tap Aggregation mode on the 7500/7280E and 7500/7280R. Full details on the implementation can be found in the feature’s TOI: https://eos.arista.com/eos-4-18-1f/tap-aggregation-ingress-header-time-stamping/ Since the timestamp is a new ethernet header, Wireshark doesn’t yet have a built in dissector for the protocol. We can write a dissector in Lua to do this for us. Header Format First we need to understand the new header format. The timestamp header is a new Ethernet/L2 header...
Continue reading →

Graphing Arista EOS with Grafana,Telegraf and influxDB

ContentsIntroRequirementsInstall influxDB Install GrafanaInstall Telegraf on EOS Grafana Dashboard Intro Arista devices leverage the Extensible Operating System(EOS): at the core of every Arista devices lies an unmodified Linux Kernel running a distribution of Fedora Core Linux.  Therefore, EOS devices behavior very similarly to Linux servers.  For a very long time Linux administrators have used a process on each Linux server to send metrics to a external data base and observe those metrics with a graphing tool. Since EOS is Linux-based, we are able to run the same collector agents on a Arista EOS device to collect metrics. This post will be a bit elaborate in...
Continue reading →

CloudVision Automated snapshot using Cloudvision API

ContentsPurposePrerequisitesStepsStep 1 – Create a snapshot templateStep 2 – Write a python script to perform Snapshot operation Step 3 – Create a cron job (Supported in Linux/Unix/Mac OS)Step 4 – Check the automated Snapshots on the GUI Appendix Further Reading Purpose The purpose of this document is to build an automated task to create container based snapshots using the CloudVision API along with a scheduled cron job from any reachable Unix/Linux/Mac server. This script will come in handy to compare network status/configuration of your entire network by taking snapshot on a predefined schedule and can be modified if an administrator’s requirements change....
Continue reading →

Arista Data Center Interconnect Solutions – Next-Generation 7500R 200G Coherent DWDM Platform

Introduction The latest smartphone app, mobile game, instant messaging tool or video sharing site hits the media, and all of a sudden everyone over the age of 20 discovers what the under-20’s have known for a while and download, install, use and share it. This trend repeats and repeats. This is the modern world of mobile, cloud networks and mega-scale datacenters. Keeping up with the latest trends is not just a problem for those old enough to remember texting with numeric keypads but also for the operators of these datacenters.   More content, in more locations and at significantly faster...
Continue reading →

Datacenter Deployment Automated

Planning Methodology There is a lot of talk about automation in the datacenter which indeed saves time but a lot of effort still goes into planning. After all, failing to plan is planning to fail. I needed a way to start automating some of the planning and repetitive tasks needed for deploying the same blueprint across various sites. One of the bigger tasks is the IP Plan and making sure that the correct IP’s get used in configurations. Additionally making sure that the same methodology gets used on different sites. Initially, I set out to use a very nice utility...
Continue reading →

Interface Errors Explained

“show interface” is one of the more common commands that every network engineer uses. However, sometimes it’s not always clear what some of the displayed interface-level errors mean. This article explains some of the more common errors, their meaning, and possible causes. SymbolErrors * device receives invalid symbols in the frame * points to physical problems Alignment Errors – both conditions must be met: * The number of bits received is an odd byte count * The frame has a Frame Check Sequence (FCS) error * points to MAC layer or physical problems FCS Errors = frames failing FCS check...
Continue reading →

Using Jinja Templates on CVP

ContentsWhy use Jinja?Usage of Jinja2 on CVPDigging deep into the example.py scriptRendering information into templatesNotes to remember Why use Jinja? Jinja2 is a user-friendly template engine for Python. It is easy to learn and use, and also fast – as a result, a lot of developers use it these days. It is easy to model since its syntax is quite similar to Python; debugging is easy, in fact quite similar to Python’s debugging capabilities. To install Jinja, download Jinja2 from https://pypi.python.org/pypi/Jinja2 and install it in the /cvp/pythonlab/Lib folder. Usage of Jinja2 on CVP In CVP, we have the facility of...
Continue reading →

Using an SFP/SFP+ transceiver in a QSFP+/QSFP100 port

Introduction Situations may arise where a QSFP+ or QSFP100 (QSFP28) port must be utilized by an SFP+ or SFP adapter. Mellanox has a physical adapter (P/N: MAM1Q00A-QSA). This adapter is a physical cage that fits into a QSFP port and has an opening that fits an SFP or SFP+ transceiver. NOTE: Specific hardware used in this exercise: DCS-7150S-64-CL-R, Software image version: 4.17.3F. You should check the release notes for your version of EOS and model hardware to insure support. Currently, this adapter is tested with SFP (1G) or SFP+(10G) —  (not SFP28/25G). Objective An SFP+ or SFP transceiver can be fit...
Continue reading →

VXLAN: security recommendations

ContentsAbstractIntroductionVXLAN backgroundVXLAN implementation optionsFlood listMulticast groupVXLAN Control Service on CVXBGP EVPNSecurity threats and mitigation techniquesAttacks from underlay networksAttacks from overlay networksMac-floodingMAC-flooding in flood list type of configuration for VXLANMAC-flooding in multicast group, CVX, BGP EVPN types of VXLAN configurationMAC-address spoofingMAC-address spoofing in flood list and type of VXLAN configurationMAC-address spoofing in multicast group VXLAN configurationMAC-address spoofing in CVX type of VXLAN configurationMAC-address spoofing in BGP EVPN type of VXLAN configurationARP spoofingUDP floodingTCP SYN attacksBGP as a control plane and its securityScalability considerationsRegistering rogue VTEP on VXLAN controllerEnd-to-End securityConclusionResources Abstract This document provides recommendations that are advised to implement in order to increase...
Continue reading →

Arista 7280QR-C36 Load Balancing Optimization for Dual Homed Systems and Networks

ContentsArista 7280QR-C36 Optimized Internal Load-balancingBest practice recommendations:Changing load-balancing mode on DCS-7280QR-C36For ECMP:For LAG:Summary Arista 7280QR-C36  The Arista DCS-7280QR-C36 switch is a purpose built flexible fixed configuration 1RU system capable of supporting a wide range of interface choices. Its designed for the highest performance environments such as IP Storage, Content Delivery Networks, Data Center Interconnect and IP Peering. The 7280QR-C36 is optimized for environments with dual connected nodes such as storage and for spine applications with dual homed leaf switches. This technical application note describes the internal optimized load-balancing mechanism used within the switch and how network architects can best deploy this...
Continue reading →

Load Balancing with ECMP: Hardware Configuration Lookup

ContentsAbstract:Initial configuration:Question:Recursive lookup for the actual path:Conclusion:Useful commands: Abstract: This publication illustrates a technique which can be used to find exactly how Arista devices program routes to send traffic across multiple available paths. An example will be given on the Arista DCS-7150S-52-CL-R running EOS version 4.14.8M. Initial configuration: As an IGP we are using OSPF with maximum paths feature configured: Arista(config)#router ospf 1 Arista(config-router-ospf)#maximum-paths 32 There are two iBGP peers configured via a peer-group “pg1”: Arista(config)#router bgp 65001 Arista(config-router-bgp)#neighbor pg1 maximum-routes 16000 Arista(config-router-bgp)#neighbor 172.20.18.49 peer-group pg1 Arista(config-router-bgp)#neighbor 172.20.18.121 peer-group pg1 iBGP advertisements: * >   10.82.2.32/27       172.20.16.143    0  ...
Continue reading →

MBR (Multicast Border Router)

Intro Enabling PIM MBR on an interface (where we don’t have an upstream PIM neighbor) will allow multicast traffic from remote sources that are outside of our PIM domain to be treated as locally connected sources. We typically see this scenario when we are receiving multicast feeds from a remote Exchange and a PIM neighbourship is not established on our upstream links. In the current PIM implementation (EOS 4.14.0F and later) EOS will drop multicast traffic that is not considered to be locally connected by default and we need to configure MBR to allow this multicast data. In the interfaces...
Continue reading →

Installing EOS hot fixes with CloudVision Portal

Installing hotfixes via CloudVision Portal   One of the major strengths of EOS is the open nature of the operating system.  By being able to add software to Arista switches, one can extend the capabilities of the operating system (that’s where the ‘E’ in EOS comes from after all).  One scenario where this is perhaps most beneficial is in the realm of security updates.  The majority of security updates to Arista’s operating system are initially delivered in the form of an extension prior to rolling the update into a new release of EOS.  There are some clear advantages to this method...
Continue reading →

Understanding EOS Software Download Options

This post is to help explain the different Software Download options for a particular EOS release. For recommendations on which train or version of EOS you should use, please take a look at our Software Lifecycle, and Recommended Release pages. This advice only concerns images located in the Active and Support Only Releases folder. Images from the Other Releases and EFT folders are not for general use. Those releases are available only for specific deployments, and should only be used when specifically recommended by Arista. In this case, I’m taking a look at EOS-4.17.1F and you can see from the...
Continue reading →