Spotify’s SDN Internet Router

How does one build an Internet-scale router using data center switches and a bit of SDN grease? One solution is what Spotify built with their open-source SIR (SDN Internet Router). Before we go any further, let us address the why. Why would one want to do this? The price-performance ratio between a data center switch and an Internet router is on the order of 10x. Data center switches based on merchant silicon can offer three times the density of high-end routers for a third of the price. For this reason, replacing expensive high-end routers with programmable data center switches using...
Continue reading →

Arista + Ansible: A Dramatically Simple New Approach

On February 18th, 2016 Ansible (Red Hat) announced a new initiative to help bring years of systems administration experience to the network by creating a new set of modules built specifically for network devices.  This announcement signals a new direction for Ansible, a technology that previously omitted native support for the majority of network vendors.  What does this announcement mean and how can you get started with your Arista devices? ContentsA Brief HistoryA New ApproachA Sample PlaybookHow Will Arista Contribute?Getting Started A Brief History Astute readers may be wondering, “Why does this matter? I can already manage my Arista device with Ansible.” That’s...
Continue reading →

OpenConfig: the emerging industry standard API for network elements

The OpenConfig working group is tackling a number of challenging problems that have hindered multi-vendor network programmability: Creating vendor-independent models to represent all the aspects of a network element; Making these models programmatically accessible and modifiable; Changing from a pull model to a push model, with subscriptions and update streaming. We are very excited about this effort and we believe it has a good chance of succeeding as it is driven by some of the biggest cloud and service provider operators. For the past year, we have been working closely with members of the working group and in particular with...
Continue reading →

VXLAN Without Controller for Network Virtualization with Arista physical VTEPs

  Contents1) Introduction2) Design – Fundamentals2.1) VLAN2.2) VTI  – VXLAN interface IP address.2.3) VNI – VXLAN Network identifier2.4) Unicast Replication for  B.U.M. traffic3) Ethernet Bridging Fundamentals also matters with VXLAN3.1) Silent Layer2 network3.2) Flooding of Unknown Layer2 Destinations, and MAC learning4) BUM traffic with VXLAN5) MAC addresses knowledge for VXLAN6) VXLAN implementation differences7) Complete configuration examples7.1) VXLAN service with CVX7.2) VXLAN without CVX 1) Introduction This article assumed an understanding of the VXLAN concepts. This article aims at guiding the design and implementation of network virtualization with VXLAN, employing physical VTEPs. This controller-less design provides Layer2 communication across a Layer3...
Continue reading →

How to Install & Configure Arista’s DirectFlow Assist for Palo Alto Firewalls

Contents Summary Prerequisite Summary Prerequisite Concepts Configuring QoS Markings Configuring the DFA Modes DFA Installation Palo Alto Configuration Troubleshooting SUMMARY For the high level solution brief, view the Palo Alto Solution Brief. One of the many features of having an Arista switch is the ability to install extensions on the box. Remember that you can manage the Arista switch as if it was a Linux server (it actually is, but that’s outside the scope of this article) – and because of this we can install RPM packages. One of the packages we can install is Arista’s DirectFlow Assist (DFA), which...
Continue reading →

Migration to VXLAN

ContentsMigration to VXLAN IntroductionWhy do we need Data Center Interconnect?What are some of the open standards DCI solutions available?Why deploy VXLAN as DCI solution?Typical deploymentArista’s VXLAN SupportVXLAN ConfigurationMigrating from OTV to VXLANScenario:Migration steps:Final Configuration of Arista VXLANArista DCI with VXLAN Redundancy: Migration to VXLAN Introduction This document describes the operation and configuration of Data Center Interconnect (DCI) by using open standards protocols VXLAN (RFC 7348) and how to migrate away from existing solutions. Refer to the following document for a VXLAN deep dive: Arista DCI with VXLAN design guide VXLAN bridging and routing   Why do we need Data Center Interconnect? A requirement...
Continue reading →

Automate switch port configuration with EosSdk

Switch migrations are part of life in any datacenter, whether to add capacity with a larger system or new capabilities with a later product generation. There are two parts to this task – loading a configuration and the “rack and stack” of physical installation and cabling. Configuring the new new leaf switch is greatly simplified by tools such as ZTPServer. You can even use LLDP to verify that you’ve cabled the switch to its neighbors correctly. However, when it comes to plugging in servers, you still depend on a very manual process. This can be straight forward when you’ve a single VLAN...
Continue reading →

Importing Existing switches into CloudVision Portal

Introduction CloudVision Portal (CVP) abstracts the physical network to support turn-key automation for zero touch provisioning, configuration management and network-wide upgrades and rollback. CVP allows the user to quickly deploy new switches into the network using predefined, user created, configuration snippets called configlets. This functionality allows the user to simply automate the deployment of new network elements. What happens if the network elements are already deployed in the network and the user wishes to introduce CVP to automate configuration updates? How would these switches be brought into CVP and their configurations integrated into the configuration hierarchy? This guide will look...
Continue reading →

Arista EOS – BGP Selective Route Download

Today, various content provided through the Internet continues to grow exponentially. Content Providers have spent significant CapEx dollars for their infrastructure typically peering with multiple providers to give their customers the best experience possible. This classically calls for BGP peering between these providers and leveraging one provider as a transit with a default route. Given the fact that many views of the global Internet routing table show approximately 580,000 IPv4 prefixes and 20,000 IPv6 prefixes (December 2015), large expensive routers are traditionally used in this capacity. This is because traditional deployments in the past took all the routes in the...
Continue reading →

Maintenance Mode Lab – Example of BGP on Spine

Maintenance Mode Introduced in Arista’s EOS 4.15.2F, Maintenance Mode is a method to allow for easy maintenance of a switch or specific elements of a switch. The goal is to provide a set of commands with a wide range of flexibility that make our network operations lives a bit simpler. And along the way try to help drive down human error. With Maintenance Mode we expect to make the removal and reintroduction of a whole switch or portions of the switch a graceful operation that minimizes network downtime. The initial introduction of Maintenance Mode was aimed at BGP, Interfaces and the Switch as...
Continue reading →

SDN Starter Kit Quick Start Guide v2015.1

Introduction The Quick Start Guide is intended to provide an introduction to Arista Networks switches, Extensible Operating System (EOS) and recently released CloudVision management. It is intended to help the reader quickly deploy Arista switches and leverage the power of automation by using CloudVision. The setup, installation and configuration from start to finish should not take more than a couple hours.  Audience This guide is intended for the following audience:  • End user getting familiar with CloudVision • End user getting familiar with Arista’s EOS CLI CloudVision – Network Automation Key CloudVision features include point and click interface to simplify bulk tasks,...
Continue reading →

Hint – Naming ACLs for easier contextual help and auto-complete

You might like to name your ACLs with a suffix “ACL-” or  similar, so that when you type question mark  (‘?’) or TAB for auto-complete, you would automatically get the ACL name, without having to remember it (often cause of typos): Example: Arista(config)#show ip access-lists ? <==== asking for ACL name <WORD>; not listing all the ACLs by default as there could be too many WORD Access-list name summary Access list summary > Redirect output to URL >> Append redirected output to URL | Output modifiers <cr> Arista(config)#show ip access-lists ACL? <==== the contextual help now lists all the ACL...
Continue reading →

Palo Alto / Arista LAG HOWTO

This is a quick guide on configuring a LAG (802.1ad LACP) between a PAN-5060 firewall and an Arista switch. * *Pre-requisite: PANOS 6.1 or above PAN Cli config:  set network interface aggregate-ethernet ae1 layer2 lacp enable yes set network interface ethernet ethernet1/3 aggregate-group ae1 set network interface ethernet ethernet1/4 aggregate-group ae1 set network interface aggregate-ethernet ae1 layer2 units ae1.100 tag 100 set address 192.168.1.1 ip-netmask 192.168.1.1/24 set network profiles interface-management-profile Trust https yes set network profiles interface-management-profile Trust ssh yes set network profiles interface-management-profile Trust snmp yes set network profiles interface-management-profile Trust ping yes set network interface vlan units vlan.100...
Continue reading →

Understanding Deduplication in Tap Aggregation (NPB)

  Contents1) What is deduplication ?2) Hardware impacts the Deduplication performance2.1) Processing performance2.2) Hardware tables 2.3) Why do hardware table size matter?2.4) Conclusion on the impact of hardware on deduplication 3) You might need duplicates4) SPAN/Mirroring: 5) How to configure SPAN/Mirroring to avoid duplicates? 5.1) Selecting the ports and direction yourself rather than getting unknown origin 5.2) Filtering mirrored traffic 6) How to save bandwidth and storage space?  6.1) Storage deduplication 6.2) Keeping full visibility of all packets while saving space with slicing 6.3) Filtering7) How to deduplicate on the capture tool (instead of on the Tap Aggregator) 7.1) Software Analyzer 7.2) NIC  8) Conclusion 1) What is deduplication ? Deduplication in the context of packet broker networks (Tap Aggregation)...
Continue reading →

Using vEOS with Vagrant and VirtualBox

Beginning with EOS 4.15.2F, vEOS is available as a Vagrant box for VirtualBox.  This single-file VM package makes it one of the fastest ways to get started with vEOS and is ideal for testing in automated environments.  Multiple VMs may be defined within a single Vagrantfile, including non-vEOS VMs, allowing an entire topology to be defined in a single file.  A customized Vagrantfile, checked in to revision control, is an effective way for multiple users to consistently recreate a complete environment. Prior to EOS 4.15.2F, the vEOS vmdk and Aboot.iso files can be converted to a Vagrant box by following the directions...
Continue reading →

How Rapid Spanning Tree Protocol (RSTP) Handles Topology Changes

For this exploration I’m using Arista’s Virtual Extensible Operating System (vEOS) version 4.15.0F running in GNS3(Which is pretty awesome).  The virtual switches have been configured in rapid-pvst mode. Here is the topology: EtherSwitches have been added only to capture traffic off of monitoring sessions set up on Switch1 and Switch2 to look at in Wireshark.  The Ubuntu server can be ignored for the purposes of this blog entry. Only VLAN 1 is present on all switches and Switch1 is configured to be the primary root, while Switch2 is configured to be the secondary. Here’s the current state of the network:...
Continue reading →

Securing OpenFlow with stunnel (TLS Proxy)

Do you have an OpenFlow controller that supports communication channel encryption via TLS and you’d like to take advantage of that option with an Arista switch? No problem! Just follow these simple steps and in mere minutes you’ll have a secure TLS connection up and running. Just imagine the look of shock and amazement on the faces of your friends, family and coworkers as you extend the capabilities of your EOS powered switch in near real time! 1) Please download Stunnel from here: http://dl.fedoraproject.org/pub/archive/fedora/linux/releases/14/Fedora/i386/os/Packages/stunnel-4.33-1.fc14.i686.rpm 2) Copy it to flash on the switch: switch#copy scp://@//stunnel-4.33-1.fc14.i686.rpm flash: 3) Install the RPM as...
Continue reading →

Ansible playbook for CVX and VXLAN configuration.

Purpose: This playbook allows an administrator to easily configure Cloud Vision Exchange (CVX)  and Virtual Extensible LAN (VXLAN) between two Arista switches. It is ideally suited for test environments and administrators wanting to test CVX and VXLAN functionality. The playbook can be modified for more advanced deployments. Running the playbook: From the cli under the /etc/ansible directory run: ansible-playbook cvx_vxlan_playbook.yaml Prerequisites: An Ansible server (http://docs.ansible.com/ansible/intro_installation.html) arista.eos roles for Ansible v1.0.1. To install run # sudo ansible-galaxy install arista.eos on the Ansible server. Rename the following files under /etc/ansible/roles/arista.eos/library to not have a .py extension i.e eos_config.py becomes eos_config.  # cp...
Continue reading →

Installing Puppet on EOS

ContentsGetting started with Puppet and EOS isn’t a difficult process. It involves taking advantage of the extensible nature of EOS. There are two primary extensions that need to be loaded in EOS in order for an Arista network element to be included in the Puppet ecosystem.InstallationConfiguring PuppetConfiguring Name ResolutionConfiguring eAPIConfiguring puppet.confCreate puppet aliasSSL CertificatesSummary Getting started with Puppet and EOS isn’t a difficult process. It involves taking advantage of the extensible nature of EOS. There are two primary extensions that need to be loaded in EOS in order for an Arista network element to be included in the Puppet ecosystem. Installation Installation...
Continue reading →

Interface Auto-Description with Detailed LLDP Info

Still writing interface descriptions manually? No fun at all; not to mention the task is prone to typos and human error. Why not let LLDP help you out! Mark Berly originally authored a handy little script that used ‘show lldp neighbors’ to dynamically build your local interface descriptions based upon a few simple key/value pairs. But what if you wanted a little bit more data only found in `show lldp neighbors detail`? PortAutoDescription v3 With this updated version, you can access a majority of the data only available in ‘show lldp neighbors detail’ with an easy to use dictionary: {...
Continue reading →

Why Java APIs and Industry-Standard CLIs are Different

In the past few years, the tech industry has watched with increasing concern as various entrenched participants have brandished copyright law as a weapon to stifle competition and innovation. Recently, we have been treated to yet another novel claim: that after over a decade of broad adoption, the industry-standard set of commands that a user types into a command line interface (or CLI) to configure a network device is subject to copyright. This startling claim raises many questions, but today I want to address one in particular: What effect, if any, does the recent decision in Oracle v. Google have...
Continue reading →

VXLAN Routing with MLAG

ContentsIntroductionVirtual eXtensible LAN  (VXLAN) OverviewVXLAN RoutingVXLAN Routing TopologiesDirect routing model with MLAGAnyCast IP address Virtual VTEP with the Anycast IP addressDirect Routing configuration Introduction This document describes the operation and configuration of  VXLAN routing on an Arista platform in conjunction with MLAG for redundancy. The configuration and guidance within the document unless specifically noted is based on the platforms and EOS releases noted in the table below.   Arista’s Multi-Chassis LAG (MLAG) technology provides the ability to build a loop free active-active layer 2 topology. The technology operates by allowing two physical Arista switches to appear as a single logical switch...
Continue reading →

Adding Interface DHCP Support with an Event Handler

While EOS does not support DHCP on interfaces natively from the CLI, it is easy to leverage the underlying Linux operating system along with event-handlers to add this support yourself! dhclient is available natively within EOS. The trick is that you need to first get dhclient to run for a given interface you want to DHCP an address for, and then you need to take the result from dhclient and apply that to the CLI as if it were a static configured IP address. The following script (installed at /mnt/flash/dhcpintf) can be run out of an interface event-handler to start/stop...
Continue reading →

My journey with Ansible and Arista

Before I joined the ranks of Arista, my primary focus was technical refreshes and configuration documentation to support a PVST+ and OSPF architecture.  Yes – PVST+.  Yes – not RSTP.  I don’t say that to knock the place, I say that to give you an idea of where I’m coming from.  I was completely focused on spanning tree and routing protocols – primarily OSPF.  I had blinders on and didn’t want to do anything but routing and switching in a certain vendor’s world. Needless to say, transitioning from that place to working for Arista Networks was like Charlie stepping into...
Continue reading →

Tap solutions for Arista Tap Aggregation – Network Packet Broker

  Arista Tap Aggregators are agnostic to the taps capturing the light signal, although optical budget should remain a careful consideration, like in any optical media. The below is a selection of Tap vendors deployed by our customer based, in alphabetical order. Feel free to post a comment with your own favourite Tap supplier, if not listed here.   CableXpress http://www.cablexpress.com/solutions/port-replication/   Comcraft – ProfiTAP http://www.profitap.com/fiber-taps/   Corning Cable Systems – Pretium EDGE Tap module http://catalog.corning.com/opcomm/en-US/catalog/MasterProduct.aspx?cid=pretium_EDGE_AO_module_web&pid=114264   Enlight Data http://www.enlightdata.com/products.html     Garland Technology http://www.garlandtechnology.com/products/network-taps   M2 Optics http://www.m2optics.com/products/network-taps   Mimetrix http://www.mimetrix.com/optical-taps.php   Tapics http://www.tapics.us    

L2 Trace Route Another Example of EOS Extensibility

Introduction EOS is indeed very extensible. With native Linux tools already installed, a JSON interface for structured switch communication and Python libraries available, the sky is the limit on what you can do. Of course installing additional RPMs to leverage ‘off the shelf’ packages can also be utilized to open up other extensibility options. A few weeks ago a customer with a large layer 2 environment asked if Arista has a layer 2 trace route tool. The answer was no, not natively, but it could be built with a little scripting in Python. Thus l2tracert.py was born. The l2tracert script...
Continue reading →

Arista’s EOS Innovation Enabling Ecosystem Partner Software Development

Network software automation and intelligence is a passion we share as network engineering software developers at Intelligent Visibility, Inc. Creating innovative software solutions in the rising world of software-defined networking (SDN) can prove challenging. The source data that we require for our software is mostly located within the network device’s operating system. In the past accessing this source data has been a serious time investment mainly due to inconsistent API implementation types across different operating systems for many different hardware platforms.

Find the next free VLAN id

If you have a lot of VLANs to manage, finding unused, available VLAN ids can be a challenge. Here’s a short alias to do exactly that (with the help of our customer Mateusz Blaszczyk): alias next-vlan show vlan | awk -v a=`echo %1 ` '$1 ~ /[0-9]/ && $1==a { ++a }; END { print a }' alias next-vlan-h bash echo -e "\nUsage: next-vlan <STARTING-ID>\n\nWhere <STARTING-ID> is the VLAN id to start looking for unused VLAN ids\n"   Description: The script analyses the output of the “show vlan” command for consequently rising VLAN ids, starting with the given one. It...
Continue reading →

VXLAN bridging with MLAG

ContentsVXLAN bridging with MLAGIntroductionVXLAN with MLAGVXLAN with MLAG configurationTraffic Forwarding BehaviourTraffic Failover Behaviour VXLAN bridging with MLAG Introduction This document describes the operation and configuration of VXLAN within an Multi-Chassis LAG (MLAG) deployment. The configuration and guidance within the document is based on the platforms and EOS release of table 1.0 Arista MLAG technologyTable 1.0 Arista’s Multi-Chassis LAG (MLAG) technology provides the ability to build a loop free active-active layer 2 topology. The technology operates by allowing two physical Arista switches to appear as a single logical switch (MLAG domain), third-party switches, servers or neighbouring Arista switches connect to the logical switch...
Continue reading →

How to keep last X startup configs

If you would like to keep track of last 10 (or more, or less) configuration changes, here’s the event-handler code to do that: event-handler config-versioning    trigger on-startup-config action bash FN=/mnt/flash/startup-config; LFN="`ls -1 $FN.*-* | tail -n 1`"; if [ -z "$LFN" -o -n "`diff -I 'last modified' $FN $LFN`" ]; then cp $FN $FN.`date +%Y%m%d-%H%M%S`; ls -1r $FN.*-* | tail -n +11 | xargs -I % rm %; fi    delay 0 Description: Every time the startup config gets changed, this event handler will be executed (“trigger on-startup-config”). You could increase the delay, if you wish, but now it’s engaged immediately...
Continue reading →

Tip for Arista vEOS on VMware ESX 6

Note: This tip was discovered and shared by Sandy Breeze at Claranet   Arista provide the EOS network operating system for test/lab virtual environment under the form of vEOS, either as a VMDK or a SWI (software image to install on an existing vEOS). With the vEOS VMDK as currently provided, in thin provisioning for saving on the file size, ESX4 and 5 would work fine, but upon booting the vEOS VM under ESX6, it will report “LZMA data is corrupt”,  and “system halted”, despite the image not being corrupted (you could verify the checksum). This issue may also manifest itself with an...
Continue reading →

eAPI and Unix Domain Socket

Introduction Today’s data centers cry out for automation. There are many approaches that Network Operators can leverage, but one method that is very powerful is using Arista’s eAPI command interface. When eAPI is enabled, the switch accepts commands using Arista’s CLI syntax, and responds with machine-readable output and errors serialized in JSON, served over HTTP or HTTPS. It’s very easy to use and exceptionally powerful. Other blogs and articles have discussed the usage of eAPI for scripts. The purpose of this article is to cover a new access method introduced in EOS 4.14.5, which allows local access to the eAPI...
Continue reading →

Securing eAPI

ContentsIntroductionTurning on/off eAPIHTTPS CertificateChanging the PortUsers Control by ACLVRF Command control via AAAOn-box Programming Introduction In this article we will talk about a few tips to secure our eAPI access, for example, HTTPS, changing port, certificate, ACL, on-box, AAA, vrf etc. Turning on/off eAPI First of all, the most secure way is turning off eAPI, which is by default. myswitch#configure myswitch(config)#management api http-commands myswitch(config-mgmt-api-http-cmds)#shutdown To turn eAPI on by “no shutdown”, by default the HTTPS protocol is running and HTTP is turned off for secure purpose, because HTTP send user and password in clear text. HTTP can be used by “protocol http”, however, we recommend...
Continue reading →

7150S NAT – Practical Guide – Source NAT – Dynamic

ContentsIntroduction1) Dynamic Source NAT with pool1.1) Differences with Static Source NAT1.2) Dynamic Source NAT exampleBaseline configuration (reminder)Resulting translation 2.2) Configuration for Dynamic Source NAT – with pool2.3) Verification outputs for  Dynamic Source NAT – with pool2) Dynamic Source NAT Overload (Many to one)2.1 ) Overload Example2.2) Configuration for Dynamic Source NAT Overload2.3) Verification output for Dynamic Source NAT Overload3) Dynamic Source NAT Overload + Specific ACL3.1) Example4.2) Configuration for Dynamic Source NAT Overload + Specific ACL4.3) Verification outputs for Dynamic Source NAT Overload + specific ACL Introduction This article presents Dynamic Source NAT, as part of a series of articles about Source NAT on the Arista 7150S with practical examples. It assumes...
Continue reading →

MTP12 Cheat Sheet for QSFP 40G SR4 Optical Cabling

  Contents1) Overview2) QSFP to QSFP light path on MTP12 cables3) What to be careful about4) Mistake examples4.1) Polarity mistake4.1) Wrong connector gender 1) Overview This document explains the optical connectivity involved in 40G optical QSFP for short reach (40GBASE-SR4), on multimode fibres. The standard specifies MPO12 (or MTP12) as connector to the SR4 QSFP, which employs traditionally 12 fibres, but 40G only need 8 (4 pairs) to carry the 4 parallels bidirectional paths. You might know that QSFPs can be programmed to operate as 4 x 10G.     2) QSFP to QSFP light path on MTP12 cables Notice...
Continue reading →

ZTPServer – Benchmarking the Webserver Gateway Interface

ContentsIntroductionObjectiveConsiderationsBenchmark TestingTesting with FunkloadBenching ProfilesProfile A: Provision Static Nodes (existing node directory)ResultsProfile B: Use Neighbordb to Dynamically Provision Nodes (without SWI download)ResultsProfile C: EOS+ CS MagicResults Introduction ZTPServer provides a bootstrap environment for Arista EOS based products. It is written mostly in Python and leverages standard protocols like DHCP (for boot functions), HTTP (for bi-directional transport), and XMPP/syslog (for logging). Most of the configuration files are YAML based [ documentation ]. We will benchmark the performance of the ZTPServer by using funkload, which will simulate EOS nodes being provisioned. Objective The purpose of this post is to evaluate the performance...
Continue reading →

Latency Analyzer (LANZ) Architectures and Configuration

ContentsIntroduction1) Enabling Latency Analyzer 2) Setting LANZ Thresholds3) Viewing LANZ Output4) LANZ Traffic Sampling5) LANZ lite (7500 and 7048T) Introduction   Arista Latency Analyzer, or LANZ, is a technology that tracks and logs buffer congestion and latency in real time.  The visibility provided by LANZ of network hot-spots and microburst oversubscription gives the network operator greater insight into when problems are occurring on the network and why.  With LANZ you will know when congestion happened, track the sources of congestion, and be able to export real-time events to external applications.  LANZ also shows the effect of packet buffering on an...
Continue reading →

LANZ – Tuning packet buffer monitoring thresholds – Gain the most adequate visibility to you

This article introduces LANZ briefly, and then concentrate on explaining how you may want to tune the threshold. Threshold tuning allow you to have the right level of visibility for your environment.     Contents1) LANZ IntroductionLANZ generated outputs2) LANZ Thresholds2.1) Microburst2.2) When microburst exceeds a threshold2.3) Microburst visibility – benefits2.4) Differentiating thresholds in relation to time lapse2.5) Know your network and applications3) Finding the right LANZ buffer threshold for you3.1) How much information ?Conclusion on information quantity3.2) Empirical approach: starting with the default3.2.1) Starting with the default3.2.2) Lower to 1/5th or 1/10th of the default3.2.3) Lower to a further...
Continue reading →

EOS Extension – autoipcfg

With the release of the pyeapi library, its even easier to use the EOS eAPI interface to write some custom functionality to help with deployments, provisioning, configurations and many other things. Arista’s EOS+ organization has developed a full turn-key solution for provisioning new nodes on your network, known as ZTP server.  This is a full featured server that provides a bootstrap environment for Arista switches.  Its highly customizable and if you are looking for a lot of bells and whistles this would be the way to go. However the eAPI interface allows for extensions to be written really quickly if...
Continue reading →

sFlow Generation for Legacy Networks with Tap Aggregation (NPB / Matrix switch)

  sFlow is a standard hadware sampling available on all the Arista platforms, providing rich statistical information on all ports. sFlow is available in Tap Aggregation mode, allowing additional use cases of Tap Aggregation than traffic analysis on analyzer tools: Retro-fitting sFlow to legacy infrastructure Distributed analysis This article focuses on Retro-fitting sFlow to legacy infrastructure.   1) sFlow vs Netflow sFlow is a sampling mechanism implemented in hardware: Widely available on non-legacy platforms, and widely supported on collectors/monitoring software sFlow requires minimal local processing which contrast with Netflow that is very CPU-intensive, making Netflow poorly suitable for any high performance...
Continue reading →

DANZ – Tap Aggregation optics / transceivers selection

This articles clarifies certain criteria that are important to consider in the design of a Network Packet Broker (NPB) aggregating traffic from various sources. For distance reasons, the main type of media used in tap aggregation is optical (multimode or single mode), therefore this article mainly focuses on these media.   Contents1) Understanding Optical Budgets2) Estimating Insertion Losses3) Optical Splitter Operation4) Port usage on Tap Agg Switch5) Overcoming optical loss with wideband optics on tap portsWhat about standard compatibility?Details on wideband opticsHighlight of the wideband optics benefits:6) Tapping High Speed Links (40G / 100G) 1) Understanding Optical Budgets Multiple factors...
Continue reading →

DANZ Tap Aggregation – Basic settings – Before you start

Several Arista switches support DANZ feature set for Tap Aggregation. The tap aggregation mode is a mere configuration (1-2 lines) that transform a high performance L2/L3 switch into a Tap Aggregator (NPB). This mode require certain considerations: Contents1) Tap aggregation – How to selecting the exclusive mode3) Undesired protocolsSpanning-TreeIGMP SnoopingLACPQoS 1) Tap aggregation – How to selecting the exclusive mode That tap aggregation mode is exclusive to part of a switch of the whole switch. Parts of the switch that are excluded from the Tap Aggregation mode can work either in fully L2/L3 forwarding mode (normal switching mode), or in simple...
Continue reading →

Script example – Automating VXLAN deployments with EAPI

  Contents1) Introduction2) Working towards automation: it is an evolution3) Deployment methods4) Deployment elements5) EAPI Script5.1) Arguments handling5.2) VXLAN configuration5.3) Example of resulting configuration6) Script 1) Introduction This article describes briefly what is required to deploy overlay networks with VXLAN, but we assume a good understanding of the VXLAN fundamentals. To achieve such VXLAN deployments, multiple options exist, from simple but manual, to fully automated service chaining (orchestration) at the cost of having to also set a Cloud Management Platform or a network virtualization controler This article focuses on an easy option that is a good balance between simplicity of operation...
Continue reading →

ZTPServer v1.3

ZTPServer version 1.3 adds a couple of new features and enhancements to which are primarily focused on new actions, improved testing and documentation, and the addition of handlers for startup-config PUT requests. For details, please see http://ztpserver.readthedocs.org/en/master/support.html#releases. ZTPServer version 1.3.1 adds some additional bug fixes and it is the recommended release for all customers.

BGP Multipath

BGP Multipath allows multiple next-hop entries for the same prefix to be installed in the routing table. This enables the load sharing of traffic, providing Equal Cost Multi-Pathing (ECMP) functionality. By default, BGP Multipath is disabled and the path selection algorithm will continue until one path is preferred. To enable the BGP Multipath option, the following must be configured under the BGP process: maximum-paths paths [ecmp ecmp_paths] paths  – maximum number of parallel routes in the routing table. Default value is 1. ecmp_paths – maximum number of ECMP paths stored in the forwarding table for each route. Default is maximum value. Value for...
Continue reading →

Working with the Python eAPI Client

This article builds on the Introduction to the Python Client for eAPI by taking a look at the pyeapi client a little deeper.  The client module provides a number of functions for making it easier to build connectivity to Arista EOS nodes running eAPI. To get started, lets begin by simply importing the pyeapi client in Python and review the how to build a node object. >>> import pyeapi >>> node = pyeapi.connect_to('veos01') As discussed in the introduction article, the above will search for and load the eapi.conf file.  Once the configuration file has been found and loaded by pyeapi,...
Continue reading →

Fabric Visibility

A leaf and spine fabric is challenging to monitor. The fabric spreads traffic across all the switches and links in order to maximize bandwidth. Unlike traditional hierarchical network designs, where a small number of links can be monitored to provide visibility, a leaf and spine network has no special links or switches where running CLI commands or attaching a probe would provide visibility. Even if it were possible to attach probes, the effective bandwidth of a leaf and spine network can be as high as a Petabit/second, well beyond the capabilities of current generation monitoring tools. The 2 minute video...
Continue reading →

Introducing the Python Client for eAPI (pyeapi)

The Arista EOS command API (eAPI) has been available in versions of EOS since the release of version 4.12.  It has proven to be an invaluable tool for building management plane applications, making it easy to develop solutions that interface with the device configuration and state information.  Building on the capabilities of eAPI, this article introduces the initial release of the Python Client for eAPI (pyeapi). The Python Client for eAPI (pyeapi) is a language specific client to make working eAPI even easier.  It is designed to assist network engineers, operators and devops teams to build eAPI applications faster without...
Continue reading →

Quick and Easy vEOS Lab Setup (VMware or VirtualBox)

Introduction A local vEOS lab is always helpful when trying out new features or validating configuration. So how would you like to be able to setup a 4-node spine/leaf virtual lab pictured below with one simple command? user:packer-veos user$ ./create-veos.py -H virtualbox And what if you wanted to try out the ZTPServer with this new set of nodes? user:packer-ztpserver user$ ./create-ztpserver.py -H virtualbox -o fedora This is possible with the help of the EOS+ Consulting Services Github projects: packer-veos packer-ztpserver Follow the READMEs at those individual repos to setup your virtual machines, but here’s a quick overview of the process....
Continue reading →

MLAG – Advanced Configuration

Fully meshed MLAG enables efficient, unprecedented spine to host scaling in dense active-active topologies. Overview While dual-homing individual devices such as servers and top of rack switches using MLAG provides fault-tolerant, active-active connectivity across a single device pair, larger networks require two tier architectures to provide fully meshed capacity both between the spine and leaf layers of the network and for onward connection to servers. MLAG’s simple yet versatile implementation makes it possible to provide high levels of redundancy with scalability of up to 64 interfaces per channel between multiple pairs of devices enabling significant network expansion without resorting to...
Continue reading →