Changing the switchport default mode

By default all ports on an Arista switch are configured to be switch ports, as you would expect. If you are mostly dealing with routed ports, this behaviour may not be totally desirable. Starting in EOS-4.18.0, this behaviour is configurable e.g. we can have all interfaces in routed mode by default. switch1...11:10:56(config)#show run int et 1-4interface Ethernet1interface Ethernet2interface Ethernet3interface Ethernet4switch1...11:11:00(config)#show interface Et1-4 switchport | i Name|Switchport:Name: Et1Switchport: EnabledName: Et2Switchport: EnabledName: Et3Switchport: EnabledName: Et4Switchport: Enabled To change the default, simply issue the configuration command switchport default mode routed As you can see, all interfaces are now in routed mode by default:...
Continue reading →

VM Tracer configuration on a layer 2 switch

Introduction There are many network architectures, which include a separate network for out-of-band management. All Arista switches come with at least one designated management interface that is VRF-aware. When VM Tracer is configured on an Arista switch, by default, vCenter communication will be sourced from the management interface. There are situations where a layer 2 switch has the management interface configured in a separate VRF, not reachable from the vCenter network segment.  Objective Create reachability to vCenter from layer 2 switches that have the management interface configured in a separate VRF, not reachable from the vCenter network segment.  Prerequisites Proper VM Tracer configuration...
Continue reading →

Export CVP Functionality to Ansible

In some network environments there is a separation of responsibility for the network infrastructure and the server side equipment. In these environments, different groups responsible for managing different equipment could use different tools for the job. This guide will discuss one of the several options for integrating Arista’s network management tool, CloudVision Portal (CVP), into an Ansible environment. Summary In this example, the environment uses Ansible as the configuration management tool for server provisioning but uses CVP for network management. The environment is set up to allow the server team to provision top of rack switch ports for servers using...
Continue reading →

Leveraging CVP Telemetry and ZTP in an Ansible Environment

This guide will discuss one of several options for integrating Arista’s network management tool, CloudVision Portal (CVP), into an Ansible environment. Summary In data center environments where Ansible is used for configuration management of all devices including networking equipment, the network operations team may want to leverage the telemetry and Zero Touch Provisioning (ZTP) functionality provided by the CloudVision Portal product. In this example, CVP will be used for ZTP, image upgrades, and telemetry while Ansible will be used to manage the switch configuration directly. Documentation for setting up ZTP can be found in the CloudVision configuration guide. Implementation This...
Continue reading →

Analyzing Packet Header Timestamps in Wireshark

Arista Packet Header Timestamps EOS 4.18.1F added header time stamping of all packets received on any tap interface in Tap Aggregation mode on the 7500/7280E and 7500/7280R. Full details on the implementation can be found in the feature’s TOI: https://eos.arista.com/eos-4-18-1f/tap-aggregation-ingress-header-time-stamping/ Since the timestamp is a new ethernet header, Wireshark doesn’t yet have a built in dissector for the protocol. We can write a dissector in Lua to do this for us. Header Format First we need to understand the new header format. The timestamp header is a new Ethernet/L2 header consisting of the Arista EtherType (0xD28B), a two-byte protocol subtype of 0x1, a...
Continue reading →

Managing EOS configuration with Puppet and Templates

Availability, stability, and effort (time) to complete maintenance are key factors for network management. Taking advantage of automated configuration management tools such as Puppet enable network engineers to ensure consistency in configurations, test changes before applying them to production networks, and multiply their effort when making changes that touch multiple devices. Puppet is a versatile tool which can require a ramp up period. However, there are significant long-term benefits when multiple organizations (server, application, etc.) within your company share the same tool set and knowledge. The introduction of the eos_switchconfig Puppet resource type to the EOS module eases the transition for...
Continue reading →

Graphing Arista EOS with Grafana,Telegraf and influxDB

Intro Arista devices leverage the Extensible Operating System(EOS): at the core of every Arista devices lies an unmodified Linux Kernel running a distribution of Fedora Core Linux.  Therefore, EOS devices behavior very similarly to Linux servers.  For a very long time Linux administrators have used a process on each Linux server to send metrics to a external data base and observe those metrics with a graphing tool. Since EOS is Linux-based, we are able to run the same collector agents on a Arista EOS device to collect metrics. This post will be a bit elaborate in information but will provide great detail for first...
Continue reading →

CloudVision Automated snapshot using Cloudvision API

Purpose The purpose of this document is to build an automated task to create container based snapshots using the CloudVision API along with a scheduled cron job from any reachable Unix/Linux/Mac server. This script will come in handy to compare network status/configuration of your entire network by taking snapshot on a predefined schedule and can be modified if an administrator’s requirements change. After we create a snapshot template in CloudVision (by default, CloudVision uses the show_inventory template, but can be customized with the desired set of commands),   we will write a simple Python script that leverages the snapshot template to perform...
Continue reading →

Arista Data Center Interconnect Solutions – Next-Generation 7500R 200G Coherent DWDM Platform

Introduction The latest smartphone app, mobile game, instant messaging tool or video sharing site hits the media, and all of a sudden everyone over the age of 20 discovers what the under-20’s have known for a while and download, install, use and share it. This trend repeats and repeats. This is the modern world of mobile, cloud networks and mega-scale datacenters. Keeping up with the latest trends is not just a problem for those old enough to remember texting with numeric keypads but also for the operators of these datacenters.   More content, in more locations and at significantly faster...
Continue reading →

Interface Errors Explained

“show interface” is one of the more common commands that every network engineer uses. However, sometimes it’s not always clear what some of the displayed interface-level errors mean. This article explains some of the more common errors, their meaning, and possible causes. SymbolErrors * device receives invalid symbols in the frame * points to physical problems Alignment Errors – both conditions must be met: * The number of bits received is an odd byte count * The frame has a Frame Check Sequence (FCS) error * points to MAC layer or physical problems FCS Errors = frames failing FCS check...
Continue reading →

Using an SFP/SFP+ transceiver in a QSFP+/QSFP100 port

Introduction Situations may arise where a QSFP+ or QSFP100 (QSFP28) port must be utilized by an SFP+ or SFP adapter. Mellanox has a physical adapter (P/N: MAM1Q00A-QSA). This adapter is a physical cage that fits into a QSFP port and has an opening that fits an SFP or SFP+ transceiver. NOTE: Specific hardware used in this exercise: DCS-7150S-64-CL-R, Software image version: 4.17.3F. You should check the release notes for your version of EOS and model hardware to insure support. Currently, this adapter is tested with SFP (1G) or SFP+(10G) —  (not SFP28/25G). Objective An SFP+ or SFP transceiver can be fit...
Continue reading →

VXLAN: security recommendations

Abstract This document provides recommendations that are advised to implement in order to increase the security in multitenant network environments built on Arista Networks devices using VXLAN. Introduction One of the crucial qualities of modern cloud network infrastructure is scalability. Scalability can’t be achieved if security of the network operations inside the cloud is compromised. As for example, load scalability is not achievable in environments where the VMs are not able to operate when the network between them is not working properly due to hijacked MAC-addresses. One of the technologies used nowadays to address the challenges with scalability inside the cloud networks...
Continue reading →

Arista 7280QR-C36 Load Balancing Optimization for Dual Homed Systems and Networks

Arista 7280QR-C36  The Arista DCS-7280QR-C36 switch is a purpose built flexible fixed configuration 1RU system capable of supporting a wide range of interface choices. Its designed for the highest performance environments such as IP Storage, Content Delivery Networks, Data Center Interconnect and IP Peering. The 7280QR-C36 is optimized for environments with dual connected nodes such as storage and for spine applications with dual homed leaf switches. This technical application note describes the internal optimized load-balancing mechanism used within the switch and how network architects can best deploy this system to maximize overall system performance. The internal architecture of the DCS-7280QR-C36...
Continue reading →

Load Balancing with ECMP: Hardware Configuration Lookup

Abstract: This publication illustrates a technique which can be used to find exactly how Arista devices program routes to send traffic across multiple available paths. An example will be given on the Arista DCS-7150S-52-CL-R running EOS version 4.14.8M. Initial configuration: As an IGP we are using OSPF with maximum paths feature configured: Arista(config)#router ospf 1 Arista(config-router-ospf)#maximum-paths 32 There are two iBGP peers configured via a peer-group “pg1”: Arista(config)#router bgp 65001 Arista(config-router-bgp)#neighbor pg1 maximum-routes 16000 Arista(config-router-bgp)#neighbor 172.20.18.49 peer-group pg1 Arista(config-router-bgp)#neighbor 172.20.18.121 peer-group pg1 iBGP advertisements: * >   10.82.2.32/27       172.20.16.143    0       100     0       64920 64944...
Continue reading →

MBR (Multicast Border Router)

Intro Enabling PIM MBR on an interface (where we don’t have an upstream PIM neighbor) will allow multicast traffic from remote sources that are outside of our PIM domain to be treated as locally connected sources. We typically see this scenario when we are receiving multicast feeds from a remote Exchange and a PIM neighbourship is not established on our upstream links. In the current PIM implementation (EOS 4.14.0F and later) EOS will drop multicast traffic that is not considered to be locally connected by default and we need to configure MBR to allow this multicast data. In the interfaces...
Continue reading →

Installing EOS hot fixes with CloudVision Portal

Installing hotfixes via CloudVision Portal   One of the major strengths of EOS is the open nature of the operating system.  By being able to add software to Arista switches, one can extend the capabilities of the operating system (that’s where the ‘E’ in EOS comes from after all).  One scenario where this is perhaps most beneficial is in the realm of security updates.  The majority of security updates to Arista’s operating system are initially delivered in the form of an extension prior to rolling the update into a new release of EOS.  There are some clear advantages to this method...
Continue reading →

Understanding EOS Software Download Options

This post is to help explain the different Software Download options for a particular EOS release. For recommendations on which train or version of EOS you should use, please take a look at our Software Lifecycle, and Recommended Release pages. This advice only concerns images located in the Active and Support Only Releases folder. Images from the Other Releases and EFT folders are not for general use. Those releases are available only for specific deployments, and should only be used when specifically recommended by Arista. In this case, I’m taking a look at EOS-4.17.1F and you can see from the...
Continue reading →

Common AAA Requirements

This article describes sample configuration for most common AAA requirements. It covers default behavior of EOS and a basic configuration guide with respect to Authentication and Authorization through local, RADIUS and TACACS+. The article also includes sample TACACS+ config files and RADIUS dictionary files. Authentication SSH Authentication To have users locally authenticated, configure by entering the command: Arista(config)#aaa authentication login default local Other methods available are TACACS+ and RADIUS. Console Authentication By default console login will derive authentication method from the command “aaa authentication login default “. To configure authentication method for console login different than the default method, configure:...
Continue reading →

Troubleshooting Multicast packets to CPU

Overview This article covers different scenarios where undesirable multicast traffic can be punted to CPU.   Topology   Scenarios 1. Unsolicited traffic When the switch receives multicast traffic, there are two main checks made: 1.Is the source locally connected (i.e. is the source IP of the traffic in the same subnet as the IIF) OR 2. Is there a valid mroute state for the S,G If neither or the above apply, the multicast data traffic will be punted to CPU and no mroute state will be created. Note: Neither of the above checks apply in code versions prior to 4.14.x for...
Continue reading →

Arista EOS Hardening Guide

Introduction This document is provided as a template to securing Arista devices. Configurations alone are not able to completely secure a network. Due operational diligence including threat assessment and reaction are necessary to ensure device security. This document provides recommendations that you are advised to implement, however, no document can be comprehensive for every unique environment. General Security Principles A level of security ought to be applied to all network nodes. This should govern how nodes are accessed by users and what traffic is allowed to enter the nodes: Each user should be assigned an individual user-account, with a security...
Continue reading →

Running vEOS in GNS3 1.5

How to Run vEOS 4.16.6M in GNS3 1.5 Intro This document will go over how to install a vEOS vm instance on both your Windows 7 OS as well as Mac OS X. The steps are exactly the same between OSes. We will first start with Windows 7 installation and will then show a few screenshots on the Mac. Finally we will conclude this post by going over the steps to run vEOS all locally off your machine (however this isn’t recommended as running vEOS in a  QEMU vm is much more efficient than running it locally). Prerequisites Aboot-veos-8.0.0.iso vEOS-lab-4.16.6M.vmdk...
Continue reading →

Installing CloudVision eXchange (CVX) on Ubuntu / KVM

Introduction This post is intended to give step-by-step instructions on how to install CVX on a KVM Hypervisor on Ubuntu LINUX. The Cloudvision Configuration Guide provides provides excellent instructions on configuring CVX after the install process is complete. You can also browse to the guide via the Support > Product Documentation pages on arista.com. Basic familiarity with Linux is needed in order to complete this task. Installation Procedure Refer to Section 1.1 of the Cloudvision Configuration Guide for host system requirements. Install Steps Download the Aboot and EOS software from https://www.arista.com/en/support/software-download. (CVX is really just an instance of EOS configured with the CVX Server function enabled. Aboot is the boot-loader)...
Continue reading →

VMTracer Visibility and Call Flows

Introduction Arista EOS has been supporting the VMTracer feature since vSphere 4.0 was introduced and continues to support the latest version.  The EOS User Manual (found for various releases at https://www.arista.com/en/support/software-download) provides a very good description and background to the feature along with configuration details.  This technical note adds additional call flow information to better understand the feature and the network visibility it provides to operators, as well covering NSX-V visibility details. To set the baseline, the VMTracer logical diagram from the User Manual is redrawn here: This diagram shows that there are up to three main conversations between the Arista...
Continue reading →

Using and Customizing Arista EOS Roles for Ansible

The Ansible automation framework includes functionality defined as a role – a means of grouping playbook tasks, handlers, and variable files to help simplify the process of working with large playbooks, as well as reusing playbook information for multiple configurations. This article will describe the use of Arista EOS Roles for Ansible, beginning with a basic overview of Ansible Roles, then installing and working with Arista EOS roles, and concluding with a more in-depth look at customizing those roles for your specific needs. The Basics This article assumes you are familiar with Ansible and that Ansible version 2.1 or greater is installed...
Continue reading →

An Introduction to the Golang eAPI

Introduction Since the release of Arista EOS Command API (eAPI) many have grown to appreciate its stability and easy-to-use syntax which allow applications or scripts complete programmatic control over EOS. Development of applications that interface with your Arista device for the purpose of configuration or monitoring is simple and fairly straight forward. With a little knowledge of Python, Perl, Ruby, or your favorite language of choice, and familiarity with the underlying transport mechanism (JSON-RPC), it’s easy to write some custom functionality to help with deployments, provisioning, configurations and many other things.  Arista has continued its ongoing effort to make life...
Continue reading →

A comparison of virtual ip commands

The ‘ip virtual-router’ command Switch1:   Switch1(config)#interface vlan 10   Switch1(config-if-Vl10)#ip address 10.0.0.2/24   Switch1(config-if-Vl10)#ip virtual-router address 10.0.0.1   Switch1(config)#ip virtual-router mac-address 00:1c:73:00:00:99 Switch2:   Switch2(config)#interface vlan 10   Switch2(config-if-Vl10)#ip address 10.0.0.3/24   Switch2(config-if-Vl10)#ip virtual-router address 10.0.0.1   Switch2(config)#ip virtual-router mac-address 00:1c:73:00:00:99 The ‘ip virtual-router address’ command requires an IP address to be configured on the SVI where it is applied. How does the host resolve ARP for the default gateway/vIP? Gratuitous ARPs: Gratuitous ARPs are periodically sent from both switches which have VARP configured. In the gratuitous ARPs the configured vMAC is used as the Ethernet Source MAC. The ARP message  informs the host that Virtual IP...
Continue reading →

Arista + Ansible – Getting Started

The Ansible 2.1 release made it easier than ever to manage Arista switches.  The following article describes how to leverage Ansible for EOS configuration management. The Basics If you’re brand new to Ansible, it might be helpful to take a spin through their Overview and Getting Started just to familiarize yourself with some of the basic concepts. The Ansible documentation has a great introduction to Ansible for Networking – definitely check it out before reading on. EOS Modules  Ansible modules do all of the heavy-lifting, and there’s a module to do just about anything you could possible think of, from copying a...
Continue reading →

Troubleshooting congestion – Investigating and taking corrective steps

  1) Introduction Congestion might not be obvious, it can be discovered reactively in disastrous situations, or proactively by collecting statistics off equipment and investigating symptoms demonstrated by the applications and systems.   Deep buffers on switches is a blanket and effortless solution to the problem, but it might not be materially possible or justifiable everywhere on a network. This document discusses design considerations in case of congestion.     2) Measuring The first step (which might seem obvious) for understanding some potential issues is to translate the symptoms such as slow, unresponsive, poor performance, into measurable and baselined metrics...
Continue reading →

MLAG ISSU

Overview MLAG ISSU (In-Service Software Upgrade) upgrades EOS software on one MLAG peer with minimal traffic disruptions on active MLAG interfaces and without changing the network topology. Note: Traffic impact could be seen for orphan links, active partial links and packets in flight   MLAG considerations before upgrade   I. Check for configuration inconsistencies Following features should be configured consistently on each switch: VLANs Switchport configuration on port channel interfaces that are configured with an MLAG ID STP configuration (global) In EOS versions 4.15.2F onwards, we can use MLAG configuration check feature: https://eos.arista.com/eos-4-15-2f/mlag-config-check/   II. Resolve ISSU warnings Resolve the...
Continue reading →

Valid Python Scripts may fail in OS X ‘El Capitan’

Python scripts can be run on OS X using eAPI to access Arista Switches or vEOS instances. Python Scripts can also be run on OS X to automate the installation of vEOS: (https://github.com/arista-eosplus/packer-veos). After installing or upgrading to OSX ‘El Capitan’ (OS X version 10.11.5) Python Scripts that previously worked fine under earlier versions of OS X or work on other operating systems may fail. This is evident when making a Python Script executable after issuing the chmod +x command.  This is due to operating system changes Apple has introduced in ‘El Capitan’. Although, this problem may affect eAPI and...
Continue reading →

Introduction to Managing EOS Devices – Memory Utilisation

A common question that users new to EOS have is concerning the high levels of memory utilisation seen on Arista switches (~70% utilised). Typically this is first flagged by the NMS and triggers a low memory warning or alarm. Unlike a traditional switching OS, EOS uses Linux page caching. Most free memory is used as a live cache and very low ‘free memory’  numbers are entirely normal, providing that enough memory is available from the buffers and cached memory for applications demanding more RAM. In this case, the OS is capable of freeing up memory from cache as processes demand it. Memory...
Continue reading →

Arista 7150 Series Hardware Based NAT For Unicast Traffic

Arista 7150 series switches use Intel’s Fulcrum FM6000 (code named ‘Alta’) ASIC for packet processing. The ASIC includes several features for IP header translation including Network Address Translation (NAT). In doing so, packets to be NAT’d are processed by the ASIC which is known as Hardware NAT rather than by CPU known as Software NAT. Hardware NAT provides much better scale and performance compared to Software NAT.  The 7150 series switches can provide 10/40Gbps line rate hardware based NAT  across all Ethernet ports at the same time. The number of available ports varies depending on the particular model – it...
Continue reading →

Monitoring EOS with tcollector and OpenTSDB

EOS is a Linux distribution (based on Fedora), which means, among other things, that it can be monitored like any Linux server running Fedora.  In this post we show how to package a popular open-source monitoring framework, tcollector, as an EOS extension. A bit of history OpenTSDB is a distributed time series database used for infrastructure monitoring in many medium to large scale environments.  It uses a push model, meaning that OpenTSDB is not responsible for pulling monitoring from a set list of targets to monitor, rather the targets themselves are responsible for pushing their monitoring data to OpenTSDB, be...
Continue reading →

Virtual Routing and Forwarding (VRF) Fundamentals

This document will provide a summary over an Arista EOS switch and how an administrator can use Virtual Routing and Forwarding (VRFs) to achieve a desired solution. The number of VRFs varies per switch due to the amount of RAM and CPU on a switch.  As of this writing, VRF scale are the following per model. Configuration of a VRF is fairly straightforward and all VRFs have their own separate forwarding tables.  As with everything in EOS, all VRFs meet at SysDB. As these numbers may change in the future (as new features are added), please refer to the Release...
Continue reading →

Slow SSH Login

A common issue is when accessing a switch via SSH it takes a long time for the user to login and then after that the connection flows smoothly. This is generally due to the fact that SSH does a reverse DNS lookup for the remote device and the DNS query times out. Another common issue is that the management interface is in a VRF but the name servers are not defined in the VRF. To configure a name server in the vrf “management” ip name-server vrf management 10.1.1.10 Ensure that you can ping the DNS server from the switch. If the DNS server...
Continue reading →

ARP replies in a VxLAN plus routing Data Center Inter-connect deployment

Overview VxLAN and routing with DCI inter-connect can cause ARP issues with VLAN segment extensions between datacenters. The goal of this article is to outline the issue relating to ARP replies with VxLAN routing and VARP. We will show the use of a workaround today (recommended) and how the new ARP-Reply feature will resolve the problem.  This feature will be introduced in later version of EOS. The date will be announced in the future. Issue: VxLAN with the directing routing model for DCI will requires a unique VARP MAC address per DC. This is needed when  when there are two...
Continue reading →

Config Sessions Tips

Description: You want to implement human error prevention, 4-eyes-principle, task separation and delegation in your network? Then read on. We’ll show you how you can delegate configuration preparation to the operators team, retaining the control to commit the submitted changes, and having a delayed roll-back as a safety network in case something went wrong. Please also refer to the article “How to keep last X startup configs” for further tips on config handling and versioning. User Management: Let’s create two roles: one for the Network Operations team, that is allowed to use “configure session” to prepare changes, but is not...
Continue reading →

Can OpenStack Run Over a VXLAN Fabric Without an Overlay Controller?

At the OpenStack Summit in Hong Kong at the end of 2013, I gave a talk (video, slides) on the requirements, tradeoffs, and potential designs for deploying OpenStack over a VXLAN fabric. It’s been long enough that it feels like it’s time to revisit the topic. More specifically, I want to focus on the question of whether you can now build such a fabric with a mix of both hardware and software networking elements while only running standalone Neutron, which wasn’t really possible back when I originally gave the talk. Using an external overlay controller was considered the only way to...
Continue reading →

Deploying Arista Switches using CloudVision Portal

Deploying Arista switches using CloudVision Portal (CVP) Introduction CloudVision Portal or CVP is an automation and orchestration tool for management and deployment of switch configuration across an entire IP based data center network. CVP uses a container hierarchy for organizing devices into logical groups and splits the device configurations into ‘configlets’ which can be applied at varying levels of the hierarchy to provide inheritance and de-duplication of effort when developing device configuration. This approach reduces human error thru inheritance of configuration. Operators can focus on the device specific configuration, knowing that general configuration, such as, AAA, domain name and DNS...
Continue reading →

Spotify’s SDN Internet Router

How does one build an Internet-scale router using data center switches and a bit of SDN grease? One solution is what Spotify built with their open-source SIR (SDN Internet Router). Before we go any further, let us address the why. Why would one want to do this? The price-performance ratio between a data center switch and an Internet router is on the order of 10x. Data center switches based on merchant silicon can offer three times the density of high-end routers for a third of the price. For this reason, replacing expensive high-end routers with programmable data center switches using...
Continue reading →

Arista + Ansible: A Dramatically Simple New Approach

On February 18th, 2016 Ansible (Red Hat) announced a new initiative to help bring years of systems administration experience to the network by creating a new set of modules built specifically for network devices.  This announcement signals a new direction for Ansible, a technology that previously omitted native support for the majority of network vendors.  What does this announcement mean and how can you get started with your Arista devices? A Brief History Astute readers may be wondering, “Why does this matter? I can already manage my Arista device with Ansible.” That’s true, but the announcement from Ansible changes the approach we...
Continue reading →

OpenConfig: the emerging industry standard API for network elements

The OpenConfig working group is tackling a number of challenging problems that have hindered multi-vendor network programmability: Creating vendor-independent models to represent all the aspects of a network element; Making these models programmatically accessible and modifiable; Changing from a pull model to a push model, with subscriptions and update streaming. We are very excited about this effort and we believe it has a good chance of succeeding as it is driven by some of the biggest cloud and service provider operators. For the past year, we have been working closely with members of the working group and in particular with...
Continue reading →

VXLAN Without Controller for Network Virtualization with Arista physical VTEPs

  1) Introduction This article assumed an understanding of the VXLAN concepts. This article aims at guiding the design and implementation of network virtualization with VXLAN, employing physical VTEPs. This controller-less design provides Layer2 communication across a Layer3 network for any Layer2 Ethernet device. This solution guide resolves network virtualization for network teams that might not have yet a network virtualisation controller, or cloud management platform (CMP), but want to benefit now from all the advantages of VXLAN. Without network controller, the virtual switches will not participate natively in the VXLAN overlay setup, they would be configured the traditional way...
Continue reading →

How to Install & Configure Arista’s DirectFlow Assist for Palo Alto Firewalls

Contents Summary Prerequisite Summary Prerequisite Concepts Configuring QoS Markings Configuring the DFA Modes DFA Installation Palo Alto Configuration Troubleshooting SUMMARY For the high level solution brief, view the Palo Alto Solution Brief. One of the many features of having an Arista switch is the ability to install extensions on the box. Remember that you can manage the Arista switch as if it was a Linux server (it actually is, but that’s outside the scope of this article) – and because of this we can install RPM packages. One of the packages we can install is Arista’s DirectFlow Assist (DFA), which...
Continue reading →

Migration to VXLAN

Migration to VXLAN Introduction This document describes the operation and configuration of Data Center Interconnect (DCI) by using open standards protocols VXLAN (RFC 7348) and how to migrate away from existing solutions. Refer to the following document for a VXLAN deep dive: Arista DCI with VXLAN design guide VXLAN bridging and routing   Why do we need Data Center Interconnect? A requirement for businesses is to operate multiple, geographically dispersed data centers. Data center interconnect ensures: Distribution of applications data in more than one of these data center, Increasing the service availability, Improving application performance driving operational efficiencies, Allowing for rapid movement...
Continue reading →

Automate switch port configuration with EosSdk

Switch migrations are part of life in any datacenter, whether to add capacity with a larger system or new capabilities with a later product generation. There are two parts to this task – loading a configuration and the “rack and stack” of physical installation and cabling. Configuring the new new leaf switch is greatly simplified by tools such as ZTPServer. You can even use LLDP to verify that you’ve cabled the switch to its neighbors correctly. However, when it comes to plugging in servers, you still depend on a very manual process. This can be straight forward when you’ve a single VLAN...
Continue reading →

Arista EOS – BGP Selective Route Download

Today, various content provided through the Internet continues to grow exponentially. Content Providers have spent significant CapEx dollars for their infrastructure typically peering with multiple providers to give their customers the best experience possible. This classically calls for BGP peering between these providers and leveraging one provider as a transit with a default route. Given the fact that many views of the global Internet routing table show approximately 580,000 IPv4 prefixes and 20,000 IPv6 prefixes (December 2015), large expensive routers are traditionally used in this capacity. This is because traditional deployments in the past took all the routes in the...
Continue reading →

Maintenance Mode Lab – Example of BGP on Spine

Maintenance Mode Introduced in Arista’s EOS 4.15.2F, Maintenance Mode is a method to allow for easy maintenance of a switch or specific elements of a switch. The goal is to provide a set of commands with a wide range of flexibility that make our network operations lives a bit simpler. And along the way try to help drive down human error. With Maintenance Mode we expect to make the removal and reintroduction of a whole switch or portions of the switch a graceful operation that minimizes network downtime. The initial introduction of Maintenance Mode was aimed at BGP, Interfaces and the Switch as...
Continue reading →