Category : Tech Tips

Introduction Please. Pretty please. Pretty please with sugar on top. Do these pleas sound familiar when trying to buy tools for your network? Making a purchase for moving Production traffic is easier. You may be able to quantify how much time can be saved with the purchase of a tool for automation. Or for a tool with an integration focus. Easiest of all may be when proposing a self-service tool that unburdens the thin IT staff. How do you justify spending money on tools for a rainy day when the sun is shining and the birds are chirping? It can...
Continue reading →

Overview One of the advantages Arista offers for campus switches is an automated approach to grouping campus closet switches together into a virtual stack via CloudVision Portal (CVP).  This article covers a Configlet Builder that will automate the building of a Layer 3 Leaf Spine (L3LS) architecture integrated into the data center. Introduction In a Data Center, switches are traditionally managed out-of-band where the forwarding of management information is in a separate data path than the actual data center traffic.  The management connections are via a separate management network, and the switches typically plug into that environment through a copper...
Continue reading →

Introduction Arista has introduced BGP FlowSpec support to EOS in addition to its long supported sFlow feature. This article demonstrates real-time DDoS mitigation using BGP Remote Triggered Black Hole (RTBH) and FlowSpec. Leveraging Open-Source Tools DDoS Protect is an open source application running on the sFlow-RT real-time analytics engine. The software uses streaming analytics to rapidly detect and characterize DDoS flood attacks and automatically applies BGP remote triggered black hole (RTBH) and/or FlowSpec controls to mitigate their impact. The total time to detect and mitigate an attack is in the order of a second. The combination of  standard telemetry (sFlow) and control (BGP FlowSpec) provide the...
Continue reading →

Introduction From your manager; “We have a greenfield data center project heading our way. I need you to start working on a design for two data centers. Each data center will be 10,000 square feet in size. We’ll need full network redundancy. It needs to support virtualized compute, physical compute, IP Storage, load balancers, firewalls, an oversubscription ration of 3:1 or better, horizontal cabling based on MMF and a set of Data Center Interconnect links with Layer 2 adjacency to support VM Mobility. Oh, and I need a rough budget estimate by the end of the week.” Sound familiar? Hurry...
Continue reading →

Overview One of the advantages Arista offers for campus switches is an automated approach to stacking via CloudVision Portal (CVP), and this article covers a Configlet Builder that will allow for this automation in a Layer 2 Leaf Spine architecture. Introduction In a Data Center, switches are traditionally managed out-of-band where the forwarding of management information is in a separate data path than the actual data center traffic.  The management connections are via a separate management network, and the switches typically plug into that environment through a copper Ethernet port.  In campus, however, management is typically done in-band meaning that...
Continue reading →

Introduction VMWare NSX-T 3.0 introduced support for EVPN Type-5 integration which allows efficient multi-tenant L3 exchange between VMWare NSX-T Edge and external gateways. The following graph should visualize life before and after the EVPN Type5 support: Instead of having 802.1q trunk interface with L3 sub-interface per VRF, we now can have a single routed interface with just a single BGP EVPN session. This greatly reduces configuration overhead on both sides. This article will describe all necessary steps required to test this feature against Arista EOS devices. Test Setup Let us assume we already have running EVPN/VXLAN fabric with Symmetric IRB...
Continue reading →

Introduction The use of Virtual Routing Forwarding (VRF) to provide a level of segmentation is common practice. In order for traffic to communicate between VRFs, a firewall is generally part of the design. However, situations exist where it is not desirable to place the traffic load between VRFs on the firewall. This article provides a basic solution to leak routes from one VRF to another allowing select subnets to communicate directly. Platforms EOS Switch Versions 4.22F and above Description The Inter-VRF local route leaking feature allows the leaking of routes from one VRF to another using a route map as...
Continue reading →

Service providers proficiently use BGP to deliver their services to their customers and communicate witht their peers. This article features some design considerations and configuration examples to try to showcase how a service provider could use BGP and other functionality to operate their networks. 1 BGP peering configuration example for service providers 1.1 Service provider edge A typical service provider edge will be running one or more several peers connecting the SP to its customers and other SPs. This type of autonomous systems is called transit AS. The role of this type of network is to aggregate neighboring networks to...
Continue reading →

Enterprises seeking redundancy for their Internet connetivity and agility to change service provider when needed, greatly benefit from having their own AS number and IP addresses that can be announced using their own BGP routers. This article features some design considerations and configuration to achieve this in a common enterprise scenario. 1 Internet BGP peering examples for enterprises 1.1 Enterprise edge A typical use case of BGP for an enterprise is to create a possibility to have redundant SPs as Internet uplinks and have its own private IP range (PI) that does not belong to any SP (addresses that belongs...
Continue reading →

Internet is not one single network, it consists of a number of networks owned and operated by different commercial and non-commercial entities. Each network is considered its own autonomous system. To separate the networks from each other, each network has a number called autonomous system number (AS number). The delegation of AS numbers is done by the organizations ARIN (Americas), RIPE (Europe) and APIC (APAC). These organization also delegate IP addresses that each AS is allowed to use. To exchange routing information for IP addresses between each AS, a protocol is needed, aswell as a router with the role to...
Continue reading →

Introduction EVE-NG is a client-less multivendor network emulation software that enables network and security professionals to build out network topologies and simulate networking environments. Using EVE-NG, Arista vEOS and Arista CloudVision, it is possible to simulate from start to end, connecting and provisioning a datacenter network, test scripting for CloudVision and finally test your EVPN Spine-Leaf configuration. This guide explains how to start an EVE-NG environment (either using the OVF image provided on the EVE-NG site, or by doing a bare-metal install), adding the vEOS and CloudVision images to EVE-NG and connecting the switches in a Leaf-Spine topology. The vEOS...
Continue reading →