• Category : Tech Tips

 
 

A simple GNU sed example on EOS

Hopefully by now you are aware that Arista EOS (Extensible Operating System), which is the operating system that runs on Arista switches, is based on Linux. From the CLI you can drop to the Bash shell by just typing bash. Given that EOS is based on Linux you already have access to many of the helpful utilities seen in many Linux distributions. Let’s pretend that you have a configuration file that was copied over from another very similar configuration and that the only thing that needs to change is every occurrence of IP addresses that look like 10.0.x.y. This is...
Continue reading →

Understanding Table Sizes on the 7050QX-32

A common question asked about Arista switches is “how many routes can they handle”, and unfortunately, this is never an easy question to answer. Dedicated switch ASIC hardware is required to program each route so that when a packet arrives with a certain destination address, the switch can look up the destination and route the packet to the correct interface at line-rate across all the ports. The part that makes it hard is that there is practically never a 1:1 mapping between hardware resources on a switch and the number of routes that can be programmed into them, and under...
Continue reading →

Curl’ing with EOS and third party devices

Perhaps you’re aware that EOS is based on Linux, which comes with many powerful & useful built-in utilities. I recently wrote an EOS Central article on sed. Even if you are not a pure networking person (perhaps you’re a server person), many of the familiar Linux tools you have used in your past exist on EOS natively today. One of my customers recently shared an experience with me that made me smile because they had now started to embrace the Linux underpinnings & power of EOS after running into a configuration challenge with a 3rd party (television) broadcast IP/SDI gateway...
Continue reading →

CloudVision Event Guide

Overview This article identifies some of the common CloudVision Events and provides information regarding the events themselves or references to troubleshoot the underlying cause of the events. CVP Events BUGALERTS_CVE_EXPOSED Explanation: CVP detected a potential CVE on the switches. For more information, please visit https://www.arista.com/en/support/advisories-notices. CONNECTIVITY_MONITOR_ANOMALY Explanation: The cloudtracer latency anomaly event monitors the latency metric between devices and configured hosts. CVP detected a deviation in these metrics from the historical bounds. For more information, please visit https://eos.arista.com/toi/cvp-2020-1-0/events/#CloudTracer_Latency_Anomaly_Events. LOW_DEVICE_DISK_SPACE Explanation: CVP detected that the filesystem space on a device is below the set threshold. To debug  possible causes for the...
Continue reading →

Troubleshooting Egress Queue drops on 7280/7500 devices

Aggregate VoQ drops on 7280/7500 devices On 7280/7500 devices, the platform architecture uses Virtual Output Queuing (VoQ) between the ingress and egress chips to forward known unicast traffic. Whenever a packet is to be transmitted, the ingress chip requests for credit from the egress. Once the credits are issued/granted, the packet is dequeued to the egress chip. While the packets are awaiting the credit, they are enqueued on the ingress chip buffers, in the Virtual Output Queue (VoQ) for the corresponding egress port. Accordingly, in the output of “show interfaces counters queue detail” on these devices, we see two sections:...
Continue reading →

Operation of the Route-Map ‘continue’ feature with CLI outputs

Supported Platforms The Route-Map ‘continue’ feature is supported on all platforms and is hence platform-independent. The support for this feature in Multi-agent model has been added since EOS-4.21.0, and the support for this feature in Single-agent model  is supported since EOS-4.10.2 Background of the default operation of a route-map A given route-map can have a number of sequence statements each of which contain optional match and/or set rules. When a route is advertised to a BGP neighbor or received from a BGP neighbor, that route is evaluated against each sequence statement of the route-map that’s applied to the concerned neighbor,...
Continue reading →

Onboarding a switch in CVP

Description This article will talk about how to onboard a switch in CVP 2019.1.x/2020.1.x and will deep-dive into the process involved during the registration process. In addition, we will also include the troubleshooting steps that can be taken in case the registration process fails.  Platform compatibility This feature is supported on all platforms. Configuration On the Switch: To enable the onboarding process, we will need to first enable command-api on the switch so that the switch is able to communicate with CVP via eAPI. This can be done in the following way: Arista#configure Arista(config)#management api http-commands Arista(config-mgmt-api-http-cmds)#no shut Arista(config-mgmt-api-http-cmds)#show active...
Continue reading →

Launching CloudEOS in Azure with Terraform

Launching CloudEOS in Azure with Terraform Introduction Enterprise cloud organizations are orchestrating environments in the cloud.  This can be done with cloud native tools such as AWS CloudFormation or Azure Resource Manager Templates.  However, Terraform is winning enterprise mindshare as a cross-cloud orchestration system, and this post is an example of a simple CloudEOS deployment into Azure using Terraform. Diagram Below is the diagram that will be referenced in this post. Prerequisites It will be assumed that the reader has familiarity with Terraform and how to setup the Terraform environment.  For basic instructions on setting up a Terraform environment, see...
Continue reading →

Launching CloudEOS in AWS with Terraform

Launching CloudEOS in AWS with Terraform Introduction Enterprise cloud organizations are orchestrating environments in the cloud.  This can be done with cloud native tools such as AWS CloudFormation or Azure Resource Manager Templates.  However, Terraform is winning enterprise mindshare as a cross-cloud orchestration system, and this post is an example of a simple CloudEOS deployment into AWS using Terraform. Diagram Below is the diagram that will be referenced in this post. Prerequisites It will be assumed that the reader has familiarity with Terraform and how to setup the Terraform environment.  For basic instructions on installing and setting up a Terraform...
Continue reading →

Monitoring Link Quality Using Forward Error Correction (FEC) Data on Arista Switches

Introduction When forward error correction is enabled, it provides a set of statistics which can be used to monitor the health of the link at layer 1.  By comparing trends over time it may be possible to predict which links may experience service impacting error rates allowing action to be taken before these events. This document will describe these statistics and how to monitor them on an Arista switch running EOS.   Forward Error Correction Forward error correction (FEC) is a technique used in data communications where data is portioned into blocks and to these blocks parity bits are added. When...
Continue reading →

Streaming EOS telemetry states to ELK stack using openconfigbeat

Introduction The purpose of this document is to help you to set up an ELK (Elasticsearch/Logstash/Kibana) stack and stream EOS Telemetry states from an Arista Switch using openconfigbeat that can stream gRPC updates from OpenConfig or TerminAttr directly into Elasticsearch. Please note, that this app was written as a proof-of-concept and is supported on a best-effort basis. The projects can be forked and modified to suit your needs. Feedbacks are always welcome and issues can be filed like for any other projects on Github. Elasticsearch is the distributed search and analytics engine at the heart of the Elastic Stack. Logstash...
Continue reading →

Commit Signing with Git at Enterprise Scale

Commit Signing with Git at Enterprise Scale Git is one of the most ubiquitous version control systems used today, seeing extensive usage in projects both around the world and within Arista. Everyday numerous Arista employees, located around the world, make commits to the codebase to fix bugs, add features, and save works in progress. The same scenario plays out with many other people, both when working for private enterprises, government institutions, and open source projects. The following paper discusses changes made to alleviate a fundamental security problem with Git, and version control systems in general. It is assumed that readers...
Continue reading →

How to build and install DPDKCap

Introduction DPDKCap is high performance packet capture tool based on DPDK. This guide explains how to build, install and use DPDKCap on a CentOS 7 based system. Arista Fork : https://github.com/aristanetworks/dpdkcap Assumptions CentOS 7 Linux NVMe capture drive (not mandatory but recommended for line rate capture) Running as root user CPU & NIC combination that supports DPDK System used to validate performance Manufacturer: Supermicro Part number: SYS-E300-8D Processor: Intel Xeon CPU D-1518 Memory: 2x Micron 9ASF1G72PZ-2G3A1 8GB DIMMs HDD: Samsung 860 PRO SSD 4TB NVMe: Samsung 960 EVO 1TB Build steps Create a directory at /data and format and mount...
Continue reading →

Syslog message generation on MAC table changes

This feature provides the ability to generate Syslog messages for the events related to mac address entries being learnt or removed from the mac address-table on the switch. Here we will leverage following two key features of EOS: Event Monitor Event Handler Platform compatibility This feature is supported on all platforms.   Configuration The following shows how to configure the event monitor and event-handler for generating syslog messages for each mac address entry learnt or removed from the eventmon database.   1) First of all, enable the event monitor on the switch with the help of command event-monitor. Switch(config)# Switch(config)#...
Continue reading →

CloudVision Portal Hardening Guide

Introduction This guide is provided as a starting point for securing CloudVision Portal, also known as CVP. In the below sections various best practices such as non-default configurations, setup instructions, and discussions of other monitoring systems are discussed.  The best way to ensure that a CVP system remains secure is to combine the configuration instructions discussed below with a monitoring solution for log output. In addition, keeping CVP up to date and monitoring Arista’s list of security advisories ( https://www.arista.com/en/support/advisories-notices/security-advisories ) is always recommended.  CVP Default Settings By default CVP should be expected to ship with settings that will work...
Continue reading →

Hardening and Security

Overview An organisation’s communications infrastructure and the tools that surround it carry business critical, high value commercially sensitive information and are obvious targets for malicious actors to attempt to compromise and organisation or exfiltrate its intellectual property. Arista Networks takes its role in ensuring ongoing security extremely seriously through both secure manufacturing and supply as well as an ongoing commitment to vulnerability detection, mitigation and remediation. Product security must also be complemented by the implementation of product hardening best practices during the installation and operation of the infrastructure. The links provided below offer the latest best practise advice on a...
Continue reading →

Pause – Revisit the Fundamentals – Rehearse, Rehearse, Rehearse

Why? I’d like to think of this as a chapter in the manual of “CoNE.” Code of Network Ethics. OK, so I made that up. But it should be a thing, right? How many outages have you experienced where the original problem wasn’t nearly as impactful as the attempted fix? We have all experienced maintenance windows where we tried a fall-forward approach because we didn’t want to back-out the change. And the fall- or fail-forward method cost us an extended maintenance window that bled into the production time. The impact of these errors in the care and feeding of the...
Continue reading →

Pause – Revisit the Fundamentals – Know Your Tools

Introduction Please. Pretty please. Pretty please with sugar on top. Do these pleas sound familiar when trying to buy tools for your network? Making a purchase for moving Production traffic is easier. You may be able to quantify how much time can be saved with the purchase of a tool for automation. Or for a tool with an integration focus. Easiest of all may be when proposing a self-service tool that unburdens the thin IT staff. How do you justify spending money on tools for a rainy day when the sun is shining and the birds are chirping? It can...
Continue reading →

Deploying Cloudvision Portal (CVP) on Proxmox VE

Introduction Proxmox is an open source server virtualization solution based on QEMU/KVM and LXC.  You can manage virtual machines, containers, high availability clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. The purpose of this article is to assist in deployment of Arista’s Cloudvision Portal (CVP) within Proxmox VE.  The benefit of utilizing CVP within Proxmox VE is that it offers an open source, subscription free option for those who may not be able to afford proper VMware licensing for lab/demo deployments and/or would like to utilize the rich, open source feature set provided by Proxmox...
Continue reading →

Automate a Layer 3 MLAG Campus Stack With In-Band Management and Telemetry Using CVP

Overview One of the advantages Arista offers for campus switches is an automated approach to grouping campus closet switches together into a virtual stack via CloudVision Portal (CVP).  This article covers a Configlet Builder that will automate the building of a Layer 3 Leaf Spine (L3LS) architecture integrated into the data center. Introduction In a Data Center, switches are traditionally managed out-of-band where the forwarding of management information is in a separate data path than the actual data center traffic.  The management connections are via a separate management network, and the switches typically plug into that environment through a copper...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: