• Category : Tech Tips

 
 

Data rate, FEC and auto-neg features of Arista’s 7020R series

Data rate, FEC and auto-neg features of Arista’s 7020R series The Arista 7020R Series, including the 7020SR, 7020TR and 7020TRA, are high performance 1RU fixed systems built for high density data center deployments.  The 7020SR provides SFP+ and QSFP100 ports, while the 7020TR / TRA provide 100M/1G RJ45 ports and SFP+ ports. The RJ45, SFP+ and QSFP100 ports on the 7020R series are capable of supporting a wide range of data rates, from 100M to 100G. Different FEC and auto-negotiation options are supported on the various ports. The range of port capabilities of the 7020R series are summarized in the...
Continue reading →

Using CloudVision Portal to Manage Arista AnyCloud

Introduction There are many advantages to using Arista’s vEOS Router and CloudVision Portal (CVP) in hybrid cloud environments. Among those advantages are: Arista EOS is a proven and stable network operating system used in some of the largest networks in the world. The same EOS that runs on our physical switches also runs in the public cloud. CloudVision Portal provides a common management model for network devices whether running in a customer’s private data center or in public cloud environments. CloudVision Portal provides turn-key automation and real-time telemetry across private and public cloud environments. One of the primary challenges to...
Continue reading →

Enterprise Internet Routing

Overview The objective of this document is to cover the most common Enterprise Internet Routing use case. The information provided here is based on two Arista switches peering with two ISP’s (Internet Service Providers) for redundancy. There are many other valid deployment models that are not covered in this document. Terminology BGP – Border Gateway Protocol ISP – Internet Service Provider BGP Peering – a session between two BGP routers that allows exchange of routes Full Internet Routing Table – all public routes on the Internet AS – Autonomous System – defines domain boundaries IGP – Interior Gateway Protocol EGP...
Continue reading →

ClearPass TACACS+ Authorization with CVP

ClearPass TACACS+ Authorization with CVP Introduction The purpose of this article is to learn how to correctly set up the TACACS+ service in Aruba ClearPass in order to successfully authenticate on the CVP GUI as a network admin. Our goal is to configure ClearPass Policy Manager [CPPM] to send us the cvp-roles=network-admin attribute in the TACACS+ Authorization reply packet. By default this does not happen, because cvp-roles is a custom attribute that has to be added to the TACACS+ dictionary on any type of TACACS+ implementation. Without this, the default role of network-operator will be allocated to the user, that...
Continue reading →

Layer 2 Data Center Interconnect – Reference Designs

Introduction VxLAN is a popular choice for extending Layer 2 both intra and inter DC using overlays. Arista offers multiple control plane choices for VxLAN: Static HER, CVX and EVPN. In this article, two approaches to designing a L2 DCI over a L3 underlay are discussed. High-level technical details of each design approach is described first, followed by a comparison of the two options along with their typical use cases. Design 1: Multi-domain Overlay In this design, two overlay domains are identified: DC Fabric domain: This is the VxLAN domain within the DC Layer 3 Leaf-Spine Fabric with Leafs acting...
Continue reading →

Enabling eAPI on Multiple Devices using Netmiko

Preface In standard Arista deployments, one of the most powerful and common tools that will be used is the EOS API (eAPI). It is good practice to enable this on every initial deployment. One of the best ways to do this is via Zero Touch Provisioning (ZTP), but in some cases, ZTP is not an option. When this becomes the case, it can be easy to enable eAPI on all of your devices quickly through the use of the Python programming language and SSH (which is enabled by default on all Arista Switches). Throughout this document, we will go over...
Continue reading →

Applying Hot Patches to EOS Software with CloudVision Portal

Maintaining a secure posture within any enterprise is a difficult task. This task can be particularly difficult on the network infrastructure due to a variety of reasons including software quality and network downtime availability. Arista’s unique software architecture has often enabled most security patches to be delivered as hot patches that can be applied to a live running system with low to no impact to the network dataplane eliminating some of the most difficult challenges with maintaining a secure software posture. The only challenge that remains is the effort required to distribute these software patches. In this article, we are...
Continue reading →

IPv4 & IPv6 MPLS VPN Configuration Guide

IPv4 and IPv6 VPN Overview   RFC 4364 allows for Service Providers and Enterprises to use their backbone infrastructure to provide the services to multiple such customers, or internal departments, while: Maintaining privacy Allowing for IP address overlap amongst customers Constrained route distribution – so that only the service provider routers which need the routes have them.   This is achieved through the usage of VRFs, Route Distinguishers and Route-Targets   The IPv4/IPv6 VPN Standard RFC 4364 does the following: Specifics an BGP IPv4 VPN control plane with a MPLS data plane BGP control plane, new address family to advertise...
Continue reading →

Writing your own webhook relay – sending event alerts to Discord

Writing your own webhook relay – sending event alerts to Discord   Introduction Starting from version 2018.2.0, CVP supports configuring event alerts, where receivers can be email, Slack, PagerDuty, webhooks and others. The purpose of this article is to demonstrate how easy it is to write your own webhook relay app that will forward alerts to your favorite webhook endpoint, in my case, a Discord channel. Discord is getting more and more popular, not only amongst gamers, but also lots of companies started to use it. I’ve been using it for a couple of years now, and it made sense...
Continue reading →

BGP Peering – Configuration Best Practices – Security and Manageability

      BGP Peering – Configuration Best Practices – – – – – – – – – – – – – – – – Security and Manageability       1) Introduction This article provides suggestions of BGP peering configuration, with general best practices and some particular considerations for manageability and security.     2) Arista EOS Security – General   It is recommended to approach security not only specifically for BGP but to englobe other aspects of security for Arista EOS. More global security topics are covered in other articles, listed below. The present article focuses solely on...
Continue reading →

Traffic Generator on Arista

The following tools can be used to generate traffic on Arista switches for testing purposes :– Iperf – Ethxmit Both Iperf and Ethxmit tools are pre-installed on Arista switches and no additional configuration is required to use them.                                                                                                                              ...
Continue reading →

Traffic Engineering with Segment Routing and sFlow

Introduction Segment Routing (SR) solves a number of issues the existing MPLS IP networks face. Among the many benefits of Segment Routing, Traffic Engineering is a key one. Based on live telemetry events, traffic can be steered intelligently across a network using MPLS label paths a.k.a segment lists. The example discussed in this article shows how you can leverage BGP SR policy to alter traffic paths based on sFlow telemetry data. An SR Policy, discussed in detail here, is identified using a 2-tuple of Endpoint and color. Endpoint here refers to a destination prefix while color is a 32-bit BGP extended...
Continue reading →

Monitoring some agent’s memory utilisation

  Monitoring some agent’s memory utilisation   This article develops further https://eos.arista.com/introduction-to-managing-eos-devices-memory-utilisation/ authored by Colin MacGiollaEain to bring the context to a specific agent’s memory utilisation and how to remediate.   1) Introduction Monitoring the memory usage of specific EOS processes maybe useful to detect which features consume the control-plane resources, as a first step to clarify whether it is a normal behaviour or not. In abnormal circumstances the overall system may be running low on memory, in which case some culprit agent may be restarted, or some other agent may suffer a restart too (collateral damage) by the process scheduler. Examples...
Continue reading →

IP static route with health check

Introduction The purpose is to simplify ip static route with health check does_it_live.py script, it’s easy to enable this feature quickly without complicated programming. This feature leverages the Reachability Health Checks document ( https://eos.arista.com/reachability-health-checks/ ) and does_it_live.py  ( https://github.com/alexisdacquay/does_it_live ) which was made by Alexis Dacquay. Due to Reachability Health Checks(does_it_live.py) support rich parameters, there are mode(icmp/dns), interval, timeout, dampening, source. We just take it and use it. Configuration The following configuration commands have been added as part of this feature support: 1. Create ping check script on-boot: t3 – timeout 3 seconds, i3 – interval 3 seconds, 1.1.1.1 – ping check ip.   configuration:==============event-handler...
Continue reading →

Verify EOS 3rd party software versions

  EOS includes a Linux kernel, GNU tools, and other 3rd party software. EOS make use of some of such 3rd party software and you might want to verify the version they run. Note: not every 3rd party software is actively used by default. If you have a particular concern in mind regarding 3rd party software version then you must refer to the Arista security advisories page: https://www.arista.com/en/support/advisories-notices/security-advisories   3rd party software Bash CLI command to verify the version EOS version 4.15.1F 4.17.1F 4.18.2F 4.20.10M  4.21.0F Bash bash –version 4.1.16(1) 4.3.42(1) 4.3.42(1) 4.3.42(1) 4.3.42(1) DNSmasq dnsmasq -v 2.59 2.59 2.59 2.77 2.77...
Continue reading →

Reachability Health Checks

  1) Introduction 1.1) does_it_live.py This article describes a script called does_it_live, used to monitor the health of network targets, by testing IP reachability (by ICMP) and name resolution (by DNS). While some people might understand the Python code and find it self-explanatory and well documented, this articles aims at making the use of the script more accessible without digging into reading the script itself.   1.2) Purpose Ping is commonly used for manual health check across a network, and in particular from a network device itself to have a good picture of a network health from its perspective. Obviously...
Continue reading →

Virtual IPs in Vxlan and need for vVTEP

Objective Objective of this Document is to contrast the differences in the behaviour of “ip address virtual” and “ip virtual-router address” in VxLan and to understand the need for virtual VTEP IP with or without L2 VTEP in a network. Topology VXLAN Direct Routing Model Virtual IP in SVI 100: 100.100.100.50 Virtual IP in SVI 200: 200.200.200.50 Virtual MAC: 0011.2233.4455 VARP VTEP IP (VVTEP): 5.5.5.5/32 Underlay Protocol used: OSPF Types of Virtual IPs: Types of Virtual IPs usually configured with Vxlan: 1) ip virtual-router address 2) ip address virtual RULE-1 : If ethernet source MAC of original/naked frame is “PHYSICAL”...
Continue reading →

CloudVision Appliance Deployment Recommendations

CloudVision Appliance Introduction CloudVision Appliance is a physical appliance that runs CentOS base image and hosts one instance of each CloudVision Portal (CVP) and CloudVision eXchange (CVX) using KVM hypervisor. It comes with 4X1G NICs. The virtual NICs on CVP, CVX VMs are mapped to the physical NICs 1-4 as follows: For additional details, refer to CloudVision Appliance quick start guide here. Deployment Recommendations 1. Ensure that you are running the latest version of the host image; this provides updated OS packages and security patches. The current version of the host image can be checked using the following command from...
Continue reading →

Arista Custom Event Handler To Take Action Based On Interface Utilization

Introduction An EOS event handler executes a Linux Bash shell command in response to a specific system event. An event handler consists of a Bash command, a trigger and a delay; when the trigger event occurs, the action is scheduled to run after a delay in seconds. With the particular customer, I was working with they wanted to shut down a mirror session when a bandwidth threshold was reached. The main reason for the custom event-handler was because they were heavily oversubscribing a mirror session destination and were worried about affecting their production traffic. In the scenario, they had several...
Continue reading →

Network CI/CD Part 3 – Building a network CI pipeline with Gitlab, Ansible, cEOS, Robot Framework and Batfish

Previously on Network CI/CD… We’ve kicked off this series with an overview of cEOS-lab and different container orchestration tools that can be used for network simulations. In the second post we’ve seen how to automate network verification and testing with Arista’s Robot framework library. In this final post, we’ll put it all together to demonstrate a simple data centre network CI pipeline that will run through a sequence of stages to build and test every new configuration change. Introduction Let’s take a typical data centre leaf-spine network as an example and let’s assume that Leaf-1/2 and Spine-1/2 are already built...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: