Arista 7280R Series 40G/100G systems Multi-Speed Port Configuration
Overview In high performance leaf and spine networks the Arista 7280R Series enables a high level of flexibility with a common consistent architecture, with a choice of 1RU and 2RU fixed systems, 10G to 100G interface speeds and port density up to 72 ports of 40G and 60 ports of 100G. The 7280R Series include the ability for enabling multiple speeds on QSFP ports, with a per interface configuration that is optimized for the maximum overall system flexibility. On some members of the 7280R Series to maximise the total system port count, and at the same time facilitate the most...
Continue reading →
vEOS Router Architecture
One of the benefits of the vEOS router is that it runs the same code as normal EOS, but in a virtual machine instead of on a hardware switch. Thanks to the EOS’s modular architecture, supporting a virtual machine instance is as simple as adding different agents to the system to accommodate the virtual network drivers. In this post, I describe how the different virtual networking options work with vEOS both on a server and in the cloud. Then I will explore some of the differences between vEOS router, vEOS-lab, and EOS on a hardware switch. For more information on...
Continue reading →
How to install EVE-NG and add Arista vEOS and CloudVision
Introduction EVE-NG is a client-less multivendor network emulation software that empowers network and security professionals with huge opportunities in the networking world. Arista vEOS and Arista CloudVision together with the new EVE-NG platform is ready for today’s requirements. It allows customers to create virtual proof of concepts, solutions and training environments. This small guide explains how to base-install EVE-NG and how to create/modify templates to support and use Arista vEOS and Arista CloudVision images. More detailed installation-guides can be found on the EVE-NG website: http://www.eve-ng.net/ Deploy EVE-NG from an OVA file in VMWare ESXi 6.5 Download the newest EVE-NG...
Continue reading →
Deploy Arista vEOS-lab 4.19.0F (VirtualBox, VM Workstation, VM Fusion, vCenter 6.5)
How to deploy Arista vEOS-lab 4.19.0F Summary One great way to test drive an Arista switch is to download the free vm of the switch called vEOS-lab. This is the actual OS used on physical switches, but in a vmdk format that can be deployed on major hypervisors from VMware ESXi, vCenter, VM Workstation, VM Fusion, and VirtualBox. Because of the wide variety of hypervisors on the market, Arista has deploy this vm as a vmdk. The second file required is the Aboot iso. These files are uploaded as IDE devices onto the hypervisor. Minimum Req 2...
Continue reading →
WinSCP with Arista Switches
WinSCP with Arista Switches Summary WinSCP is a popular tool for quickly uploading and downloading files between hosts. On a Linux or Mac, scp is a CLI tool already built in and can be invoked by using the scp command. However, unlike Linux and Mac, there is no native CLI for scp on Windows. One tool that can be installed is pscp.exe from the guys who brought you PuTTY, found here. This post will go over the WinSCP, a GUI alternative. The latest version as of this writing is 5.11.1 which can be found here. There are three...
Continue reading →
Arista Hybrid Cloud – IPSec between vEOS Router and Linux
This document provides the steps and running configuration for setting up an IPsec connection between vEOS Router and a Linux Compute Node instance in AWS. On the Linux Compute Node Install Strongswan You might have to enable epel repository for yum on AWS. (https://aws.amazon.com/premiumsupport/knowledge-center/ec2-enable-epel/) yum install strongswan Create a GRE tunnel on the machine ip tunnel add tun0 mode gre remote <ip addr on veos et> local <ip addr on client eth> ip link set tun0 up ip addr add <ip addr> dev tun0 ip route add <prefix> dev tun0 In /etc/strongswan/ipsec.conf, add the configuration for the Ipsec...
Continue reading →
CloudVision Portal RESTful API Client
Arista Cloudvision® Portal (CVP) provides a central point of management for Arista network switches through shared snippets of configuration (configlets) enabling Network Engineers to provision the network more consistently and efficiently. While CVP highlights a graphical user interface for configuration and management of devices, it also includes a full-featured RESTful API that provides all of the same functionality available via the GUI which can be used to automate workflows and integrate with other tools. CVPRAC is a wrapper client for CVP’s RESTful APIs which greatly simplifies usage of the API and more elegantly handles the connections to the CVP nodes....
Continue reading →
Common Issues When Deploying CVX 4.18.2F on vCenter 6 or 6.5
Common Issues When Deploying CVX 4.18.2F on vCenter 6 or 6.5 Summary This article will go over how to install CVX on a vCenter 6 appliance. Starting from vCenter 6, there was a change in the OVFTool built into vCenter that changes the SHA hashing algorithm from 1 to 256. There is also an issue with 6.5 where it is required to go into the BIOS of the CVX vm and change the boot order from HDD to CD. The vEOS image (whethere as a vEOS-lab, vEOS for vRouter functionality in Amazon Web Services or Microsoft Azure, or...
Continue reading →
Using dynamic Ansible inventories to manage CloudVision switches.
Ansible Dynamic libraries with CloudVision The common question when talking with customers about CloudVision is are we able to also use a configuration management tool such as Ansible along with CloudVision? You can use CVP and Ansible to both manage your Arista devices. This is a guide to dynamically pull CloudVision for its devices and automatically have Ansible use those CVP managed devices. Arista has supported Ansible EOS modules for quite some time and are still innovating on new modules in the latest version of Ansible which at the time of writing is 2.3. Summary Dynamic inventories are setup in Ansible...
Continue reading →
Alias – Simple yet powerful
Alias – Simple yet powerful About: Alias mySimpleAlias <a maybe complicated command you would never remember> Alias commands can be composed of multiple lines and embed variables. Below is an example of alias used as configuration template for automating configuration with just few arguments. Sunch template can satisfy complex configurations and be highly reusable. This high-level scripting or command bundling is simple to implement yet powerful. The below example is a multi-line alias with variables (%<x>) alias set-baremetal !! Syntax : set-baremetal <INTF> <Po ID> <DESCR> <VLAN> !! Example: set-baremetal e1,2 po1 “To Server 42” 200 10 config 20 interface...
Continue reading →
Changing the switchport default mode
By default all ports on an Arista switch are configured to be switch ports, as you would expect. If you are mostly dealing with routed ports, this behaviour may not be totally desirable. Starting in EOS-4.18.0, this behaviour is configurable e.g. we can have all interfaces in routed mode by default. switch1...11:10:56(config)#show run int et 1-4interface Ethernet1interface Ethernet2interface Ethernet3interface Ethernet4switch1...11:11:00(config)#show interface Et1-4 switchport | i Name|Switchport:Name: Et1Switchport: EnabledName: Et2Switchport: EnabledName: Et3Switchport: EnabledName: Et4Switchport: Enabled To change the default, simply issue the configuration command switchport default mode routed As you can see, all interfaces are now in routed mode by default:...
Continue reading →
VM Tracer configuration on a layer 2 switch
Introduction There are many network architectures, which include a separate network for out-of-band management. All Arista switches come with at least one designated management interface that is VRF-aware. When VM Tracer is configured on an Arista switch, by default, vCenter communication will be sourced from the management interface. There are situations where a layer 2 switch has the management interface configured in a separate VRF, not reachable from the vCenter network segment. Objective Create reachability to vCenter from layer 2 switches that have the management interface configured in a separate VRF, not reachable from the vCenter network segment. Prerequisites Proper VM Tracer configuration...
Continue reading →
Export CVP Functionality to Ansible
In some network environments there is a separation of responsibility for the network infrastructure and the server side equipment. In these environments, different groups responsible for managing different equipment could use different tools for the job. This guide will discuss one of the several options for integrating Arista’s network management tool, CloudVision Portal (CVP), into an Ansible environment. Summary In this example, the environment uses Ansible as the configuration management tool for server provisioning but uses CVP for network management. The environment is set up to allow the server team to provision top of rack switch ports for servers using...
Continue reading →
Leveraging CVP Telemetry and ZTP in an Ansible Environment
This guide will discuss one of several options for integrating Arista’s network management tool, CloudVision Portal (CVP), into an Ansible environment. Summary In data center environments where Ansible is used for configuration management of all devices including networking equipment, the network operations team may want to leverage the telemetry and Zero Touch Provisioning (ZTP) functionality provided by the CloudVision Portal product. In this example, CVP will be used for ZTP, image upgrades, and telemetry while Ansible will be used to manage the switch configuration directly. Documentation for setting up ZTP can be found in the CloudVision configuration guide. Implementation This...
Continue reading →
Analyzing Packet Header Timestamps in Wireshark
Arista Packet Header Timestamps EOS 4.18.1F added header time stamping of all packets received on any tap interface in Tap Aggregation mode on the 7500/7280E and 7500/7280R. Full details on the implementation can be found in the feature’s TOI: https://eos.arista.com/eos-4-18-1f/tap-aggregation-ingress-header-time-stamping/ Since the timestamp is a new ethernet header, Wireshark doesn’t yet have a built in dissector for the protocol. We can write a dissector in Lua to do this for us. Header Format First we need to understand the new header format. The timestamp header is a new Ethernet/L2 header consisting of the Arista EtherType (0xD28B), a two-byte protocol subtype of 0x1, a...
Continue reading →
Managing EOS configuration with Puppet and Templates
Availability, stability, and effort (time) to complete maintenance are key factors for network management. Taking advantage of automated configuration management tools such as Puppet enable network engineers to ensure consistency in configurations, test changes before applying them to production networks, and multiply their effort when making changes that touch multiple devices. Puppet is a versatile tool which can require a ramp up period. However, there are significant long-term benefits when multiple organizations (server, application, etc.) within your company share the same tool set and knowledge. The introduction of the eos_switchconfig Puppet resource type to the EOS module eases the transition for...
Continue reading →
Graphing Arista EOS with Grafana,Telegraf and influxDB
Intro Arista devices leverage the Extensible Operating System(EOS): at the core of every Arista devices lies an unmodified Linux Kernel running a distribution of Fedora Core Linux. Therefore, EOS devices behavior very similarly to Linux servers. For a very long time Linux administrators have used a process on each Linux server to send metrics to a external data base and observe those metrics with a graphing tool. Since EOS is Linux-based, we are able to run the same collector agents on a Arista EOS device to collect metrics. This post will be a bit elaborate in information but will provide great detail for first...
Continue reading →
CloudVision Automated snapshot using Cloudvision API
Purpose The purpose of this document is to build an automated task to create container based snapshots using the CloudVision API along with a scheduled cron job from any reachable Unix/Linux/Mac server. This script will come in handy to compare network status/configuration of your entire network by taking snapshot on a predefined schedule and can be modified if an administrator’s requirements change. After we create a snapshot template in CloudVision (by default, CloudVision uses the show_inventory template, but can be customized with the desired set of commands), we will write a simple Python script that leverages the snapshot template to perform...
Continue reading →
Arista Data Center Interconnect Solutions – Next-Generation 7500R 200G Coherent DWDM Platform
Introduction The latest smartphone app, mobile game, instant messaging tool or video sharing site hits the media, and all of a sudden everyone over the age of 20 discovers what the under-20’s have known for a while and download, install, use and share it. This trend repeats and repeats. This is the modern world of mobile, cloud networks and mega-scale datacenters. Keeping up with the latest trends is not just a problem for those old enough to remember texting with numeric keypads but also for the operators of these datacenters. More content, in more locations and at significantly faster...
Continue reading →
Interface Errors Explained
“show interface” is one of the more common commands that every network engineer uses. However, sometimes it’s not always clear what some of the displayed interface-level errors mean. This article explains some of the more common errors, their meaning, and possible causes. SymbolErrors * device receives invalid symbols in the frame * points to physical problems Alignment Errors – both conditions must be met: * The number of bits received is an odd byte count * The frame has a Frame Check Sequence (FCS) error * points to MAC layer or physical problems FCS Errors = frames failing FCS check...
Continue reading →
Using an SFP/SFP+ transceiver in a QSFP+/QSFP100 port
Introduction Situations may arise where a QSFP+ or QSFP100 (QSFP28) port must be utilized by an SFP+ or SFP adapter. Mellanox has a physical adapter (P/N: MAM1Q00A-QSA). This adapter is a physical cage that fits into a QSFP port and has an opening that fits an SFP or SFP+ transceiver. NOTE: Specific hardware used in this exercise: DCS-7150S-64-CL-R, Software image version: 4.17.3F. You should check the release notes for your version of EOS and model hardware to insure support. Currently, this adapter is tested with SFP (1G) or SFP+(10G) — (not SFP28/25G). Objective An SFP+ or SFP transceiver can be fit...
Continue reading →
VXLAN: security recommendations
Abstract This document provides recommendations that are advised to implement in order to increase the security in multitenant network environments built on Arista Networks devices using VXLAN. Introduction One of the crucial qualities of modern cloud network infrastructure is scalability. Scalability can’t be achieved if security of the network operations inside the cloud is compromised. As for example, load scalability is not achievable in environments where the VMs are not able to operate when the network between them is not working properly due to hijacked MAC-addresses. One of the technologies used nowadays to address the challenges with scalability inside the cloud networks...
Continue reading →
Arista 7280QR-C36 Load Balancing Optimization for Dual Homed Systems and Networks
Arista 7280QR-C36 The Arista DCS-7280QR-C36 switch is a purpose built flexible fixed configuration 1RU system capable of supporting a wide range of interface choices. Its designed for the highest performance environments such as IP Storage, Content Delivery Networks, Data Center Interconnect and IP Peering. The 7280QR-C36 is optimized for environments with dual connected nodes such as storage and for spine applications with dual homed leaf switches. This technical application note describes the internal optimized load-balancing mechanism used within the switch and how network architects can best deploy this system to maximize overall system performance. The internal architecture of the DCS-7280QR-C36...
Continue reading →
Load Balancing with ECMP: Hardware Configuration Lookup
Abstract: This publication illustrates a technique which can be used to find exactly how Arista devices program routes to send traffic across multiple available paths. An example will be given on the Arista DCS-7150S-52-CL-R running EOS version 4.14.8M. Initial configuration: As an IGP we are using OSPF with maximum paths feature configured: Arista(config)#router ospf 1 Arista(config-router-ospf)#maximum-paths 32 There are two iBGP peers configured via a peer-group “pg1”: Arista(config)#router bgp 65001 Arista(config-router-bgp)#neighbor pg1 maximum-routes 16000 Arista(config-router-bgp)#neighbor 172.20.18.49 peer-group pg1 Arista(config-router-bgp)#neighbor 172.20.18.121 peer-group pg1 iBGP advertisements: * > 10.82.2.32/27 172.20.16.143 0 100 0 64920 64944...
Continue reading →
MBR (Multicast Border Router)
Intro Enabling PIM MBR on an interface (where we don’t have an upstream PIM neighbor) will allow multicast traffic from remote sources that are outside of our PIM domain to be treated as locally connected sources. We typically see this scenario when we are receiving multicast feeds from a remote Exchange and a PIM neighbourship is not established on our upstream links. In the current PIM implementation (EOS 4.14.0F and later) EOS will drop multicast traffic that is not considered to be locally connected by default and we need to configure MBR to allow this multicast data. In the interfaces...
Continue reading →
Installing EOS hot fixes with CloudVision Portal
Installing hotfixes via CloudVision Portal One of the major strengths of EOS is the open nature of the operating system. By being able to add software to Arista switches, one can extend the capabilities of the operating system (that’s where the ‘E’ in EOS comes from after all). One scenario where this is perhaps most beneficial is in the realm of security updates. The majority of security updates to Arista’s operating system are initially delivered in the form of an extension prior to rolling the update into a new release of EOS. There are some clear advantages to this method...
Continue reading →
Understanding EOS Software Download Options
This post is to help explain the different Software Download options for a particular EOS release. For recommendations on which train or version of EOS you should use, please take a look at our Software Lifecycle, and Recommended Release pages. This advice only concerns images located in the Active and Support Only Releases folder. Images from the Other Releases and EFT folders are not for general use. Those releases are available only for specific deployments, and should only be used when specifically recommended by Arista. In this case, I’m taking a look at EOS-4.17.1F and you can see from the...
Continue reading →
Common AAA Requirements
This article describes sample configuration for most common AAA requirements. It covers default behavior of EOS and a basic configuration guide with respect to Authentication and Authorization through local, RADIUS and TACACS+. The article also includes sample TACACS+ config files and RADIUS dictionary files. Authentication SSH Authentication To have users locally authenticated, configure by entering the command: Arista(config)#aaa authentication login default local Other methods available are TACACS+ and RADIUS. Console Authentication By default console login will derive authentication method from the command “aaa authentication login default “. To configure authentication method for console login different than the default method, configure:...
Continue reading →
Troubleshooting Multicast packets to CPU
Overview This article covers different scenarios where undesirable multicast traffic can be punted to CPU. Topology Scenarios 1. Unsolicited traffic When the switch receives multicast traffic, there are two main checks made: 1.Is the source locally connected (i.e. is the source IP of the traffic in the same subnet as the IIF) OR 2. Is there a valid mroute state for the S,G If neither or the above apply, the multicast data traffic will be punted to CPU and no mroute state will be created. Note: Neither of the above checks apply in code versions prior to 4.14.x for...
Continue reading →
Arista EOS Hardening Guide
Introduction This document is provided as a template to securing Arista devices. Configurations alone are not able to completely secure a network. Due operational diligence including threat assessment and reaction are necessary to ensure device security. This document provides recommendations that you are advised to implement, however, no document can be comprehensive for every unique environment. General Security Principles A level of security ought to be applied to all network nodes. This should govern how nodes are accessed by users and what traffic is allowed to enter the nodes: Each user should be assigned an individual user-account, with a security...
Continue reading →
Running vEOS in GNS3 1.5
How to Run vEOS 4.16.6M in GNS3 1.5 Intro This document will go over how to install a vEOS vm instance on both your Windows 7 OS as well as Mac OS X. The steps are exactly the same between OSes. We will first start with Windows 7 installation and will then show a few screenshots on the Mac. Finally we will conclude this post by going over the steps to run vEOS all locally off your machine (however this isn’t recommended as running vEOS in a QEMU vm is much more efficient than running it locally). Prerequisites Aboot-veos-8.0.0.iso vEOS-lab-4.16.6M.vmdk...
Continue reading →
Installing CloudVision eXchange (CVX) on Ubuntu / KVM
Introduction This post is intended to give step-by-step instructions on how to install CVX on a KVM Hypervisor on Ubuntu LINUX. The Cloudvision Configuration Guide provides provides excellent instructions on configuring CVX after the install process is complete. You can also browse to the guide via the Support > Product Documentation pages on arista.com. Basic familiarity with Linux is needed in order to complete this task. Installation Procedure Refer to Section 1.1 of the Cloudvision Configuration Guide for host system requirements. Install Steps Download the Aboot and EOS software from https://www.arista.com/en/support/software-download. (CVX is really just an instance of EOS configured with the CVX Server function enabled. Aboot is the boot-loader)...
Continue reading →
VMTracer Visibility and Call Flows
Introduction Arista EOS has been supporting the VMTracer feature since vSphere 4.0 was introduced and continues to support the latest version. The EOS User Manual (found for various releases at https://www.arista.com/en/support/software-download) provides a very good description and background to the feature along with configuration details. This technical note adds additional call flow information to better understand the feature and the network visibility it provides to operators, as well covering NSX-V visibility details. To set the baseline, the VMTracer logical diagram from the User Manual is redrawn here: This diagram shows that there are up to three main conversations between the Arista...
Continue reading →
Using and Customizing Arista EOS Roles for Ansible
The Ansible automation framework includes functionality defined as a role – a means of grouping playbook tasks, handlers, and variable files to help simplify the process of working with large playbooks, as well as reusing playbook information for multiple configurations. This article will describe the use of Arista EOS Roles for Ansible, beginning with a basic overview of Ansible Roles, then installing and working with Arista EOS roles, and concluding with a more in-depth look at customizing those roles for your specific needs. The Basics This article assumes you are familiar with Ansible and that Ansible version 2.1 or greater is installed...
Continue reading →
An Introduction to the Golang eAPI
Introduction Since the release of Arista EOS Command API (eAPI) many have grown to appreciate its stability and easy-to-use syntax which allow applications or scripts complete programmatic control over EOS. Development of applications that interface with your Arista device for the purpose of configuration or monitoring is simple and fairly straight forward. With a little knowledge of Python, Perl, Ruby, or your favorite language of choice, and familiarity with the underlying transport mechanism (JSON-RPC), it’s easy to write some custom functionality to help with deployments, provisioning, configurations and many other things. Arista has continued its ongoing effort to make life...
Continue reading →
A comparison of virtual ip commands
The ‘ip virtual-router’ command Switch1: Switch1(config)#interface vlan 10 Switch1(config-if-Vl10)#ip address 10.0.0.2/24 Switch1(config-if-Vl10)#ip virtual-router address 10.0.0.1 Switch1(config)#ip virtual-router mac-address 00:1c:73:00:00:99 Switch2: Switch2(config)#interface vlan 10 Switch2(config-if-Vl10)#ip address 10.0.0.3/24 Switch2(config-if-Vl10)#ip virtual-router address 10.0.0.1 Switch2(config)#ip virtual-router mac-address 00:1c:73:00:00:99 The ‘ip virtual-router address’ command requires an IP address to be configured on the SVI where it is applied. How does the host resolve ARP for the default gateway/vIP? Gratuitous ARPs: Gratuitous ARPs are periodically sent from both switches which have VARP configured. In the gratuitous ARPs the configured vMAC is used as the Ethernet Source MAC. The ARP message informs the host that Virtual IP...
Continue reading →
Arista + Ansible – Getting Started
The Ansible 2.1 release made it easier than ever to manage Arista switches. The following article describes how to leverage Ansible for EOS configuration management. The Basics If you’re brand new to Ansible, it might be helpful to take a spin through their Overview and Getting Started just to familiarize yourself with some of the basic concepts. The Ansible documentation has a great introduction to Ansible for Networking – definitely check it out before reading on. EOS Modules Ansible modules do all of the heavy-lifting, and there’s a module to do just about anything you could possible think of, from copying a...
Continue reading →
Troubleshooting congestion – Investigating and taking corrective steps
1) Introduction Congestion might not be obvious, it can be discovered reactively in disastrous situations, or proactively by collecting statistics off equipment and investigating symptoms demonstrated by the applications and systems. Deep buffers on switches is a blanket and effortless solution to the problem, but it might not be materially possible or justifiable everywhere on a network. This document discusses design considerations in case of congestion. 2) Measuring The first step (which might seem obvious) for understanding some potential issues is to translate the symptoms such as slow, unresponsive, poor performance, into measurable and baselined metrics...
Continue reading →
MLAG ISSU
Overview MLAG ISSU (In-Service Software Upgrade) upgrades EOS software on one MLAG peer with minimal traffic disruptions on active MLAG interfaces and without changing the network topology. Note: Traffic impact could be seen for orphan links, active partial links and packets in flight MLAG considerations before upgrade I. Check for configuration inconsistencies Following features should be configured consistently on each switch: VLANs Switchport configuration on port channel interfaces that are configured with an MLAG ID STP configuration (global) In EOS versions 4.15.2F onwards, we can use MLAG configuration check feature: https://eos.arista.com/eos-4-15-2f/mlag-config-check/ II. Resolve ISSU warnings Resolve the...
Continue reading →
Valid Python Scripts may fail in OS X ‘El Capitan’
Python scripts can be run on OS X using eAPI to access Arista Switches or vEOS instances. Python Scripts can also be run on OS X to automate the installation of vEOS: (https://github.com/arista-eosplus/packer-veos). After installing or upgrading to OSX ‘El Capitan’ (OS X version 10.11.5) Python Scripts that previously worked fine under earlier versions of OS X or work on other operating systems may fail. This is evident when making a Python Script executable after issuing the chmod +x command. This is due to operating system changes Apple has introduced in ‘El Capitan’. Although, this problem may affect eAPI and...
Continue reading →
Introduction to Managing EOS Devices – Memory Utilisation
A common question that users new to EOS have is concerning the high levels of memory utilisation seen on Arista switches (~70% utilised). Typically this is first flagged by the NMS and triggers a low memory warning or alarm. Unlike a traditional switching OS, EOS uses Linux page caching. Most free memory is used as a live cache and very low ‘free memory’ numbers are entirely normal, providing that enough memory is available from the buffers and cached memory for applications demanding more RAM. In this case, the OS is capable of freeing up memory from cache as processes demand it. Memory...
Continue reading →
Arista 7150 Series Hardware Based NAT For Unicast Traffic
Arista 7150 series switches use Intel’s Fulcrum FM6000 (code named ‘Alta’) ASIC for packet processing. The ASIC includes several features for IP header translation including Network Address Translation (NAT). In doing so, packets to be NAT’d are processed by the ASIC which is known as Hardware NAT rather than by CPU known as Software NAT. Hardware NAT provides much better scale and performance compared to Software NAT. The 7150 series switches can provide 10/40Gbps line rate hardware based NAT across all Ethernet ports at the same time. The number of available ports varies depending on the particular model – it...
Continue reading →
Monitoring EOS with tcollector and OpenTSDB
EOS is a Linux distribution (based on Fedora), which means, among other things, that it can be monitored like any Linux server running Fedora. In this post we show how to package a popular open-source monitoring framework, tcollector, as an EOS extension. A bit of history OpenTSDB is a distributed time series database used for infrastructure monitoring in many medium to large scale environments. It uses a push model, meaning that OpenTSDB is not responsible for pulling monitoring from a set list of targets to monitor, rather the targets themselves are responsible for pushing their monitoring data to OpenTSDB, be...
Continue reading →
Virtual Routing and Forwarding (VRF) Fundamentals
This document will provide a summary over an Arista EOS switch and how an administrator can use Virtual Routing and Forwarding (VRFs) to achieve a desired solution. The number of VRFs varies per switch due to the amount of RAM and CPU on a switch. As of this writing, VRF scale are the following per model. Configuration of a VRF is fairly straightforward and all VRFs have their own separate forwarding tables. As with everything in EOS, all VRFs meet at SysDB. As these numbers may change in the future (as new features are added), please refer to the Release...
Continue reading →
Slow SSH Login
A common issue is when accessing a switch via SSH it takes a long time for the user to login and then after that the connection flows smoothly. This is generally due to the fact that SSH does a reverse DNS lookup for the remote device and the DNS query times out. Another common issue is that the management interface is in a VRF but the name servers are not defined in the VRF. To configure a name server in the vrf “management” ip name-server vrf management 10.1.1.10 Ensure that you can ping the DNS server from the switch. If the DNS server...
Continue reading →
ARP replies in a VxLAN plus routing Data Center Inter-connect deployment
Overview VxLAN and routing with DCI inter-connect can cause ARP issues with VLAN segment extensions between datacenters. The goal of this article is to outline the issue relating to ARP replies with VxLAN routing and VARP. We will show the use of a workaround today (recommended) and how the new ARP-Reply feature will resolve the problem. This feature will be introduced in later version of EOS. The date will be announced in the future. Issue: VxLAN with the directing routing model for DCI will requires a unique VARP MAC address per DC. This is needed when when there are two...
Continue reading →
Config Sessions Tips
Description: You want to implement human error prevention, 4-eyes-principle, task separation and delegation in your network? Then read on. We’ll show you how you can delegate configuration preparation to the operators team, retaining the control to commit the submitted changes, and having a delayed roll-back as a safety network in case something went wrong. Please also refer to the article “How to keep last X startup configs” for further tips on config handling and versioning. User Management: Let’s create two roles: one for the Network Operations team, that is allowed to use “configure session” to prepare changes, but is not...
Continue reading →
Can OpenStack Run Over a VXLAN Fabric Without an Overlay Controller?
At the OpenStack Summit in Hong Kong at the end of 2013, I gave a talk (video, slides) on the requirements, tradeoffs, and potential designs for deploying OpenStack over a VXLAN fabric. It’s been long enough that it feels like it’s time to revisit the topic. More specifically, I want to focus on the question of whether you can now build such a fabric with a mix of both hardware and software networking elements while only running standalone Neutron, which wasn’t really possible back when I originally gave the talk. Using an external overlay controller was considered the only way to...
Continue reading →