Arista Portal

  • Category : Tech Tips

 
 

Displaying Neighbors’ Names with OSPF and BGP

Posted on May 2, 2019 by   |   319 Views

This article describes how to configure Arista devices to display user-defined names for OSPF and BGP neighbors. OSPF First define name to IP address mappings, one per neighbor, where IP address is neighbor’s OSPF router ID: SW1(config)# ip host SW2 2.2.2.2 Next enable OSPF name resolution: SW1(config)# ip ospf name-lookup Finally, validate the output of ‘show ip ospf neighbor’ command. The command should display the user-defined name instead of router-ID: SW1(config)# show ip ospf neighbor Neighbor ID   VRF         Pri       State             Dead Time     Address        Interface SW2   ...
Continue reading →

PTP slave-passive port election

Posted on June 25, 2019 by   |   120 Views

Scope 1. This article takes account of how the slave-passive port election for PTP is done on Arista switches. Slave-Passive port election order The below sequence of comparison occurs in order to decide if a port should take slave or passive state: 1. Steps removed 2. Parent clock identity 3. Self Port-ID Steps removed “Steps removed” is the number of hops separating a PTP clock from the GM. The port that has a lower “steps removed” value is preferred as a slave port. The grandmaster in a PTP domain has a “steps removed” value equivalent to zero. Every subsequent PTP running port in...
Continue reading →

cEOS-lab in GNS3

Posted on June 25, 2019 by   |   122 Views

GNS3 is a great tool to visualize your (home-)lab environment and simulate all kinds of network topologies using different virtualization and isolation technologies. It has been widely used to create environments using vEOS-lab, but because vEOS-lab requires quite some resources (e.g. 2GB of RAM is required) the scale of these labs was often quite limited, especially on low-memory devices. Arista’s cEOS-lab is a new way of packaging the EOS-lab suite. Using the Docker container daemon, it is possible to use the kernel of the host machine and to only run the EOS processes that are required on the machine, making...
Continue reading →

How to FTP/SCP/WinSCP

Posted on June 19, 2019 by   |   100 Views

In this document we will look at tools for quickly uploading and downloading files between hosts and Arista switches. 1) SCP On a Linux or Mac, scp is a CLI tool already built in and can be invoked by using the scp command. SCP or secure copy allows secure transferring of files between a local host and a remote host or between two remote hosts. It uses the same authentication and security as the Secure Shell (SSH) protocol from which it is based. Before we look at the commands and examples, please make sure steps given below are followed:  ...
Continue reading →

“Wait-for-warmup” command – To understand if an agent has initialized

Posted on June 11, 2019 by   |   231 Views

Objective The aim of this document is to convey the use case and details of the bash command, wait-for-warmup (wfw). An equivalent CLI command exists for the same which is described later in this article. Main use case Agents like the forwarding agent of the switch take some time to come up when terminated. The same is the case for the linecard and fabric module agents when the fabric modules/linecards are power-cycled. It’d be useful to run the wfw command to check if the agent has initialized completely instead of running other commands repeatedly to check the same. (If interfaces...
Continue reading →

Taking packet captures on Arista devices

Posted on June 10, 2019 by   |   251 Views

Control-plane packet capture TCPDUMP on physical ports and SVIs. This will help in capturing only control plane traffic but no data plane traffic. Running tcpdump natively in EOS #tcpdump interface Management1 filter ether proto 0x88cc tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ma1, link-type EN10MB (Ethernet), capture size 65535 bytes 11:33:47.750573 00:1c:73:00:44:d5 (oui Arista Networks) > 01:80:c2:00:00:0e (oui Unknown), ethertype LLDP (0x88cc), length 187: LLDP, length 173: s7151.lab.local Running tcpdump from bash bash ifconfig et1       Link encap:Ethernet  HWaddr 00:1C:73:00:44:D6         UP BROADCAST MULTICAST  MTU:9214 Metric:1         RX packets:0 errors:0 dropped:0 overruns:0 frame:0         TX packets:0 errors:0...
Continue reading →

Troubleshooting Multicast

Posted on May 31, 2019 by   |   430 Views

Overview The aim of this article is to highlight common issues related to multicast bridging and routing and the troubleshooting steps that can be followed to identify the same. Preliminary Checks Before moving onto the scenarios discussed in this article, here are a few preliminary checks that should be performed. 1) Inspect the contents of the multicast feed: (i)  Is the corresponding destination MAC address (DMAC) for the concerned multicast group correct? 08:28:45.321122 44:4c:a8:8d:fa:c5 > 01:00:5e:7f:3d:4c, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 46) 10.112.45.17.lmsocialserver > 235.76.84.23.EtherNet/IP-1: UDP,...
Continue reading →

VxLAN troubleshooting guide

Posted on May 29, 2019 by   |   322 Views

VxLAN Basic Troubleshooting Guide I. Objective Provide basic/generic troubleshooting steps to customers in case any VxLAN issue is encountered in their network. II. Introduction: Troubleshooting VxLAN involves few steps as mentioned in the upcoming sections of this document. The below referred topology includes VxLAN configurations with server 1,2,3 as the host devices which obtain connectivity over a vxlan tunnel. Troubleshooting steps are bifurcated into routing and bridging to include multiple scenarios possible.   III. Topology   IV. Generic Configurations to be checked A. On the VTEPS check for the following configurations: #show run sec vxlan interface Vxlan1 vxlan source-interface Loopback1...
Continue reading →

Basic BGP Troubleshooting

Posted on May 24, 2019 by   |   35616 Views

Objective The objective of this document is to outline the various common issues faced in BGP and the troubleshooting commands for the same. I. Neighborship BGP sends unicast messages, unlike other routing protocols. For this reason, please make sure the neighbor’s IP address is reachable. For issues with BGP neighborship, check the output of ‘show ip bgp summary vrf all’ to check the neighborship state. R1#show ip bgp summary vrf all BGP summary information for VRF default Router identifier 1.1.1.1, local AS number 100 Neighbor Status Codes: m - Under maintenance Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State...
Continue reading →

Centralized vs. Distributed VxLAN Routing with EVPN

Posted on May 16, 2019 by   |   410 Views

Tech Note: Centralized vs. Distributed VxLAN Routing with EVPN Over the past few years EVPN VxLAN deployments have become an increasingly popular overlay architecture selected by customers, primarily in data-center layer 3 leaf-spine (L3LS) fabrics.  With this popularity, numerous deployment topologies, and configuration options have presented themselves. This article reflects our observations based on real-world deployment experiences on one such choice; centralized vs. distributed gateways. When deploying EVPN VXLAN integrated routing and bridging (IRB), both VXLAN bridging and VXLAN routing are required concurrently on the switch.  This capability is also commonly referred to as an EVPN VxLAN gateway. There are...
Continue reading →

25G Lane Speed

Posted on April 26, 2019 by   |   444 Views

Introduction With the introduction of support for 25GbE on servers and switches we expect to see a rapid movement to server attachment at 25G, replacing the use of servers at 40G. Even though 25G is becoming norm these days, most of the deployment is still carried out with 10G to servers with 25G as future state. So when a 25G switchport is used, we can use them as 10G/1G/100M ports. But there are some limitations around how to configure them as they follow SerDes quartet, which means a group of 4 ports (eg:Et1-4, Et5-8, etc.) have to be configured in a...
Continue reading →

Basic troubleshooting steps for some CVP and telemetry issues

Posted on April 12, 2019 by   |   619 Views

Objective The aim of this document is to convey a set of troubleshooting steps that can be carried out when running into issues with CVP and telemetry. General issues covered Issue 1- The CVP web-explorer is not reachable Issue 2- A configlet/image bundle push task to the switch failed Issue 3- Device not getting added to telemetry 1. The CVP web-explorer is not reachable Follow the below sequential steps in order to isolate the issue: 1. Check if the CVP node is reachable from the local machine. 2. Login to the CVP node as a CVP user and check if...
Continue reading →

CVP AAA TACACS+ authorization with Cisco ISE

Posted on March 28, 2019 by   |   535 Views

CVP AAA TACACS+ authorization with Cisco ISE Introduction We saw last time how to correctly integrate Aruba ClearPass CPPM with CVP so TACACS+ users can authenticate with the correct network role. The purpose of this document is to show the same for Cisco ISE (successor of ACS) TACACS+. Our goal is to make Cisco ISE send us the cvp-roles=network-admin attribute in the Authorization reply packet.   NOTE If you are running CVP versions 2018.2.0 and 2018.2.1 you might hit BUG 345723 due to which in tacacs-provider authorization we are not checking for TAC_PLUS_AUTHOR_STATUS_PASS_ADD flag. We can provide a binary patch...
Continue reading →

Working with certificates

Posted on March 28, 2019 by   |   437 Views

Introduction and motivation Encryption protocols like HTTPS use certificates to authenticate the remote server (sometimes also the client) as there are no other means to verify to which device you are currently talking. If the server (in our case the switch providing management access via an HTTP based REST API) is located in our own network, it is usually acceptable to work with so-called self-signed certificates. A self-signed certificate is not signed by a certification authority (CA), which would confirm that the CA (an institution you trust) has verified the identity of the certificate holder. By default, Arista EOS based...
Continue reading →

CVP TIP – Encrypt local username passwords with Configlet Builder

Posted on March 20, 2019 by   |   362 Views

Introduction   Arista CloudVision Portal (CVP) uses configlets to create configuration snippets for individual or groups of switches based on user selection. These configlets can be either static or dynamic. Static configlets include static EOS CLI configuration statements as if they were right on the switch configuration file. These configlets are used to create the full configuration for the network switches. An example of a static configlet in Arista CloudVision Portal: Below example is a static Arista EOS CLI configuration. These small pieces of configuration snippets can be applied as configlets in Network Provisioning view to selected device or devices....
Continue reading →

vEOS Router ECMP HA Deployment Guide in GCP

Posted on March 4, 2019 by   |   409 Views

vEOS Router ECMP HA Deployment Guide in GCP Introduction In this document we demonstrate deployment of Arista vEOS Router in Google Cloud Platform  (GCP). Currently, vEOS Router on GCP doesn’t support Cloud HA. We will use GCP routes and priorities to support HA and ECMP. A vEOS Router can be used to create a virtual machine instance that can be used to implement various GCP deployments such as edge routers and transit routers. This document provides a guide to deploy a hub-spoke topology in GCP. Overview Arista vEOS Router is a new platform release of EOS that is supported on Google...
Continue reading →

How to source Splunk Forwarder traffic from a Loopback Interface

Posted on February 20, 2019 by   |   378 Views

The diagram below describes the use case: SWITCH1 has a Splunk Forwarder that needs to send traffic to SPLUNK at 10.0.0.10.  SWITCH2 is originating a default route via BGP. SWITCH1 is only advertising its Loopback0 interface into BGP.  The Splunk Forwarder CLI configuration does not currently support specifying a source interface, and in this scenario this is a problem because SWITCH3 has no route to reach 192.168.255.0, which would be the source IP for any traffic that SWITCH1 sends to SPLUNK.  SWITCH3 does however have a route to SWITCH1’s Loopback0 interface. We verify this by pinging SPLUNK from SWITCH1 and...
Continue reading →

Using CloudVision Portal to Manage Arista AnyCloud

Posted on February 4, 2019 by   |   255 Views

Introduction There are many advantages to using Arista’s vEOS Router and CloudVision Portal (CVP) in hybrid cloud environments. Among those advantages are: Arista EOS is a proven and stable network operating system used in some of the largest networks in the world. The same EOS that runs on our physical switches also runs in the public cloud. CloudVision Portal provides a common management model for network devices whether running in a customer’s private data center or in public cloud environments. CloudVision Portal provides turn-key automation and real-time telemetry across private and public cloud environments. One of the primary challenges to...
Continue reading →

Data rate, FEC and auto-neg features of Arista’s 7020R series

Posted on February 1, 2019 by   |   480 Views

Data rate, FEC and auto-neg features of Arista’s 7020R series The Arista 7020R Series, including the 7020SR, 7020TR and 7020TRA, are high performance 1RU fixed systems built for high density data center deployments.  The 7020SR provides SFP+ and QSFP100 ports, while the 7020TR / TRA provide 100M/1G RJ45 ports and SFP+ ports. The RJ45, SFP+ and QSFP100 ports on the 7020R series are capable of supporting a wide range of data rates, from 100M to 100G. Different FEC and auto-negotiation options are supported on the various ports. The range of port capabilities of the 7020R series are summarized in the...
Continue reading →

« Older posts
Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: