MLAG: Traffic flow for single-homed hosts

Objective The objective of this document is to explain the traffic flows, best practice designs, and configuration details when single-homed devices are connected to an MLAG domain.  It is assumed that the reader is familiar with the concept of Leaf-Spine fabrics, MLAG, and VXLAN. More details about these concepts can be found on EOS Central. Recommended articles are: MLAG – Basic configurationMLAG – Advanced configurationVXLAN bridging with MLAGVXLAN routing with MLAG Introduction Arista’s Multi-Chassis LAG (MLAG) technology provides the ability to build a loop-free active-active layer 2 topology. The technology operates by allowing two physical Arista switches to appear as...
Continue reading →

Automating L2 EVPN instances deployment using CloudVision Portal

The intention of this article is to show how CloudVision Portal can be used to deploy L2 EVPN instances on one switch, or many switches, using CloudVision Portal configlet builder. The configlet builder example provided at GitHub Arista repo covers L2 EVPN deployments using MLAG, single interface, VLAN trunk, access VLAN, symmetric routing and asymmetric routing. The configlet builder example can be used on top of any EVPN underlay and overlay. Below is a step by step procedure is described to import and start to use the configlet builder in CloudVision Portal. 1. Download the configlet builder example at Arista...
Continue reading →

vEOS-Lab on Hyper-V

Introduction There are multiple ways to setup a vEOS-Lab environment if you have a linux system or on hypervisors such as VMware ESXi, vCenter, VM Workstation, VM Fusion, Virtualbox, etc using the vmdk provided in the Software downloads page. But if you have a Windows machine or a Windows server, the vmdk will not be useful. So here are the steps on how you can convert the vmdk to a  vhdx and create a vEOS VM on Hyper-V. Pre-requisites 1. Hyper-V Manager and Hyper-V 2. vEOS-Lab vmdk 3. Aboot ISO  Instructions Steps 1. Download the vEOS vmdk for the EOS version...
Continue reading →

Multicast Fastdrops

Overview In IP multicast protocols, every (S,G) or (*,G) route is associated with an inbound RPF (reverse path forwarding) interface. Packets arriving on an interface not associated with the route may need CPU-dependent PIM processing, so packets received by non-RPF interfaces are sent to the CPU by default, causing heavy CPU processing loads. However, it is not necessary for multicast routing protocols to process subsequent non-RPF packets all the time. The CPU therefore updates the hardware MFIB with a fast-drop entry when it receives a non-RPF interface packet that PIM does not require. Additional packets that match the fast-drop entry are...
Continue reading →

Arista Salt integration

What is Salt? Salt is an event driven infrastructure management tool. It sounds really complex but it’s not. Salt is similar to most of the configuration tools that we use in our every day lives to configure infrastructure but there are many key differences in the way salt is architected. Salt is very unique as it has a ZeroMQ high speed messaging bus between the salt minions (in our case Arista switches) and a master which is typically a Linux server. Salt can be used to configure devices from multiple different template languages such as Jinja or YAML. Salt can...
Continue reading →

Arista Any Cloud Platform – Security Use Case

Introduction In this document we will demonstrate how to effectively leverage Arista’s vEOS Router in a Transit – Edge VPC model to satisfy a common security use case. As most companies look to move into the public cloud space, security vulnerabilities have gained more focus than ever before. Objective Provide a centralized security model within an AWS region, which will allow for ease of visibility and control. Deploying separate AWS Internet Gateways in every VPC, increases complexity and vulnerabilities in the public cloud space.  Prerequisites This document assumes that you have the following architecture deployed: A Transit – Edge VPC topology deployed...
Continue reading →

Docker containers on Arista EOS

Docker on EOS  In this article we will talk about what is a container, how it is applicable to Arista EOS switches and pulling containers from a public or private repot to run on a Arista physical or virtual device.  A docker container is simply a way to abstract and decouple an application from a linux(and now windows) operating system to run as a process on a host machine with the bare minimum requirements.   Docker makes creating cloud portable applications extremely easy.  So a application can be written from a mac laptop intended to be ran on a Ubuntu container...
Continue reading →

Creating A Multi-node vEOS Vagrant Enviroment

Introduction Beginning with EOS 4.15.2F, vEOS is available as a Vagrant box for VirtualBox. Vagrant is great whether you are simply getting started with vEOS or want to easily create a complex test environment.  With Vagrant, multiple VMs may be defined within a single ‘Vagrant file’, including non vEOS VMs allowing for an entire topology to be instantiated using a single file. For more info on Vagrant, check out their documentation.  This document will go through the details of how to use the predefined Vagrantfile shared below to instantiate a Spine&Leaf topology with vEOS. The topology that will be created is shown...
Continue reading →

Reversing The Airflow of a Running Switch

Occasionally customers have a switch in production that they need to change the airflow direction of e.g. from a front-to-rear (-F) to a rear-to-front (-R), or vice-versa, without shutting down the switch. The following procedure outlines the steps to follow in order to accomplish this. This procedure assumes that you already have the replacement fans and PSUs on hand and are ready to perform the swap. Start with the switch powered up, both power supplies powered and providing power to the switch. Gain access to the switch’s serial console to check status and run CLI commands as need be. Add...
Continue reading →

Using eAPI to Provide SNMP Extensions

EOS utilizes net-snmp which offers provisions to extend OIDs.  The following script leverages eAPI to gather OSPFv3 interface information and populates the SNMP ospfv3IfTable. The OSPFV3-MIB can be downloaded from here: http://www.oidview.com/mibs/0/OSPFV3-MIB.html #!/usr/bin/python -u # # Arista Networks, Inc. # # Script: ospfv3IfTable.py v1.6 # # This script populates the ospfv3IfTable via a net-snmp extension # # 1. Copy this script to /mnt/flash as ospfv3IfTable.py # # 2. Copy snmp_passpersist to /mnt/flash # https://github.com/nagius/snmp_passpersist # # 3. Enable management api (script uses a unix socket) # management api http-commands # protocol unix-socket # no shutdown # # 4. Configure snmp to...
Continue reading →

Using stunnel (TLS Proxy) to secure OpenFlow on EOS

Do you have an OpenFlow controller that supports communication channel encryption via TLS and you’d like to take advantage of that option with an Arista switch? No problem! Just follow these simple steps and in mere minutes you’ll have a secure TLS connection up and running. Just imagine the look of shock and amazement on the faces of your friends, family and coworkers as you extend the capabilities of your EOS powered switch in near real time! 1) Please download Stunnel from here: http://dl.fedoraproject.org/pub/archive/fedora/linux/releases/14/Fedora/i386/os/Packages/stunnel-4.33-1.fc14.i686.rpm   2) Copy it to flash on the switch: switch#copy scp://@//stunnel-4.33-1.fc14.i686.rpm flash:   3) Install the...
Continue reading →

Configure groups of interfaces based on description regex

A simple python eAPI script to find groups of interfaces to configure based on a regex match to interface descriptions. The most interesting part is that the script types out the “interface <list of matching interfaces>” command in an interactive manner as if the EOS CLI user typed it. The command is even saved in the command history. Give it a try!   1) Configure a command alias: alias intRegex bash sudo /mnt/flash/intRegex.py %1   2) Load the script in flash: #!/usr/bin/env python # # intRegex.py ver 1.12 # Arista Networks, Inc. import jsonrpclib, os, re, socket, sys, fcntl, termios...
Continue reading →

EVPN Configuration – Layer 2 EVPN design with Type-2 routes

Introduction This document describes the operation and configuration of BGP EVPN with a VXLAN forwarding plane, for the construction of multi-tenant Layer 2 networks, termed L2VPNs within this document, over a layer 3 leaf-spine network. The configuration and guidance within the document unless specifically noted are based on the platforms and EOS releases noted in the table below Platform Software Release 7050X Series EOS release 4.18.1 7050X2 series EOS release 4.18.1 7060X Series EOS release 4.18.1 7160 series EOS release 4.18.1 7280SE/7280R/7500R/7050E EOS release 4.18.1   Leaf spine underlay architecture EVPN with a VXLAN forwarding plane provides the ability to...
Continue reading →

Automating CVX BugAlert Database Updates

Bug Alert Update Automation Intro Arista Networks released the Bug Alert feature as part of EOS 4.17.0F. Arista publishes a database in JSON format of bugs. This database is installed on the CloudVision Exchange (CVX) that provides NetDB services to your Universal Cloud Network. Using the included CLI a user can report on her environment for know bug exposures based on the actual configuration and EOS versions of the switches. This is indeed a powerful feature and in this article we will explain how to automate the updating of the Bug Alerts database with a simple script.   For more...
Continue reading →

Migrating from a VXLAN Controllerless implementation to a Cloud Vision eXchange (CVX) Controller

Introduction This post is intended to give step-by-step instructions on how to migrate from a controllerless VXLAN implementation that is using manual Head End Replication (HER) with static flood lists to a controller based model using Cloud Vision eXchange (CVX) with VXLAN Control Services (VCS).  The order of the steps we are going perform in the migration section of this document were tested and found to cause the least amount of impact in terms of packet loss during a cutover from HER to CVX. This article assumes that you already have a working knowledge of VXLAN with manual Head End Replication, an...
Continue reading →

Arista 7280R Series 40G/100G systems Multi-Speed Port Configuration

Overview In high performance leaf and spine networks the Arista 7280R Series enables a high level of flexibility with a common consistent architecture, with a choice of 1RU and 2RU fixed systems, 10G to 100G interface speeds and port density up to 72 ports of 40G and 60 ports of 100G. The 7280R Series include the ability for enabling multiple speeds on QSFP ports, with a per interface configuration that is optimized for the maximum overall system flexibility. On some members of the 7280R Series to maximise the total system port count, and at the same time facilitate the most...
Continue reading →

Deploy Arista vEOS-lab 4.19.0F (VirtualBox, VM Workstation, VM Fusion, vCenter 6.5)

How to deploy Arista vEOS-lab 4.19.0F     Summary   One great way to test drive an Arista switch is to download the free vm of the switch called vEOS-lab. This is the actual OS used on physical switches, but in a vmdk format that can be deployed on major hypervisors from VMware ESXi, vCenter, VM Workstation, VM Fusion, and VirtualBox. Because of the wide variety of hypervisors on the market, Arista has deploy this vm as a vmdk. The second file required is the Aboot iso. These files are uploaded as IDE devices onto the hypervisor. Minimum Req 2...
Continue reading →

WinSCP with Arista Switches

WinSCP with Arista Switches Summary WinSCP is a popular tool for quickly uploading and downloading files between hosts. On a Linux or Mac, scp is a CLI tool already built in and can be invoked by using the scp command. However, unlike Linux and Mac, there is no native CLI for scp on Windows.   One tool that can be installed is pscp.exe from the guys who brought you PuTTY, found here. This post will go over the WinSCP, a GUI alternative. The latest version as of this writing is 5.11.1 which can be found here.   There are three...
Continue reading →

Arista Hybrid Cloud – IPSec between vEOS Router and Linux

This document provides the steps and running configuration for setting up an IPsec connection between vEOS Router and a Linux Compute Node instance in AWS. On the Linux Compute Node Install Strongswan You might have to enable epel repository for yum on AWS. (https://aws.amazon.com/premiumsupport/knowledge-center/ec2-enable-epel/) yum install strongswan   Create a GRE tunnel on the machine ip tunnel add tun0 mode gre remote <ip addr on veos et> local <ip addr on client eth> ip link set tun0 up ip addr add <ip addr> dev  tun0 ip route add <prefix> dev tun0   In /etc/strongswan/ipsec.conf, add the configuration for the Ipsec...
Continue reading →

CloudVision Portal RESTful API Client

Arista Cloudvision® Portal (CVP) provides a central point of management for Arista network switches through shared snippets of configuration (configlets) enabling Network Engineers to provision the network more consistently and efficiently. While CVP highlights a graphical user interface for configuration and management of devices, it also includes a full-featured RESTful API that provides all of the same functionality available via the GUI which can be used to automate workflows and integrate with other tools. CVPRAC is a wrapper client for CVP’s RESTful APIs which greatly simplifies usage of the API and more elegantly handles the connections to the CVP nodes....
Continue reading →