• Category : Tech Tips

 
 

Carrying Label Information in BGP-4

Theory of BGP-LU Overview  MPLS typically has been used in core service provider (SP) networks. These deployments, however, have expanded beyond the network core and edge to the access and metropolitan networks. This rapid growth of edge-to-edge, label-switched paths (LSPs) across many networks  has presented scaling challenges.  In particular, emerging business demands related to Carrier Supporting Carrier (CSC), global growth of IPv6 traffic, and delivery of services over native IPv4 networks require pertinent and flexible solutions. Many organizations prefer to continue with the existing MPLS-based solutions to more recent overlay technologies such as VXLAN.   A solution that solves these potential...
Continue reading →

Tap Aggregration Tip: Popping MPLS tags for Untagged or VLAN based Tools

In Tap Aggregation scenarios common in WAN and Service Provider environments, MPLS tags are present.  Many of the analysis tools do not understand these tags and so the Arista DANZ feature set allows for these to be removed.  This functionality has been around since 4.15.0F however initially had the limitation that the traffic would always be sent out the Tool port with a VLAN tag.  However, some tools not only do not understand MPLS, but also VLAN tags, so this tip describes how to deal with both 802.1q and untagged scenarios. Step 1:  Configure MPLS pop/strip on the Tap port:...
Continue reading →

Integrating Salt and Arista ZTP Server for Zero Touch Automation of EOS

Zero Touch Provisioning The term ZTP or Zero Touch Provisioning is a feature often heard, which EOS has offered since the early days. During the initial boot, if a startup-configuration file is not found in the /mnt/flash/startup-configuration directory, the EOS device will automatically boot into ZTP mode. The switch will obtain an IP address from a DHCP server including DHCP options 66 and 67. Next the switch will ask the ZTP server or a server designated within option 66/67  for a bootstrap file. In this post we will use the Arista ZTP server which can be found here.  This process is depicted in the following picture: The...
Continue reading →

Summary of Arista VxLAN Control Plane Options

IP Multicast Head End Replication (HER) with static flood-set CloudVision eXchange (CVX) Ethernet VPN (EVPN) – VTEPs within a VNI join a configured control plane multicast group.– BUM traffic is sent to all VTEPs within the VNI over the configured multicast-group.– Arista supports only multicast decapsulation to interop with third-party VTEP(s). HER will be used for BUM traffic encapsulation.  – Underlay needs to be multicast capable which can possibly make the deployment limited.– Recommended for deployments where Arista VTEPs need to interop with legacy third-party VTEPs that support only multicast underlay for BUM traffic handling. – BUM traffic within a...
Continue reading →

CVX Deployment Recommendations for VxLAN Control Service

CVX (CloudVision eXchange) is an infrastructure for aggregating and sharing state across a network of physical switches running EOS. Services that run on top of this infrastructure provide network-wide visibility and coordination. CVX is a single pane of glass for network wide visibility and orchestration of physical switches running EOS. CVX provides VxLAN Control Service (VCS) which is a mechanism by which hardware VTEPs share states between each other in order to establish VxLAN tunnels without the need for a multicast control plane or manual configuration of static flood-set for Head End Replication. CVX is built on the same underlying...
Continue reading →

EOS allows you to choose your own hardware and run your own apps

You’ve decided to go open source with your datacenter network. Whether you want to go open software or open hardware, Arista EOS provides the best software stack to complete your solution. In fact, I’ve been told that most of my daily web usage travels through a switch running EOS along the way. Arista’s EOS software architecture is designed to manage the best network silicon available for datacenters.  EOS is offered as a single binary across all Arista products, including 4 silicon architectures, over a dozen chipsets, as well as in hypervisor, container, and cloud-platform packaging. We have always supported the...
Continue reading →

Deploying L2 and L3 services with Multiple Tenants on a Single Interface

The intention of this post is to provide a configuration example on how multiple tenants could be deployed on a single physical interface with a mix of multiple L2 and L3 EVPN services. Ponder the network in below diagram, where two EVPN end point switches have multiple tenants (Tenant A, B, C and D) connected on the same physical interface. The interface in this case is Ethernet3, at the respective sites. Tenant A and B want L2 EVPN services. Tenant C and D want L3 EVPN services. Please note that the IP core in the diagram could be a spine...
Continue reading →

CloudVisionPortal – Open-VM-Tools

Open-VM-Tools is an open source add-on that allows for graceful startup & shutdown of Cloud Vision Portal. This allows for graceful startup and shutdown of CVP Virtual Machines with the ESXi manager. Further information and latest version can be found in the link belowhttps://github.com/vmware/open-vm-tools Note: The open-vm-tools package is only supported on Cloud Vision Portal. Open-vm-tools on Cloud Vision Exchange (CVX) or EOS vRouter is not supported at this time. Enabling Open-VM-ToolsStarting in CVP version 2017.2.3 the open-vm-tools package is available to be enabled on Cloud Vision Portal Instances. In order to enable the package: either SSH or login to the...
Continue reading →

Automating EVPN fabric deployment using CVP

To simplify and speed up the deployment of an EVPN fabric, CloudVision Portal can be a powerful tool to work with. The intention of this post is to divide this up into steps to simplify, qualify the actions steps needed and provide an example CloudVision Portal configlet builder to execute needed tasks in CloudVision. A complete demonstration of how CloudVision Portal is used to deploy an EVPN instance and EVPN fabric can be found here First of all, there needs to be a decision of which deployment model of EVPN underlay and overlay that suits the particular deployment being worked on....
Continue reading →

Automating L2 EVPN instances deployment using CloudVision Portal

The intention of this article is to show how CloudVision Portal can be used to deploy L2 EVPN instances on one switch, or many switches, using a CloudVision Portal configlet builder. A complete demonstration of how CloudVision Portal is used to deploy an EVPN instance and EVPN fabric can be found here The configlet builder example provided at GitHub Arista repo covers L2 EVPN deployments using MLAG, single interface, VLAN trunk, access VLAN, symmetric routing and asymmetric routing. The configlet builder example can be used on top of any EVPN underlay and overlay. Below is a step by step procedure is...
Continue reading →

MLAG: Traffic flow for single-homed hosts

Objective The objective of this document is to explain the traffic flows, best practice designs, and configuration details when single-homed devices are connected to an MLAG domain.  It is assumed that the reader is familiar with the concept of Leaf-Spine fabrics, MLAG, and VXLAN. More details about these concepts can be found on EOS Central. Recommended articles are: MLAG – Basic configurationMLAG – Advanced configurationVXLAN bridging with MLAGVXLAN routing with MLAG Introduction Arista’s Multi-Chassis LAG (MLAG) technology provides the ability to build a loop-free active-active layer 2 topology. The technology operates by allowing two physical Arista switches to appear as...
Continue reading →

vEOS-Lab on Hyper-V

Introduction There are multiple ways to setup a vEOS-Lab environment if you have a linux system or on hypervisors such as VMware ESXi, vCenter, VM Workstation, VM Fusion, Virtualbox, etc using the vmdk provided in the Software downloads page. But if you have a Windows machine or a Windows server, the vmdk will not be useful. So here are the steps on how you can convert the vmdk to a  vhdx and create a vEOS VM on Hyper-V. Pre-requisites 1. Hyper-V Manager and Hyper-V 2. vEOS-Lab vmdk 3. Aboot ISO  Instructions Steps 1. Download the vEOS vmdk for the EOS version...
Continue reading →

Multicast Fastdrops

Overview In IP multicast protocols, every (S,G) or (*,G) route is associated with an inbound RPF (reverse path forwarding) interface. Packets arriving on an interface not associated with the route may need CPU-dependent PIM processing, so packets received by non-RPF interfaces are sent to the CPU by default, causing heavy CPU processing loads. However, it is not necessary for multicast routing protocols to process subsequent non-RPF packets all the time. The CPU therefore updates the hardware MFIB with a fast-drop entry when it receives a non-RPF interface packet that PIM does not require. Additional packets that match the fast-drop entry are...
Continue reading →

Arista Salt integration

What is Salt? Salt is an event driven infrastructure management tool. It sounds really complex but it’s not. Salt is similar to most of the configuration tools that we use in our every day lives to configure infrastructure but there are many key differences in the way salt is architected. Salt is very unique as it has a ZeroMQ high speed messaging bus between the salt minions (in our case Arista switches) and a master which is typically a Linux server. Salt can be used to configure devices from multiple different template languages such as Jinja or YAML. Salt can...
Continue reading →

Arista Any Cloud Platform – Security Use Case

Introduction In this document we will demonstrate how to effectively leverage Arista’s vEOS Router in a Transit – Edge VPC model to satisfy a common security use case. As most companies look to move into the public cloud space, security vulnerabilities have gained more focus than ever before. Objective Provide a centralized security model within an AWS region, which will allow for ease of visibility and control. Deploying separate AWS Internet Gateways in every VPC, increases complexity and vulnerabilities in the public cloud space.  Prerequisites This document assumes that you have the following architecture deployed: A Transit – Edge VPC topology deployed...
Continue reading →

Docker containers on Arista EOS

Docker on EOS  In this article we will talk about what is a container, how it is applicable to Arista EOS switches and pulling containers from a public or private repot to run on a Arista physical or virtual device.  A docker container is simply a way to abstract and decouple an application from a linux(and now windows) operating system to run as a process on a host machine with the bare minimum requirements.   Docker makes creating cloud portable applications extremely easy.  So a application can be written from a mac laptop intended to be ran on a Ubuntu container...
Continue reading →

Creating A Multi-node vEOS Vagrant Enviroment

Introduction Beginning with EOS 4.15.2F, vEOS is available as a Vagrant box for VirtualBox. Vagrant is great whether you are simply getting started with vEOS or want to easily create a complex test environment.  With Vagrant, multiple VMs may be defined within a single ‘Vagrant file’, including non vEOS VMs allowing for an entire topology to be instantiated using a single file. For more info on Vagrant, check out their documentation.  This document will go through the details of how to use the predefined Vagrantfile shared below to instantiate a Spine&Leaf topology with vEOS. The topology that will be created is shown...
Continue reading →

Reversing The Airflow of a Running Switch

Occasionally customers have a switch in production that they need to change the airflow direction of e.g. from a front-to-rear (-F) to a rear-to-front (-R), or vice-versa, without shutting down the switch. The following procedure outlines the steps to follow in order to accomplish this. This procedure assumes that you already have the replacement fans and PSUs on hand and are ready to perform the swap. Start with the switch powered up, both power supplies powered and providing power to the switch. Gain access to the switch’s serial console to check status and run CLI commands as need be. Add...
Continue reading →

Using eAPI to Provide SNMP Extensions

EOS utilizes net-snmp which offers provisions to extend OIDs.  The following script leverages eAPI to gather OSPFv3 interface information and populates the SNMP ospfv3IfTable. The OSPFV3-MIB can be downloaded from here: http://www.oidview.com/mibs/0/OSPFV3-MIB.html #!/usr/bin/python -u # # Arista Networks, Inc. # # Script: ospfv3IfTable.py v1.6 # # This script populates the ospfv3IfTable via a net-snmp extension # # 1. Copy this script to /mnt/flash as ospfv3IfTable.py # # 2. Copy snmp_passpersist to /mnt/flash # https://github.com/nagius/snmp_passpersist # # 3. Enable management api (script uses a unix socket) # management api http-commands # protocol unix-socket # no shutdown # # 4. Configure snmp to...
Continue reading →

Using stunnel (TLS Proxy) to secure OpenFlow on EOS

Do you have an OpenFlow controller that supports communication channel encryption via TLS and you’d like to take advantage of that option with an Arista switch? No problem! Just follow these simple steps and in mere minutes you’ll have a secure TLS connection up and running. Just imagine the look of shock and amazement on the faces of your friends, family and coworkers as you extend the capabilities of your EOS powered switch in near real time! 1) Please download Stunnel from here: http://dl.fedoraproject.org/pub/archive/fedora/linux/releases/14/Fedora/i386/os/Packages/stunnel-4.33-1.fc14.i686.rpm   2) Copy it to flash on the switch: switch#copy scp://@//stunnel-4.33-1.fc14.i686.rpm flash:   3) Install the...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: