Category : Tech Tips

Maintaining a secure posture within any enterprise is a difficult task. This task can be particularly difficult on the network infrastructure due to a variety of reasons including software quality and network downtime availability. Arista’s unique software architecture has often enabled most security patches to be delivered as hot patches that can be applied to a live running system with low to no impact to the network dataplane eliminating some of the most difficult challenges with maintaining a secure software posture. The only challenge that remains is the effort required to distribute these software patches. In this article, we are...
Continue reading →

IPv4 and IPv6 VPN Overview   RFC 4364 allows for Service Providers and Enterprises to use their backbone infrastructure to provide the services to multiple such customers, or internal departments, while: Maintaining privacy Allowing for IP address overlap amongst customers Constrained route distribution – so that only the service provider routers which need the routes have them.   This is achieved through the usage of VRFs, Route Distinguishers and Route-Targets   The IPv4/IPv6 VPN Standard RFC 4364 does the following: Specifics an BGP IPv4 VPN control plane with a MPLS data plane BGP control plane, new address family to advertise...
Continue reading →

Writing your own webhook relay – sending event alerts to Discord   Introduction Starting from version 2018.2.0, CVP supports configuring event alerts, where receivers can be email, Slack, PagerDuty, webhooks and others. The purpose of this article is to demonstrate how easy it is to write your own webhook relay app that will forward alerts to your favorite webhook endpoint, in my case, a Discord channel. Discord is getting more and more popular, not only amongst gamers, but also lots of companies started to use it. I’ve been using it for a couple of years now, and it made sense...
Continue reading →

The following tools can be used to generate traffic on Arista switches for testing purposes :– Iperf – Ethxmit Both Iperf and Ethxmit tools are pre-installed on Arista switches and no additional configuration is required to use them.                                                                                                                              ...
Continue reading →

Introduction Segment Routing (SR) solves a number of issues the existing MPLS IP networks face. Among the many benefits of Segment Routing, Traffic Engineering is a key one. Based on live telemetry events, traffic can be steered intelligently across a network using MPLS label paths a.k.a segment lists. The example discussed in this article shows how you can leverage BGP SR policy to alter traffic paths based on sFlow telemetry data. An SR Policy, discussed in detail here, is identified using a 2-tuple of Endpoint and color. Endpoint here refers to a destination prefix while color is a 32-bit BGP extended...
Continue reading →

Introduction The purpose is to simplify ip static route with health check does_it_live.py script, it’s easy to enable this feature quickly without complicated programming. This feature leverages the Reachability Health Checks document ( https://eos.arista.com/reachability-health-checks/ ) and does_it_live.py  ( https://github.com/alexisdacquay/does_it_live ) which was made by Alexis Dacquay. Due to Reachability Health Checks(does_it_live.py) support rich parameters, there are mode(icmp/dns), interval, timeout, dampening, source. We just take it and use it. Configuration The following configuration commands have been added as part of this feature support: 1. Create ping check script on-boot: t3 – timeout 3 seconds, i3 – interval 3 seconds, 1.1.1.1 – ping check ip.   configuration:==============event-handler...
Continue reading →

  EOS includes a Linux kernel, GNU tools, and other 3rd party software. EOS make use of some of such 3rd party software and you might want to verify the version they run. Note: not every 3rd party software is actively used by default. If you have a particular concern in mind regarding 3rd party software version then you must refer to the Arista security advisories page: https://www.arista.com/en/support/advisories-notices/security-advisories   3rd party software Bash CLI command to verify the version EOS version 4.15.1F 4.17.1F 4.18.2F 4.20.10M  4.21.0F Bash bash –version 4.1.16(1) 4.3.42(1) 4.3.42(1) 4.3.42(1) 4.3.42(1) DNSmasq dnsmasq -v 2.59 2.59 2.59 2.77 2.77...
Continue reading →

Objective Objective of this Document is to contrast the differences in the behaviour of “ip address virtual” and “ip virtual-router address” in VxLan and to understand the need for virtual VTEP IP with or without L2 VTEP in a network. Topology VXLAN Direct Routing Model Virtual IP in SVI 100: 100.100.100.50 Virtual IP in SVI 200: 200.200.200.50 Virtual MAC: 0011.2233.4455 VARP VTEP IP (VVTEP): 5.5.5.5/32 Underlay Protocol used: OSPF Types of Virtual IPs: Types of Virtual IPs usually configured with Vxlan: 1) ip virtual-router address 2) ip address virtual RULE-1 : If ethernet source MAC of original/naked frame is “PHYSICAL”...
Continue reading →

Introduction An EOS event handler executes a Linux Bash shell command in response to a specific system event. An event handler consists of a Bash command, a trigger and a delay; when the trigger event occurs, the action is scheduled to run after a delay in seconds. With the particular customer, I was working with they wanted to shut down a mirror session when a bandwidth threshold was reached. The main reason for the custom event-handler was because they were heavily oversubscribing a mirror session destination and were worried about affecting their production traffic. In the scenario, they had several...
Continue reading →

Introduction EOS supports DHCP Relay feature, which relays DHCP Requests/Responses between DHCP clients and DHCP servers in different subnets. However, DHCP server does not have visibility of where the request originated from and can only make IP address allocation decisions based on the client MAC address alone (client MAC address is included in the DHCP packet as part of the payload). To remedy that, DHCP Option-82 was formalized to allow relay agent to include Remote ID and Circuit ID so that DHCP server can apply more intelligent allocation policy. Switch intercepts DHCP requests from client and insert Option-82 information in...
Continue reading →

Introduction EOS DHCP relay agent forwards all the DHCP requests from the clients using the primary IP address of the interface as the ‘giaddr’ in the relayed/forwarded requests even when there are secondary IP addresses configured on the interface and there are multiple IP address pools from secondary IP subnets with available addresses on the server. DHCP smart relay feature supports forwarding requests with secondary IP addresses in the gateway address ‘giaddr’ field. This allows the DHCP server offer addresses to client requests with gateway addresses from secondary IP subnets configured on the interface. The smart relay agent keeps track...
Continue reading →

Introduction DHCP Relay feature forwards DHCP packets between client and server when DHCP server is not in the same broadcast domain as client. DHCP Relay should be configured on the gateway interface (SVI/ L3 interface ) for the clients. DHCP Relay agent creates a new unicast DHCP packet and sets the giaddr field to the ‘primary’ IP address of the interface on which DHCP request packet is received. The modified request packet is then relayed to one or more configured DHCP servers. DHCP server assigns ip address to client from the pool corresponding to giaddr field. Platform Compatibility Supported on...
Continue reading →