• Category : Tech Tips

 
 

Troubleshooting filesystem full issues

Objective The document aims at describing scenarios that cause filesystems to get full and suggests ways to free up space in the occupied directories.   Introduction At times it is observed that after logging into the switch, EOS may display a warning message as follows: Warning: the following filesystems have less than 10% free space left: tmpfs (on /var/core) 0% (0 Available) tmpfs (on /var/log) 0% (0 Available) Please remove configuration such as tracing and clean up the space. The above message indicates that the /var/log and /var/core directories have reached their maximum utilization. If no action is taken to clear...
Continue reading →

Launching CloudEOS in Azure with Terraform

Launching CloudEOS in Azure with Terraform Introduction Enterprise cloud organizations are orchestrating environments in the cloud.  This can be done with cloud native tools such as AWS CloudFormation or Azure Resource Manager Templates.  However, Terraform is winning enterprise mindshare as a cross-cloud orchestration system, and this post is an example of a simple CloudEOS deployment into Azure using Terraform. Diagram Below is the diagram that will be referenced in this post. Prerequisites It will be assumed that the reader has familiarity with Terraform and how to setup the Terraform environment.  For basic instructions on setting up a Terraform environment, see...
Continue reading →

Launching CloudEOS in AWS with Terraform

Launching CloudEOS in AWS with Terraform Introduction Enterprise cloud organizations are orchestrating environments in the cloud.  This can be done with cloud native tools such as AWS CloudFormation or Azure Resource Manager Templates.  However, Terraform is winning enterprise mindshare as a cross-cloud orchestration system, and this post is an example of a simple CloudEOS deployment into AWS using Terraform. Diagram Below is the diagram that will be referenced in this post. Prerequisites It will be assumed that the reader has familiarity with Terraform and how to setup the Terraform environment.  For basic instructions on installing and setting up a Terraform...
Continue reading →

Streaming EOS telemetry states to ELK stack using openconfigbeat

Introduction The purpose of this document is to help you to set up an ELK (Elasticsearch/Logstash/Kibana) stack and stream EOS Telemetry states from an Arista Switch using openconfigbeat that can stream gRPC updates from OpenConfig or TerminAttr directly into Elasticsearch. Please note, that this app was written as a proof-of-concept and is supported on a best-effort basis. The projects can be forked and modified to suit your needs. Feedbacks are always welcome and issues can be filed like for any other projects on Github. Elasticsearch is the distributed search and analytics engine at the heart of the Elastic Stack. Logstash...
Continue reading →

Commit Signing with Git at Enterprise Scale

Commit Signing with Git at Enterprise Scale Git is one of the most ubiquitous version control systems used today, seeing extensive usage in projects both around the world and within Arista. Everyday numerous Arista employees, located around the world, make commits to the codebase to fix bugs, add features, and save works in progress. The same scenario plays out with many other people, both when working for private enterprises, government institutions, and open source projects. The following paper discusses changes made to alleviate a fundamental security problem with Git, and version control systems in general. It is assumed that readers...
Continue reading →

How to build and install DPDKCap

Introduction DPDKCap is high performance packet capture tool based on DPDK. This guide explains how to build, install and use DPDKCap on a CentOS 7 based system. Arista Fork : https://github.com/aristanetworks/dpdkcap Assumptions CentOS 7 Linux NVMe capture drive (not mandatory but recommended for line rate capture) Running as root user CPU & NIC combination that supports DPDK System used to validate performance Manufacturer: Supermicro Part number: SYS-E300-8D Processor: Intel Xeon CPU D-1518 Memory: 2x Micron 9ASF1G72PZ-2G3A1 8GB DIMMs HDD: Samsung 860 PRO SSD 4TB NVMe: Samsung 960 EVO 1TB Build steps Create a directory at /data and format and mount...
Continue reading →

Syslog message generation on MAC table changes

This feature provides the ability to generate Syslog messages for the events related to mac address entries being learnt or removed from the mac address-table on the switch. Here we will leverage following two key features of EOS: Event Monitor Event Handler Platform compatibility This feature is supported on all platforms.   Configuration The following shows how to configure the event monitor and event-handler for generating syslog messages for each mac address entry learnt or removed from the eventmon database.   1) First of all, enable the event monitor on the switch with the help of command event-monitor. Switch(config)# Switch(config)#...
Continue reading →

CloudVision Portal Hardening Guide

Introduction This guide is provided as a starting point for securing CloudVision Portal, also known as CVP. In the below sections various best practices such as non-default configurations, setup instructions, and discussions of other monitoring systems are discussed.  The best way to ensure that a CVP system remains secure is to combine the configuration instructions discussed below with a monitoring solution for log output. In addition, keeping CVP up to date and monitoring Arista’s list of security advisories ( https://www.arista.com/en/support/advisories-notices/security-advisories ) is always recommended.  CVP Default Settings By default CVP should be expected to ship with settings that will work...
Continue reading →

Hardening and Security

Overview An organisation’s communications infrastructure and the tools that surround it carry business critical, high value commercially sensitive information and are obvious targets for malicious actors to attempt to compromise and organisation or exfiltrate its intellectual property. Arista Networks takes its role in ensuring ongoing security extremely seriously through both secure manufacturing and supply as well as an ongoing commitment to vulnerability detection, mitigation and remediation. Product security must also be complemented by the implementation of product hardening best practices during the installation and operation of the infrastructure. The links provided below offer the latest best practise advice on a...
Continue reading →

Pause – Revisit the Fundamentals – Rehearse, Rehearse, Rehearse

Why? I’d like to think of this as a chapter in the manual of “CoNE.” Code of Network Ethics. OK, so I made that up. But it should be a thing, right? How many outages have you experienced where the original problem wasn’t nearly as impactful as the attempted fix? We have all experienced maintenance windows where we tried a fall-forward approach because we didn’t want to back-out the change. And the fall- or fail-forward method cost us an extended maintenance window that bled into the production time. The impact of these errors in the care and feeding of the...
Continue reading →

Pause – Revisit the Fundamentals – Know Your Tools

Introduction Please. Pretty please. Pretty please with sugar on top. Do these pleas sound familiar when trying to buy tools for your network? Making a purchase for moving Production traffic is easier. You may be able to quantify how much time can be saved with the purchase of a tool for automation. Or for a tool with an integration focus. Easiest of all may be when proposing a self-service tool that unburdens the thin IT staff. How do you justify spending money on tools for a rainy day when the sun is shining and the birds are chirping? It can...
Continue reading →

Deploying Cloudvision Portal (CVP) on Proxmox VE

Introduction Proxmox is an open source server virtualization solution based on QEMU/KVM and LXC.  You can manage virtual machines, containers, high availability clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. The purpose of this article is to assist in deployment of Arista’s Cloudvision Portal (CVP) within Proxmox VE.  The benefit of utilizing CVP within Proxmox VE is that it offers an open source, subscription free option for those who may not be able to afford proper VMware licensing for lab/demo deployments and/or would like to utilize the rich, open source feature set provided by Proxmox...
Continue reading →

Automate a Layer 3 MLAG Campus Stack With In-Band Management and Telemetry Using CVP

Overview One of the advantages Arista offers for campus switches is an automated approach to grouping campus closet switches together into a virtual stack via CloudVision Portal (CVP).  This article covers a Configlet Builder that will automate the building of a Layer 3 Leaf Spine (L3LS) architecture integrated into the data center. Introduction In a Data Center, switches are traditionally managed out-of-band where the forwarding of management information is in a separate data path than the actual data center traffic.  The management connections are via a separate management network, and the switches typically plug into that environment through a copper...
Continue reading →

Real-time DDoS Mitigation

Introduction Arista has introduced BGP FlowSpec support to EOS in addition to its long supported sFlow feature. This article demonstrates real-time DDoS mitigation using BGP Remote Triggered Black Hole (RTBH) and FlowSpec. Leveraging Open-Source Tools DDoS Protect is an open source application running on the sFlow-RT real-time analytics engine. The software uses streaming analytics to rapidly detect and characterize DDoS flood attacks and automatically applies BGP remote triggered black hole (RTBH) and/or FlowSpec controls to mitigate their impact. The total time to detect and mitigate an attack is in the order of a second. The combination of  standard telemetry (sFlow) and control (BGP FlowSpec) provide the...
Continue reading →

Achieving Optimal Timestamp Accuracy on 7150 Platforms

Background The launch of the Arista 7150S in 2012 delivered the industry’s first product to offer high speed networking with high granularity packet time stamping in an Ethernet switch/router platform. This article will review how time stamping has evolved since. Arista first conceived of the capability to leverage the 7150S to intersect with an emerging network monitoring market requirement that would improve the ability to capture the proper order of traffic captured by network analysis tools over the out of band (OOB) tap aggregation (aka network packet broker) infrastructure. Applying timestamps to packets at the network ingress ports of the...
Continue reading →

Pause – Revisit the Fundamentals – OOB

Introduction From your manager; “We have a greenfield data center project heading our way. I need you to start working on a design for two data centers. Each data center will be 10,000 square feet in size. We’ll need full network redundancy. It needs to support virtualized compute, physical compute, IP Storage, load balancers, firewalls, an oversubscription ration of 3:1 or better, horizontal cabling based on MMF and a set of Data Center Interconnect links with Layer 2 adjacency to support VM Mobility. Oh, and I need a rough budget estimate by the end of the week.” Sound familiar? Hurry...
Continue reading →

Use CVP to Automate a POE L2 MLAG Stack with In-Band Management and Telemetry

Overview One of the advantages Arista offers for campus switches is an automated approach to stacking via CloudVision Portal (CVP), and this article covers a Configlet Builder that will allow for this automation in a Layer 2 Leaf Spine architecture. Introduction In a Data Center, switches are traditionally managed out-of-band where the forwarding of management information is in a separate data path than the actual data center traffic.  The management connections are via a separate management network, and the switches typically plug into that environment through a copper Ethernet port.  In campus, however, management is typically done in-band meaning that...
Continue reading →

VMWare NSX-T 3.0 EVPN Type 5 Integration with Arista Gateways

Introduction VMWare NSX-T 3.0 introduced support for EVPN Type-5 integration which allows efficient multi-tenant L3 exchange between VMWare NSX-T Edge and external gateways. The following graph should visualize life before and after the EVPN Type5 support: Instead of having 802.1q trunk interface with L3 sub-interface per VRF, we now can have a single routed interface with just a single BGP EVPN session. This greatly reduces configuration overhead on both sides. This article will describe all necessary steps required to test this feature against Arista EOS devices. Test Setup Let us assume we already have running EVPN/VXLAN fabric with Symmetric IRB...
Continue reading →

VLAN Traffic Mirroring on R Series Products

Traffic can be mirrored to ports using the monitor syntax, however the source of the mirrored traffic is limited to Ethernet and Port-channel interfaces. If there is a requirement to source a mirror from a specific VLAN across multiple ports, a different method is available as of EOS 4.20.5F or later on R series platforms utilizing DirectFlow. Before DirectFlow can be configured, a new TCAM profile must be configured and applied: hardware tcam    profile direct-flow-mirror-vlan       feature flow          key size limit 160          key field dst-mac ether-type in-port src-mac vlan...
Continue reading →

Streaming EOS telemetry states to InfluxDB

Introduction The aim of this document is to help you deploy and configure InfluxDB, Grafana, and Arista EOS, allowing you to send Telemetry states from the Arista switch to InfluxDB, using one of our OpenConfig connector application octsdb that you can find on our GitHub page. Please note, that these apps were written as a proof-of-concept and are supported on a best-effort basis. You can fork the project and edit based on your requirements. Feedbacks are always welcome and issues can be filed like for any other projects on GitHub. Both OpenTSDB and InfluxDB are time-series databases. Where OpenTSDB is...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: