• Category : Tech Tips

 
 

Streaming EOS telemetry states to Prometheus

Introduction Prometheus is one of the most popular open-source monitoring and alerting systems, which scrapes and stores numeric time series data over HTTP. It has a very flexible query language, can send alerts via alertmanager to various platform and can be integrated easily with many open-source tools. For more details and use cases, please visit https://prometheus.io/docs/introduction/overview/ The purpose of this article is to show how easy it is to deploy and configure Prometheus and Grafana and configure Arista switches to send telemetry states to Prometheus using TerminAttr ( EOS streaming telemetry agent ) and one of the OpenConfig connectors that...
Continue reading →

Resilient load-sharing using Nexthop Groups

Introduction Load-sharing of traffic flows towards a specific prefix in a L3 topology is usually achieved with Equal-Cost Multi-Path (ECMP) routing. With ECMP, multiple nexthops of equal preference are available for the prefix. Traffic is distributed towards the different next-hops based on a hashing algorithm and packets belonging to the same traffic flow are by default hashed to the same nexthop. A problem with ECMP is that if one of the nexthops is removed all flows are affected as a new hash should be calculated for all flows based on the remaining active nexthops. This can be remediated by using...
Continue reading →

PTP slave-passive port election

Scope 1. This article takes account of how the slave-passive port election for PTP is done on Arista switches. Slave-Passive port election order The below sequence of comparison occurs in order to decide if a port should take slave or passive state: 1. Steps removed 2. Parent clock identity 3. Self Port-ID Steps removed “Steps removed” is the number of hops separating a PTP clock from the GM. The port that has a lower “steps removed” value is preferred as a slave port. The grandmaster in a PTP domain has a “steps removed” value equivalent to zero. Every subsequent PTP running port in...
Continue reading →

cEOS-lab in GNS3

GNS3 is a great tool to visualize your (home-)lab environment and simulate all kinds of network topologies using different virtualization and isolation technologies. It has been widely used to create environments using vEOS-lab, but because vEOS-lab requires quite some resources (e.g. 2GB of RAM is required) the scale of these labs was often quite limited, especially on low-memory devices. Arista’s cEOS-lab is a new way of packaging the EOS-lab suite. Using the Docker container daemon, it is possible to use the kernel of the host machine and to only run the EOS processes that are required on the machine, making...
Continue reading →

How to FTP/SCP/WinSCP

In this document we will look at tools for quickly uploading and downloading files between hosts and Arista switches. 1) SCP On a Linux or Mac, scp is a CLI tool already built in and can be invoked by using the scp command. SCP or secure copy allows secure transferring of files between a local host and a remote host or between two remote hosts. It uses the same authentication and security as the Secure Shell (SSH) protocol from which it is based. Before we look at the commands and examples, please make sure steps given below are followed:  ...
Continue reading →

“Wait-for-warmup” command – To understand if an agent has initialized

Objective The aim of this document is to convey the use case and details of the bash command, wait-for-warmup (wfw). An equivalent CLI command exists for the same which is described later in this article. Main use case Agents like the forwarding agent of the switch take some time to come up when terminated. The same is the case for the linecard and fabric module agents when the fabric modules/linecards are power-cycled. It’d be useful to run the wfw command to check if the agent has initialized completely instead of running other commands repeatedly to check the same. (If interfaces...
Continue reading →

Taking packet captures on Arista devices

Control-plane packet capture TCPDUMP on physical ports and SVIs. This will help in capturing only control plane traffic but no data plane traffic. Running tcpdump natively in EOS #tcpdump interface Management1 filter ether proto 0x88cc tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ma1, link-type EN10MB (Ethernet), capture size 65535 bytes 11:33:47.750573 00:1c:73:00:44:d5 (oui Arista Networks) > 01:80:c2:00:00:0e (oui Unknown), ethertype LLDP (0x88cc), length 187: LLDP, length 173: s7151.lab.local Running tcpdump from bash bash ifconfig et1       Link encap:Ethernet  HWaddr 00:1C:73:00:44:D6         UP BROADCAST MULTICAST  MTU:9214 Metric:1         RX packets:0 errors:0 dropped:0 overruns:0 frame:0         TX packets:0 errors:0...
Continue reading →

Troubleshooting Multicast

Overview The aim of this article is to highlight common issues related to multicast bridging and routing and the troubleshooting steps that can be followed to identify the same. Preliminary Checks Before moving onto the scenarios discussed in this article, here are a few preliminary checks that should be performed. 1) Inspect the contents of the multicast feed: (i)  Is the corresponding destination MAC address (DMAC) for the concerned multicast group correct? 08:28:45.321122 44:4c:a8:8d:fa:c5 > 01:00:5e:7f:3d:4c, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 46) 10.112.45.17.lmsocialserver > 235.76.84.23.EtherNet/IP-1: UDP,...
Continue reading →

VxLAN troubleshooting guide

VxLAN Basic Troubleshooting Guide I. Objective Provide basic/generic troubleshooting steps to customers in case any VxLAN issue is encountered in their network. II. Introduction: Troubleshooting VxLAN involves few steps as mentioned in the upcoming sections of this document. The below referred topology includes VxLAN configurations with server 1,2,3 as the host devices which obtain connectivity over a vxlan tunnel. Troubleshooting steps are bifurcated into routing and bridging to include multiple scenarios possible.   III. Topology   IV. Generic Configurations to be checked A. On the VTEPS check for the following configurations: #show run sec vxlan interface Vxlan1 vxlan source-interface Loopback1...
Continue reading →

Basic BGP Troubleshooting

Objective The objective of this document is to outline the various common issues faced in BGP and the troubleshooting commands for the same. I. Neighborship BGP sends unicast messages, unlike other routing protocols. For this reason, please make sure the neighbor’s IP address is reachable. For issues with BGP neighborship, check the output of ‘show ip bgp summary vrf all’ to check the neighborship state. R1#show ip bgp summary vrf all BGP summary information for VRF default Router identifier 1.1.1.1, local AS number 100 Neighbor Status Codes: m - Under maintenance Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State...
Continue reading →

Centralized vs. Distributed VxLAN Routing with EVPN

Tech Note: Centralized vs. Distributed VxLAN Routing with EVPN Over the past few years EVPN VxLAN deployments have become an increasingly popular overlay architecture selected by customers, primarily in data-center layer 3 leaf-spine (L3LS) fabrics.  With this popularity, numerous deployment topologies, and configuration options have presented themselves. This article reflects our observations based on real-world deployment experiences on one such choice; centralized vs. distributed gateways. When deploying EVPN VXLAN integrated routing and bridging (IRB), both VXLAN bridging and VXLAN routing are required concurrently on the switch.  This capability is also commonly referred to as an EVPN VxLAN gateway. There are...
Continue reading →

Displaying Neighbors’ Names with OSPF and BGP

This article describes how to configure Arista devices to display user-defined names for OSPF and BGP neighbors. OSPF First define name to IP address mappings, one per neighbor, where IP address is neighbor’s OSPF router ID: SW1(config)# ip host SW2 2.2.2.2 Next enable OSPF name resolution: SW1(config)# ip ospf name-lookup Finally, validate the output of ‘show ip ospf neighbor’ command. The command should display the user-defined name instead of router-ID: SW1(config)# show ip ospf neighbor Neighbor ID   VRF         Pri       State             Dead Time     Address        Interface SW2   ...
Continue reading →

25G Lane Speed

Introduction With the introduction of support for 25GbE on servers and switches we expect to see a rapid movement to server attachment at 25G, replacing the use of servers at 40G. Even though 25G is becoming norm these days, most of the deployment is still carried out with 10G to servers with 25G as future state. So when a 25G switchport is used, we can use them as 10G/1G/100M ports. But there are some limitations around how to configure them as they follow SerDes quartet, which means a group of 4 ports (eg:Et1-4, Et5-8, etc.) have to be configured in a...
Continue reading →

Basic troubleshooting steps for some CVP and telemetry issues

Objective The aim of this document is to convey a set of troubleshooting steps that can be carried out when running into issues with CVP and telemetry. General issues covered Issue 1- The CVP web-explorer is not reachable Issue 2- A configlet/image bundle push task to the switch failed Issue 3- Device not getting added to telemetry 1. The CVP web-explorer is not reachable Follow the below sequential steps in order to isolate the issue: 1. Check if the CVP node is reachable from the local machine. 2. Login to the CVP node as a CVP user and check if...
Continue reading →

CVP AAA TACACS+ authorization with Cisco ISE

CVP AAA TACACS+ authorization with Cisco ISE Introduction We saw last time how to correctly integrate Aruba ClearPass CPPM with CVP so TACACS+ users can authenticate with the correct network role. The purpose of this document is to show the same for Cisco ISE (successor of ACS) TACACS+. Our goal is to make Cisco ISE send us the cvp-roles=network-admin attribute in the Authorization reply packet.   NOTE If you are running CVP versions 2018.2.0 and 2018.2.1 you might hit BUG 345723 due to which in tacacs-provider authorization we are not checking for TAC_PLUS_AUTHOR_STATUS_PASS_ADD flag. We can provide a binary patch...
Continue reading →

Working with certificates

Introduction and motivation Encryption protocols like HTTPS use certificates to authenticate the remote server (sometimes also the client) as there are no other means to verify to which device you are currently talking. If the server (in our case the switch providing management access via an HTTP based REST API) is located in our own network, it is usually acceptable to work with so-called self-signed certificates. A self-signed certificate is not signed by a certification authority (CA), which would confirm that the CA (an institution you trust) has verified the identity of the certificate holder. By default, Arista EOS based...
Continue reading →

CVP TIP – Encrypt local username passwords with Configlet Builder

Introduction   Arista CloudVision Portal (CVP) uses configlets to create configuration snippets for individual or groups of switches based on user selection. These configlets can be either static or dynamic. Static configlets include static EOS CLI configuration statements as if they were right on the switch configuration file. These configlets are used to create the full configuration for the network switches. An example of a static configlet in Arista CloudVision Portal: Below example is a static Arista EOS CLI configuration. These small pieces of configuration snippets can be applied as configlets in Network Provisioning view to selected device or devices....
Continue reading →

vEOS Router ECMP HA Deployment Guide in GCP

vEOS Router ECMP HA Deployment Guide in GCP Introduction In this document we demonstrate deployment of Arista vEOS Router in Google Cloud Platform  (GCP). Currently, vEOS Router on GCP doesn’t support Cloud HA. We will use GCP routes and priorities to support HA and ECMP. A vEOS Router can be used to create a virtual machine instance that can be used to implement various GCP deployments such as edge routers and transit routers. This document provides a guide to deploy a hub-spoke topology in GCP. Overview Arista vEOS Router is a new platform release of EOS that is supported on Google...
Continue reading →

How to source Splunk Forwarder traffic from a Loopback Interface

The diagram below describes the use case: SWITCH1 has a Splunk Forwarder that needs to send traffic to SPLUNK at 10.0.0.10.  SWITCH2 is originating a default route via BGP. SWITCH1 is only advertising its Loopback0 interface into BGP.  The Splunk Forwarder CLI configuration does not currently support specifying a source interface, and in this scenario this is a problem because SWITCH3 has no route to reach 192.168.255.0, which would be the source IP for any traffic that SWITCH1 sends to SPLUNK.  SWITCH3 does however have a route to SWITCH1’s Loopback0 interface. We verify this by pinging SPLUNK from SWITCH1 and...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: