• Tag : 4.23.0F

 
 

EVPN VxLAN IPV6 Overlay TOI

Description Starting with EOS release 4.22.0F, the EVPN VXLAN L3 Gateway using EVPN IRB supports routing traffic from IPV6 host to another IPV6 host on a stretched Vxlan VLAN. This TOI explains the EOS configuration and show commands. Platform Compatibility Platform supporting ND Proxy and ND Suppression DCS-7280R/7280R2 DCS-7050CX3-32S-F DCS-7050SX3-48YC12-F ( Starting in 4.22.1F ) DCS-7050SX3-48YC8 ( Starting in 4.22.1F ) DCS-7050/7050X/7050X2 ( Starting in 4.22.1F ) DCS-7260X/7260X3 ( Starting in 4.22.1F ) DCS-7060X/7060X2 ( Starting in 4.21.1F ) DCS-7250 ( Starting in 4.22.1F ) DCS-7300/DCS-7320 ( Starting in 4.22.1F ) Platform not supporting ND Proxy, No ND Suppression  DCS-7020R...
Continue reading →

Support for Greater Than 29 Unique ACLs per Chip with Configurable TCAM Qualifier Sizing

Description Configurable port qualifier sizing allows for dynamic resizing of the hardware TCAM feature qualifier for IPKGV allowing for unique ACL labels beyond 29. 29 is the maximum of the old 5 bit static qualifier which allows for 2^5 or 32 unique identifiers. After accounting for the CPU and drop port numbers the labels 1-29 are available for use and 0 is reserved to indicate not configured. Dynamic qualifier sizing allows for more (or less) bits to be used by a feature’s qualifier. This is done by setting the number of bits that can be used by the qualifier field....
Continue reading →

AAA with LDAP Support

Description This feature adds support in AAA using the LDAP protocol. LDAP can be used for authentication and authorization. This feature also supports TLS communication with the remote LDAP server. This feature interoperates with Microsoft ActiveDirectory (AD) when AD is configured with LDAP plugins. Platform Compatibility This feature is platform independent. Configuration This feature has several configuration options, the only one of which is required is authentication. A complete sample config is shown below and each subsection describes the use of the settings. The authentication and authorization settings below for “rdn attribute user” and “search filter” are the default settings...
Continue reading →

The BGP best-path selection algorithm

Description BGP routing information often contains more than one path to the same destination network. The BGP best-path selection algorithm determines which of these paths should be considered as the best path to that network. If the best BGP path (as chosen by the algorithm) is also chosen as the winning path from among the other non-BGP paths (if any), it will be installed in the RIB and used to forward traffic to that network. The best BGP path will also be the path that is subsequently advertised to any BGP neighbors. BGP Best-path Steps When comparing any two paths...
Continue reading →

Multipath-Relax with As-Path Weights

Description Term multipath-relax in the context of BGP bestpath selection process means that the “AS-path” contents of BGP paths are not compared during the best path selection algorithm execution. This essentially means that the BGP paths with same AS-path lengths shall be considered equal cost irrespective of whatever the AS-path content is.    The “AS-path” content comparison is controlled by an existing CLI knob “bgp bestpath as-path multipath-relax” which is enabled by default. This CLI knob, when disabled, inserts a new bestpath step at number 8 into the bestpath selection algorithm which does the as-path content comparison to choose a...
Continue reading →

Interface Profiles

Description In a typical switch deployment, multiple ports can have the same configuration, such as description and access VLAN. With the interface profile feature, a user can define a set of ethernet configurations in an “interface profile.” Then, the profile can be applied to one or more ethernet interfaces, so that all the commands defined in the profile will be configured on the interface. Any changes made in the profile will automatically update the configurations of the interfaces using the profile. Platform Compatibility All platforms support this feature. Configuration The following shows how to configure an interface profile and an...
Continue reading →

VXLAN Auto Flood-List Construction

Description VXLAN flood-lists are typically configured via CLI or learned via control plane sources such as EVPN. The introduction of wireless access points (APs) into the VXLAN data-plane and the desire to minimize AP configuration led to the introduction of a new feature to learn VXLAN flood-lists via the data-plane. When a VXLAN packet is received from a remote VTEP on a new VNI, that remote VTEP is added to the flood-list for that VNI. When all of the MACs behind a remote VTEP have aged out or been removed, that remote VTEP is no longer considered active and it...
Continue reading →

OSPFv2 Area Filter by Prefix-List

Description In an OSPFv2 Area Border Router (ABR), area filters may be used to prevent specific prefixes from being announced by an area as Type 3 Summary LSAs.  The set of prefixes to be filtered are configured using the ‘ospf area <area_id> filter’ command.  Prior to this release, filtered prefixes were configured one at a time.  With EOS 4.23.0F, a prefix-list may be used to specify the filtered prefixes.  This feature is available with both the multi-agent routing protocol model and the ribd routing protocol model. Platform compatibility This feature is available on all platforms. Configuration The area filter command...
Continue reading →

IS-IS Purge Originator Identification

Description This feature implements support for RFC6232 that helps a user identify source of an LSP purge packet. It can be enabled on level-1 or level-2 or both. Once enabled, any purge LSP that is originated by the node will be added with a purge originator TLV which will contain its own system-id. Other nodes that receive this purge LSP will process the purge originator TLV and log the system-id of the originator. When a node that is enabled with this feature receives a purge LSP that doesn’t contain a purge originator TLV, it will add the purge originator TLV...
Continue reading →

Support “redistribute dhcp” for IS-IS Agent (IPv6)

Description EOS 4.23.0F adds support for redistributing DHCPv6 routes in IS-IS when using the multi-agent routing protocol mode. Support for this feature in single agent mode has existed since EOS 4.21.0 Configuration DHCPv6 routes can be redistributed into IS-IS via following CLI in only IPv6 address-family mode. Arista(config)#router isis A Arista(config-router-isis)#address-family ipv6 Arista(config-router-isis-af)#redistribute dhcp Show Commands DHCPv6 routes redistributed into IS-IS can be seen in show isis database detail show command # show isis database detail IS-IS Instance: inst1 VRF: default IS-IS Level 1 Link State Database LSPID Seq Num Cksum Life IS Flags 1111.1111.1001.00-00 10 19778 1101 L1 <>...
Continue reading →

LDP Hello Redundancy

Description LDP Hello Redundancy uses the LDP Extended Discovery Mechanism to establish a redundant targeted Hello adjacency for each neighbor discovered through the Basic Discovery Mechanism. Hello Redundancy can save significant session reestablishment time when links flap after exchanging a large number of FEC label bindings. LDP Basic Discovery operates by sending Link Hello messages to the “all routers on this subnet” group multicast address. Receipt of such a Link Hello message establishes a Hello adjacency. Devices with Hello Redundancy enabled will begin sending Targeted Hello messages to the Transport Address found in the received Link Hello message. The Targeted...
Continue reading →

Low-memory mode

Description This feature improves the switch behavior and predictability when it runs out of memory (OOM). Common contributing factors resulting in OOM include (typically a combination of these factors): Memory leaks in EOS or customer user processes. Process leaks.  Bugs in EOS or customer scripts which lead to too many of a particular process running at one time. Over-configuration.  The user has simply specified a configuration that uses more memory than the system in question has available. Full consumption of tmpfs filesystems (e.g. /var/log). User initiating more CLI sessions than the system can sustain Customer programs or scripts using more...
Continue reading →

DSCP support for CPU generated traffic

The differentiated services code point (DSCP) is a 6 bit field in the IP header, which can be used to mark traffic for providing quality of service (QoS). This feature can be used to set the DSCP value individually for various protocols that are used for network management. All protocol specific traffic leaving the switch will be marked with the configured DSCP value. The supported protocols are RADIUS, TACACS, SNMP, SSH and sFlow. IPv4 support for this feature is available since 4.18.1F. IPv6 support for this feature is available since 4.23.0F. Platform compatibility This feature is provided on all platforms....
Continue reading →

Support for UCMP “adjust auto” (multi-agent)

Description Unequal-cost multi-path (UCMP) for BGP is a mechanism for forwarding ECMP route traffic using weights, with which the next hops of those routes are programmed in the FIB. This is done using BGP by disseminating BGP link-bandwidth extended community attribute information with BGP routes, such that the receiver device of all routes programs the next hops in the FIB using the received link-bandwidth values. This feature appends the percentage of interface speed with a route’s received link bandwidth extended community value. The idea is to rebalance the weight ratio of the traffic sent over egress ports, such that we...
Continue reading →

BGP shutdown and reset communication (multi-agent)

Description This feature implements support for RFC8203/BIS so that users can attach the reason of BGP instance or peer session administrative shutdown or hard reset to the BGP Cease Notification sent to the peers. Platform compatibility This feature is platform independent and only available when multi-agent mode is enabled. Configuration Below is a list of all possible configurations under this feature: (config-router-bgp)# shutdown [reason REASON] (config-router-bgp)# neighbor ( addr | peer-group) shutdown [reason REASON] (config-router-bgp)# clear [ip | ipv6] bgp [(neighbor (addr | peer-group)) | * ] [vrf (all | default | VRFNAME)] [reason REASON] Note that attaching ‘reason REASON’...
Continue reading →

Hardware Flow Tracking with IPFIX export

Description Campus hardware flow-tracking allows for extensive and fine grained hardware based flow tracking and management features. It provides the capability of collecting data from packets as per user defined flow profile (defined as match criteria and set of data to be collected from the packet) and shipping it to an external observation node called Collector, using IPFIX flow export protocol. The diagram below shows how switches enabled with hardware flow-tracking can be used to perform flow tracking and flow export in a Campus network. The flow tracking engine as per user defined tracking parameters, track flows traversing through the...
Continue reading →

Ingress/Egress per-port IPv4, IPv6 counters

This feature provides support for per-interface ingress/egress packet/byte counters for both IPv4 and IPv6. Platform compatibility DCS-7280SR DCS-7280CR DCS-7500-R DCS-7300X DCS-7250X DCS-7050X DCS-7060X Please note feature is platform specific, packet versus bytes distinction, and the ability to count routed packets only (as opposed to counting all IPv4/v6 traffic: routed or bridged). Please consult your systems engineer to check if a particular combination is supported. Configuration IPv4, IPv6 ingress counters (counts bridged and routed traffic, supported only on front-panel ports) can be enabled/disabled using the following command: Arista#[ no ] hardware counter feature ip in For IPv4, IPv6 ingress/egress counters that...
Continue reading →

IP Locking + Release Updates

Description IP Locking is an EOS feature configured on an Ethernet Layer 2 port.  When enabled, it ensures that a port will only permit IP and ARP packets with IP source addresses that have been authorized. IP Locking prevents another host on a different interface from claiming ownership of an IP address through ARP spoofing. On an IP Locked Port, ARP probes with 0.0.0.0 as Sender Protocol Address (SPA) will be allowed for duplicate address detection (DAD). Incoming DHCP server response packets are dropped to avoid rogue device(s) acting as DHCP server(s). Incoming DHCP client request packets are allowed for...
Continue reading →

Errdisable Detect Cause for ACL

Description Allows user to use the CLI to configure whether or not ACL failures cause a port to become errdisabled. The default behavior for ACL is to errdisable a port upon ACL failure. Platform compatibility All 7500, 7280, 7020 Configuration The default configuration is to errdisable a port upon ACL failure. To disable errdisabling on failure, run the following command: no errdisable detect cause acl To turn errdisabling for ACLs back on, run the following command: errdisable detect cause acl Show Commands Output When Errdisabling is Enabled for ACLs (config)#show errdisable detect Errdisable Reason Detection Status ------------------------------ ---------------- acl Enabled...
Continue reading →

LSP Ping/Traceroute for MPLS Nexthop Group Tunnels

Description MPLS ping/traceroute utility is extended to support liveness checking of Nexthop Group tunnel endpoint (MPLS Nexthop Group). The feature is also supported on vEOS-lab and cEOS-lab. Platform Compatibility Platform independent. vEOS-lab/cEOS-lab. CLI Command ping mpls tunnel nexthop-group <endpoint> [entry <index>] Example output: rtrmpls1#ping mpls tunnel nexthop-group 100.0.116.1/32 LSP ping to nexthop-group tunnel 100.0.116.1/32 100.0.116.1/32: nexthop-group tunnel index 1 (nexthop-group name: nhg-100) Entry 0 Via 10.0.16.2 Reply from 10.0.108.1: seq=1, time=507.546ms Entry 1 Via 10.0.16.8 Reply from 10.0.113.1: seq=1, time=516.131ms --- nexthop-group tunnel index 1, nexthop-group nhg-100: lspping statistics --- Entry 0 Via 10.0.16.2 1 packets transmitted, 1 received, 0%...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: