Arista Portal

  • Tag : 4.24.2F

 
 

Health monitoring of free buffer counts

Posted on June 21, 2021 by   |   36 Views

Description In rare circumstances, a Single Event Upset may cause an underflow in the free list of buffers of a switch chip. This can cause the chip to stop forwarding packets. Recovery from this state typically requires the affected chip to be reset. This new feature allows customers to take user-defined actions when the count of buffers in use exceeds the buffers configured in the system, with a default being to log to /var/log/messages. Platform compatibility DCS-7020R DCS-7280R DCS-7280R2 DCS-7280R3 DCS-7500R DCS-7500R2 DCS-7500R3 Configuration The HealthMonitorBuffersHandler has been added as a built-in event-handler. No configuration is required to set it...
Continue reading →

gRPC Network Operations Interface (gNOI) Support

Posted on April 9, 2021 by   |   89 Views

Description gNOI (gRPC Network Operations Interface) defines a set of gRPC-based microservices for executing operational commands on network devices. Supported operational areas: gNOI Certificate Management (starting with 4.20.6F) – executes commands on the target relating to certificate management. /gnoi.certificate,CertificateManagement/CanGenerateCSR – used to check if a certificate signing request is supported, /gnoi.certificate,CertificateManagement/GetCertificates – used to get a list of certificates available. /gnoi.certificate.,CertificateManagement/Rotate – used to replace an existing certificate on the switch. Note: only internally generated CSRs are supported. gNOI System – a collection of operational RPCs. /gnoi.system.System/Ping (starting with 4.22.1F) – executes the ping command on the switch and streams...
Continue reading →

Security ACL Filtered Mirroring

Posted on March 24, 2021 by   |   243 Views

Description This article describes the support for Filtered Mirroring using security ACL. The user can selectively mirror packets based on the statement in the configured IPv4, IPv6 or MAC ACL. Platform compatibility DCS-7020 DCS-7280SE DCS-7500E DCS-7280R DCS-7280R2 DCS-7280R3 DCS-7280SR3 DCS-7500R DCS-7500R2 DCS-7500R3 DCS-7800R3 Change Log 4.23.0F – initial release Support for egress IPv4 ACL 4.24.1F Support for egress MAC ACL 4.24.2F Support for ingress IPv4, IPv6 and MAC ACLs 4.26.0F Support for egress IPv6 ACL on R3 Series Configuration Unlike Ingress Filtered Mirroring, where the ACL is attached to a mirror session, Security ACL Filtered Mirroring is configured using port...
Continue reading →

LDP Pseudowire

Posted on December 22, 2020 by   |   454 Views

Description The LDP pseudowire feature provides support for emulating Ethernet connections over a Multiprotocol Label Switching (MPLS) network using the extension of the MPLS Label Distribution Protocol (LDP) specified in RFC4447. The patch panel configuration mode allows “patching” a local interface “connector” to an LDP pseudowire “connector” terminating on the local switch. The LDP pseudowire itself is defined under the pseudowires configuration mode, under the mpls ldp configuration mode. This feature also supports locally patching traffic between two interfaces or subinterfaces and is again configured under the patch panel configuration mode. Both these features support tagged (type 4) and raw...
Continue reading →

VxLAN VTEP counters on 7020R, 7280R, 7280R2, 7280R3, 7500R, 7500R2, and 7500R3 series

Posted on December 18, 2020 by   |   125 Views

Description The VxLAN VTEP counters feature allows the device to count VxLAN packets received and sent by the device on a per VTEP basis. Specifically, it enables the device to count bytes and packets that are encapsulated and decapsulated as they are passing through. The counters are logically split up in the two VxLAN directions: “encap” counters count packets coming from the edge, encapsulated on the device and directed to the core “decap” counters count packets coming from the core, decapsulated on the device and heading towards the edge. To be able to count VxLAN packets the device has to...
Continue reading →

Qos Policy Map Counter

Posted on November 23, 2020 by   |   259 Views

This feature is an extension of Qos Policy. It allows the user to configure Qos Policy Map counters. If a class-map is configured for a policer action then the conformed and non-conformed packet and byte counters are displayed for that class-map. Otherwise the number of packets and bytes hitting the class-map are shown. Platform compatibility DCS-7280E DCS-7020R DCS-7280R DCS-7280R2 DCS-7500R2 DCS-7280R3, DCS-7500R3, DCS-7800R3 (EOS 4.24.2F) Configuration Following command allocates the Counter Engines for Qos which actually count and store the counter value. switch(config)#[no|default] hardware counter feature qos in 7280E Currently, there is not enough space in TCAM action bank for...
Continue reading →

Support for Traffic Policy on Interfaces

Posted on November 2, 2020 by   |   356 Views

Description Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries are reduced by masking off bits, if possible. TCAM...
Continue reading →

Port security protect mode enhancements

Posted on September 15, 2020 by   |   283 Views

Description This TOI describes a set of enhancements made to the existing Port Security: Protect Mode (PortSec-Protect) feature. Please see the existing TOI for this feature here: https://eos.arista.com/eos-4-24-0f/port-security-protect-mode/ Unless otherwise noted, all information contained in the original Protect Mode TOI continues to apply. The persistent port security feature also continues to be supported, and is described by the following TOI: https://eos.arista.com/eos-4-18-1f/port-security-preserve-macs-on-link-flapreload/ The primary enhancement is extending the limits placed by PortSec-Protect to apply to MAC addresses learned in the hardware MAC table. Previously, the port security limit would affect only the forwarding behavior, while allowing an unlimited number of MAC...
Continue reading →

Overlay Source MAC Rewrite

Posted on September 1, 2020 by   |   91 Views

Description This feature rewrites the overlay source MAC address of the packet which egresses the switch after the VXLAN encapsulation. It provides a CLI configuration to specify source IP address and VRF of the incoming packet as the match criteria for this rewrite.  In other words, the feature rewrites the inner source mac address of the packet using inner source IP address and ingress VRF as the match criteria.     This feature assumes that if the ARP for a certain IP address is resolved on a certain L3 interface, all packets with that IP address as the source address will...
Continue reading →

“show interfaces interactions” CLI command

Posted on August 27, 2020 by   |   173 Views

Description The ‘show interfaces interactions’ command aims to provide users a resource that explains various relationships between ethernet interfaces. It describes interactions in which a configuration on an interface causes another set of interfaces to become inactive or have reduced capabilities. Examples include a primary interface consuming subordinate interfaces to service a four-lane speed or platform restrictions that require four interfaces of a port to operate at the same speed. Platform compatibility With the EOS-4.21.3F release, the command is supported on the following products: 7280QR-C72 7280QRA-C36S With the EOS-4.23.1F release, the command is supported on the following products: 7060DX4-32 7060PX4-32...
Continue reading →

Multi-Command

Posted on August 26, 2020 by   |   230 Views

Support for running multiple CLI commands in one line separated by semicolons. Description Multiple CLI commands can be run sequentially through the “run” command, separated by semicolons. For example: switch#run show version ; show boot #show version Arista DCS-7050CX3M-32S-F Hardware version: 01.03 Serial number: JAS19100008 Hardware MAC address: 985d.8284.7c33 System MAC address: 985d.8284.7c33 ... #show boot Software image: flash:/EOS.swi Console speed: (not set) Aboot password (encrypted): (not set) Memory test iterations: (not set) The commands start at the EXEC mode. For example, configuration commands can be supported by running the “configure” command: switch#run configure ; interface Po1 ; shutdown #configure...
Continue reading →

OSPF unnumbered interface hello subnet mask

Posted on August 25, 2020 by   |   106 Views

Description Section 9.5 of RFC2328 “OSPF Version 2” states that the mask in Hello packets should be set to 0.0.0.0 when transmitting on unnumbered point-to-point interfaces. The EOS OSPF implementation currently sets the mask in Hello packets to 255.255.255.255 when transmitting them on unnumbered p2p interfaces. Some vendors set the mask to 0.0.0.0 while others  set the mask to 255.255.255.255 when transmitting OSPF hello packets on unnumbered point-to-point interfaces. Some vendors’ OSPF implementations require that the mask is set to 0.0.0.0 in hello packets received on unnumbered point-to-point interfaces and will drop the packets if the mask is set to...
Continue reading →

Monitor session enhancements

Posted on August 25, 2020 by   |   423 Views

Description This article describes some enhanced mirroring configurations in addition to the ones described in https://eos.arista.com/advanced-mirroring-features/. Monitor Session on Mirroring Destination Overview An interface can be both RX (ingress) source and destination of different monitor sessions at the same time.  Platform compatibility DCS-7020 DCS-7280SE DCS-7500E DCS-7280R DCS-7280R2 DCS-7500R DCS-7500R2 Configuration The following commands configure Ethernet interface 2 to be the RX source of monitor session s2 and the destination of monitor session s1. switch(config)#monitor session s1 source Et1 switch(config)#monitor session s1 destination Et2 switch(config)#monitor session s2 source Et2 rx switch(config)#monitor session s2 destination Et3 Show Commands The above configurations can...
Continue reading →

Redistribution of DHCPv6 routes into OSPFv3

Posted on August 25, 2020 by   |   54 Views

Description This document describes the feature that allows redistribution of DHCPv6 routes into OSPFv3. Platform compatibility This feature is supported on all platforms in multi-agent routing mode. Configuration EOS supports two configuration styles for OSPFv3. The command ‘redistribute dhcp’ can be used to redistribute DHCPv6 routes into OSPFv3. This command is available in ‘ipv6 router ospf ...’ configuration mode and the ‘address-family ipv6’ sub-mode of the ‘router ospfv3’ configuration mode. Both configuration styles are captured below. ‘router ospfv3’ configuration style The ‘redistribute dhcp’ command is available under the ‘address-family ipv6’ sub-mode of the ‘router ospfv3’ configuration mode: (config-router-ospfv3)#address-family ipv6 (config-router-ospfv3-af)#redistribute...
Continue reading →

NETCONF: Candidate Configuration Feature

Posted on August 25, 2020 by   |   201 Views

Description The candidate configuration feature implements support for a candidate data store as specified in RFC6241. The candidate is a separate datastore from the running datastore and allows configuration to be manipulated and modified without affecting the running configuration. A commit RPC is used to set the running configuration to the contents of the candidate datastore. Candidate datastore support in NETCONF is advertised as a capability urn:ietf:params:netconf:capability:candidate:1.0 during session establishment. The candidate capability allows the new commit and discard-changes operations. The get, get-config, edit-config operations can specify the candidate as the source or the target datastore. Platform Compatibility All Configuration...
Continue reading →

Route Cache support for 7170

Posted on August 24, 2020 by   |   65 Views

Description Route Cache is a feature where users can configure Static EVPN VXLAN routes beyond the hardware capacity. The prefixes that cannot fit in hardware use the optional Software Forwarding Engine (SFE) as the secondary forwarding plane such that routes missed in hardware can get forwarded in software. This feature is useful for cases where we need to scale up the number of static EVPN VXLAN routes but not all of those are active all the time. Platform Compatibility DCS-7170 Configuration The feature can be enabled by configuring 7170 to use “baremetal” profile using the following CLI: config#platform barefoot profile...
Continue reading →

Wake-on-LAN for Phone Trunk Ports

Posted on August 24, 2020 by   |   78 Views

Description Some devices connected to Dot1x port in trunk phone mode won’t start authentication until it is awakened with a magic packet. A magic packet is a broadcast frame containing anywhere within its payload 6 bytes of all 255 (FF FF FF FF FF FF in hexadecimal), followed by sixteen repetitions of the target computer’s 48-bit MAC address, for a total of 102 bytes. When a system in place sends these magic packets from a remote subnet, the command “ip directed-broadcast” must be enabled on any SVIs of VLANs where sleeping systems reside. The remote system sends the magic packets...
Continue reading →

EVPN VXLAN Support for Wireless APs

Posted on August 24, 2020 by   |   192 Views

Description Typical WiFi networks utilize a single, central Wireless LAN Controller (WLC) to act as a gateway between the wireless APs and the wired network. Arista differentiates itself by allowing the wireless network to utilize a distributed set of aggregation switches to connect APs to the wired network. This feature allows a decentralized and distributed set of aggregation switches to bridge wireless traffic on behalf of the set of APs configured to VXLAN tunnel all traffic to those aggregation switches, or their “local” APs. This is an extension of the VXLAN VTEP to VTEP bridging feature (https://eos.arista.com/eos-4-22-1f/vxlan-vtep-to-vtep-bridging/) which supports only...
Continue reading →

EVPN Control Plane Support for MSS

Posted on August 24, 2020 by   |   391 Views

Description This feature enables support for Macro Segmentation Service (MSS) to insert security devices into the traffic path for VXLAN networks using an EVPN control plane. With this feature enabled, CVX will continue to monitor the network via NetDB state and will initiate intercept and offload rules. With this feature enabled, MAC and IP reachability information will be learned and distributed in user configured L2 domains via EVPN.   There are two options for pairing MSS and EVPN: Option 1: MSS + EVPN asymmetric IRB Option 2: MSS + EVPN symmetric IRB with VXLAN bridging to firewall (see https://eos.arista.com/eos-4-20-1f/evpn-irb-with-vxlan-underlay/ for...
Continue reading →

EVPN MPLS Virtual Private Wire Service (VPWS)

Posted on August 24, 2020 by   |   989 Views

Description EVPN MPLS VPWS (RFC 8214) provides the ability to forward customer traffic to / from a given attachment circuit (AC) without any MAC lookup / learning.  The basic advantage of VPWS over an L2 EVPN is the reduced control plane signalling due to not exchanging MAC address information.  In contrast to LDP pseudowires, EVPN MPLS VPWS uses BGP for signalling.  Port based and VLAN based services are supported. VLAN Based Service Port Based Service Platform compatibility DCS-7280R DCS-7280R2 DCS-7500R DCS-7500R2 DCS-7800R3 DCS-7500R3 DCS-7280R3 Configuration VPWS configuration is made up of two main components on each participating router.  The first...
Continue reading →

« Older posts
Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: