• Tag : 4.24.2F

 
 

Port security protect mode enhancements

Description This TOI describes a set of enhancements made to the existing Port Security: Protect Mode feature. Please see the existing TOI for this feature here: https://eos.arista.com/eos-4-24-0f/port-security-protect-mode/ Unless otherwise noted, all information contained in the original Protect Mode TOI continues to apply. The persistent port security feature also continues to be supported, and is described by the following TOI: https://eos.arista.com/eos-4-18-1f/port-security-preserve-macs-on-link-flapreload/ The primary enhancement is extending the limits placed by port security: protect mode to apply to MAC addresses learned in the hardware MAC table. Previously, the port security limit would affect only the forwarding behavior, while allowing an unlimited number...
Continue reading →

Overlay Source MAC Rewrite

Description This feature rewrites the overlay source MAC address of the packet which egresses the switch after the VXLAN encapsulation. It provides a CLI configuration to specify source IP address and VRF of the incoming packet as the match criteria for this rewrite.  In other words, the feature rewrites the inner source mac address of the packet using inner source IP address and ingress VRF as the match criteria.     This feature assumes that if the ARP for a certain IP address is resolved on a certain L3 interface, all packets with that IP address as the source address will...
Continue reading →

“show interfaces interactions” CLI command

Description The ‘show interfaces interactions’ command aims to provide users a resource that explains various relationships between ethernet interfaces. It describes interactions in which a configuration on an interface causes another set of interfaces to become inactive or have reduced capabilities. Examples include a primary interface consuming subordinate interfaces to service a four-lane speed or platform restrictions that require four interfaces of a port to operate at the same speed. Platform compatibility With the EOS-4.21.3F release, the command is supported on the following products: 7280QR-C72 7280QRA-C36S With the EOS-4.23.1F release, the command is supported on the following products: 7060DX4-32 7060PX4-32...
Continue reading →

Multi-Command

Support for running multiple CLI commands in one line separated by semicolons. Description Multiple CLI commands can be run sequentially through the “run” command, separated by semicolons. For example: switch#run show version ; show boot #show version Arista DCS-7050CX3M-32S-F Hardware version: 01.03 Serial number: JAS19100008 Hardware MAC address: 985d.8284.7c33 System MAC address: 985d.8284.7c33 ... #show boot Software image: flash:/EOS.swi Console speed: (not set) Aboot password (encrypted): (not set) Memory test iterations: (not set) The commands start at the EXEC mode. For example, configuration commands can be supported by running the “configure” command: switch#run configure ; interface Po1 ; shutdown #configure...
Continue reading →

OSPF unnumbered interface hello subnet mask

Description Section 9.5 of RFC2328 “OSPF Version 2” states that the mask in Hello packets should be set to 0.0.0.0 when transmitting on unnumbered point-to-point interfaces. The EOS OSPF implementation currently sets the mask in Hello packets to 255.255.255.255 when transmitting them on unnumbered p2p interfaces. Some vendors set the mask to 0.0.0.0 while others  set the mask to 255.255.255.255 when transmitting OSPF hello packets on unnumbered point-to-point interfaces. Some vendors’ OSPF implementations require that the mask is set to 0.0.0.0 in hello packets received on unnumbered point-to-point interfaces and will drop the packets if the mask is set to...
Continue reading →

Monitor session enhancements

Description This article describes some enhanced mirroring configurations in addition to the ones described in https://eos.arista.com/advanced-mirroring-features/. Monitor Session on Mirroring Destination Overview An interface can be both RX (ingress) source and destination of different monitor sessions at the same time.  Platform compatibility DCS-7020 DCS-7280SE DCS-7500E DCS-7280R DCS-7280R2 DCS-7500R DCS-7500R2 Configuration The following commands configure Ethernet interface 2 to be the RX source of monitor session s2 and the destination of monitor session s1. switch(config)#monitor session s1 source Et1 switch(config)#monitor session s1 destination Et2 switch(config)#monitor session s2 source Et2 rx switch(config)#monitor session s2 destination Et3 Show Commands The above configurations can...
Continue reading →

Redistribution of DHCPv6 routes into OSPFv3

Description This document describes the feature that allows redistribution of DHCPv6 routes into OSPFv3. Platform compatibility This feature is supported on all platforms in multi-agent routing mode. Configuration EOS supports two configuration styles for OSPFv3. The command ‘redistribute dhcp’ can be used to redistribute DHCPv6 routes into OSPFv3. This command is available in ‘ipv6 router ospf ...’ configuration mode and the ‘address-family ipv6’ sub-mode of the ‘router ospfv3’ configuration mode. Both configuration styles are captured below. ‘router ospfv3’ configuration style The ‘redistribute dhcp’ command is available under the ‘address-family ipv6’ sub-mode of the ‘router ospfv3’ configuration mode: (config-router-ospfv3)#address-family ipv6 (config-router-ospfv3-af)#redistribute...
Continue reading →

NETCONF: Candidate Configuration Feature

Description The candidate configuration feature implements support for a candidate data store as specified in RFC6241. The candidate is a separate datastore from the running datastore and allows configuration to be manipulated and modified without affecting the running configuration. A commit RPC is used to set the running configuration to the contents of the candidate datastore. Candidate datastore support in NETCONF is advertised as a capability urn:ietf:params:netconf:capability:candidate:1.0 during session establishment. The candidate capability allows the new commit and discard-changes operations. The get, get-config, edit-config operations can specify the candidate as the source or the target datastore. Platform Compatibility All Configuration...
Continue reading →

Route Cache support for 7170

Description Route Cache is a feature where users can configure Static EVPN VXLAN routes beyond the hardware capacity. The prefixes that cannot fit in hardware use the optional Software Forwarding Engine (SFE) as the secondary forwarding plane such that routes missed in hardware can get forwarded in software. This feature is useful for cases where we need to scale up the number of static EVPN VXLAN routes but not all of those are active all the time. Platform Compatibility DCS-7170 Configuration The feature can be enabled by configuring 7170 to use “baremetal” profile using the following CLI: config#platform barefoot profile...
Continue reading →

Wake-on-LAN for Phone Trunk Ports

Description Some devices connected to Dot1x port in trunk phone mode won’t start authentication until it is awakened with a magic packet. A magic packet is a broadcast frame containing anywhere within its payload 6 bytes of all 255 (FF FF FF FF FF FF in hexadecimal), followed by sixteen repetitions of the target computer’s 48-bit MAC address, for a total of 102 bytes. When a system in place sends these magic packets from a remote subnet, the command “ip directed-broadcast” must be enabled on any SVIs of VLANs where sleeping systems reside. The remote system sends the magic packets...
Continue reading →

EVPN VXLAN Support for Wireless APs

Description Typical WiFi networks utilize a single, central Wireless LAN Controller (WLC) to act as a gateway between the wireless APs and the wired network. Arista differentiates itself by allowing the wireless network to utilize a distributed set of aggregation switches to connect APs to the wired network. This feature allows a decentralized and distributed set of aggregation switches to bridge wireless traffic on behalf of the set of APs configured to VXLAN tunnel all traffic to those aggregation switches, or their “local” APs. This is an extension of the VXLAN VTEP to VTEP bridging feature (https://eos.arista.com/eos-4-22-1f/vxlan-vtep-to-vtep-bridging/) which supports only...
Continue reading →

EVPN Control Plane Support for MSS

Description This feature enables support for Macro Segmentation Service (MSS) to insert security devices into the traffic path for VXLAN networks using an EVPN control plane. With this feature enabled, CVX will continue to monitor the network via NetDB state and will initiate intercept and offload rules. With this feature enabled, MAC and IP reachability information will be learned and distributed in user configured L2 domains via EVPN.   There are two options for pairing MSS and EVPN: Option 1: MSS + EVPN asymmetric IRB Option 2: MSS + EVPN symmetric IRB with VXLAN bridging to firewall (see https://eos.arista.com/eos-4-20-1f/evpn-irb-with-vxlan-underlay/ for...
Continue reading →

EVPN MPLS Virtual Private Wire Service (VPWS)

Description EVPN MPLS VPWS (RFC 8214) provides the ability to forward customer traffic to / from a given attachment circuit (AC) without any MAC lookup / learning.  The basic advantage of VPWS over an L2 EVPN is the reduced control plane signalling due to not exchanging MAC address information.  In contrast to LDP pseudowires, EVPN MPLS VPWS uses BGP for signalling.  Port based and VLAN based services are supported. VLAN Based Service Port Based Service Platform Compatibility DCS-7280R DCS-7280R2 DCS-7500R DCS-7500R2 DCS-7800R3 DCS-7500R3 DCS-7280R3 Configuration VPWS configuration is made up of two main components on each participating router.  The first...
Continue reading →

7368X4 Interface Configuration and Behavior

Description This document describes the configuration and behavior of physical interfaces on the 7368-series switches and Linecards (LC) including: Speed Logical ports Forward Error Correction (FEC) Precoding Transceiver Online Insertion and Removal (OIR) Hardware Description The 7368-series switch has 1 Switchcard slot and 8 usable Linecard slots. All 8 Linecard slots support Linecard Online Insertion and Removal. Linecards There are 8 slots on 7368-series switch and each slot is compatible with any of the following Linecards: 7368-16C 7368-4D/7368-4P 7368-16C Each 7368-16C Linecard has 8 pairs of (QSFP28, QSFP56) ports where each pair contains one QSFP28 100G port and one QSFP56...
Continue reading →

GUE Decap

Description Generic UDP Encapsulation (GUE) is a general method for encapsulating packets of arbitrary IP protocols within a UDP tunnel. GUE provides an extensible header format with optional data. In this release, decap capability of GUE packets of variant 1 header format has been added. This variant allows direct encapsulation of IPv4/IPV6 in UDP without the GUE header. The inner payload could be one of IPv4, IPv6, or MPLS. But only IPv4 transport is supported. The switch identifies a GUE packet based on the outer UDP destination port. Then it terminates the tunnel based on the outer destination IP and...
Continue reading →

Security ACL Filtered Mirroring

Description This article describes the support for Filtered Mirroring using security ACL. The user can selectively mirror packets based on the statement in the configured IPv4, IPv6 or MAC ACL. Platform compatibility DCS-7020 DCS-7280SE DCS-7500E DCS-7280R DCS-7280R2 DCS-7500R DCS-7500R2 Change Log 4.23.0F – initial release Support for egress IPv4 ACL 4.24.1F  Support for egress MAC ACL 4.24.2F Support for ingress IPv4, IPv6 and MAC ACLs Configuration Unlike Ingress Filtered Mirroring, where the ACL is attached to a mirror session, Security ACL Filtered Mirroring is configured using port security ACLs. For details on how to use the Mirroring Features, please refer...
Continue reading →

Support for dynamic load balancing on ECMP groups 

Description This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups. It is intended to help  overcome the potential shortcomings of traditional hash-based load balancing by considering the traffic load of members of ECMP groups. It can also identify instances where the traffic flow can be moved to some other ECMP group member based on the traffic load of the currently selected member. Platform compatibility DCS-7260CX3-64 DCS-7260CX3-64E DCS-7060DX4-32 DCS-7060PX4-32 7368 Configuration This feature can be configured using following CLI command: switch(conf)#ip hardware fib load-balance distribution dynamic To disable this feature and move back to...
Continue reading →

Dynamic CLI Access VLAN

Description Dynamic CLI Access VLAN is a command that sets the effective access VLAN in a port without changing the running configuration. The use case is to provide a means for a network management system to quarantine a port in a special VLAN where the device can update its anti-virus (for instance) before exposing the device to the rest of the network. Configuration The following command in the interface configuration node sets the dynamic CLI access VLAN: (config-if-et1)# switchport access vlan dynamic <VLANID> It’s worth emphasizing that even though this is issued in the interface configuration node, it doesn’t show...
Continue reading →

VxLAN VTEP counters on 7020R, 7280R, 7280R2, 7500R, and 7500R2 series

Description The VxLAN VTEP counters feature allows the device to count VxLAN packets received and sent by the device on a per VTEP basis. Specifically, it enables the device to count bytes and packets that are encapsulated and decapsulated as they are passing through. The counters are logically split up in the two VxLAN directions: “encap” counters count packets coming from the edge, encapsulated on the device and directed to the core “decap” counters count packets coming from the core, decapsulated on the device and heading towards the edge. To be able to count VxLAN packets the device has to...
Continue reading →

Health monitoring of free buffer counts

Description In rare circumstances, a Single Event Upset may cause an underflow in the free list of buffers of a switch chip. This can cause the chip to stop forwarding packets. Recovery from this state typically requires the affected chip to be reset. This new feature allows customers to take user-defined actions when the count of buffers in use exceeds the buffers configured in the system, with a default being to log to /var/log/messages. Platform compatibility DCS-7020R DCS-7280R DCS-7280R2 DCS-7280R3 DCS-7500R DCS-7500R2 DCS-7500R3 Configuration The HealthMonitorBuffersHandler has been added as a built-in event-handler. No configuration is required to set it...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: