• Tag : 4.25.2F

 
 

DHCP Snooping

EOS supports the DHCP Relay feature, which relays DHCP Requests/Responses between DHCP clients and DHCP servers in different subnets. However, the DHCP server does not have visibility of where the request originated from and can only make IP address allocation decisions based on the client MAC address alone (client MAC address is included in the DHCP packet as part of the payload). To remedy that, DHCP Option-82 was formalized to allow relay agents to include Remote ID and Circuit ID so that DHCP servers can apply a more intelligent allocation policy.Switch intercepts DHCP requests from the client and inserts Option-82...
Continue reading →

Redistributing OSPFv2 routes between multiple instances

Description This feature may be used for redistributing OSPFv2 leaked and non leaked routes from one instance to another when multiple OSPFv2 instances are configured. Platform compatibility This feature is supported on all platforms in the multi-agent routing mode. Configuration This feature is configured under the “router ospf …” mode. switch(config-router-ospf)#redistribute ospf instance [ include leaked ] [ match ( external | internal | nssa-external ) ] [ route-map <route-map-name> ] Either non leaked routes or both leaked and non leaked routes can be redistributed using the command switch(config-router-ospf)#redistribute ospf instance ? include Include leaked routes match Routes learned by...
Continue reading →

Support for sFlow sample truncation size

Description By default, sFlow samples that are generated have a fixed size: 128 bytes. This feature adds support for a configurable option to configure software sFlow sample truncation size between the range of [128, 512]. When a sample packet size is less than configured sample truncate size, the sample is not truncated. However, if a sample is bigger than the configured sample truncate size, the sample is truncated to the configured value. Supported platforms All devices supporting software sFlow  Configuration To configure sFlow sample truncation size between [128, 512], the following configuration can be applied. By default, the sFlow sample...
Continue reading →

R-series drop VOQ monitoring

Description The current behaviour on R-series products is to drop all packets marked for drop by the chip Packet Processor in the hardware, meaning visibility into the drops is limited to getting a count of the number of packets sent to each drop VOQ corresponding to a drop reason via show hardware counter drop. This feature allows a sample of packets trapped to drop VOQs to be sent to the supervisor along with accompanying internal Jericho-family packet processor system headers for debug purposes, with received packets being sent out the source kernel interface and visible in tcpdump. This will give...
Continue reading →

Group-based Multi-domain Segmentation Services (MSS-Group)

Description The Segment security feature provides the convenience of applying policies on segments rather than interfaces or subnets. Hosts/networks are classified into segments based on prefixes. Grouping prefixes into segments allows for definition of policies between segments that govern flow of traffic between them. Policies define inter-segment or intra-segment communication rules, e.g. segment A can communicate with segment B but hosts in segment B can not communicate with each other. By default traffic destined to a given segment is dropped and explicit allow policies are required to allow communication. Policy configurations in this feature are unidirectional. To allow or drop...
Continue reading →

Sampled Flow Tracking IPv4 Hardware Offload

Description Sampled flow tracking with IPFIX export is supported on most of the Arista platforms. User configured sampling rate is used for sampling in ingress direction on the configured interfaces. An EOS software agent on CPU processes samples received from hardware, samples are used to create flow records that are exported to IPFIX collectors. Refer to Sampled flow tracking TOI for additional details.    The hardware offload feature maintains the IPv4 flow cache in hardware whilst also offloading CPU intensive tasks like packet parsing and counting packets and bytes for flows to the hardware. Both IPv4 and IPv6 flow information...
Continue reading →

Sampled flow tracking with IPFIX export

Description Network administrators require access to flow information that passes through various network elements, for the purpose of analyzing and monitoring their networks. This feature provides access to IP flow information by sampling traffic flows in ingress direction on the interfaces on which it is configured. The samples are then used to create flow records, which are exported to the configured collectors in the IPFIX format. Terminology Flow tracker : Collection of interfaces (observation points) on which samples are collected and flow records are created. It has one or more Exporters. Exporter : Device that sends flow records to one...
Continue reading →

L2 EVPN MPLS Shared ESI Label

Description In a multihomed EVPN MPLS configuration, BUM packets sent from a non-designated forwarder (Non-DF) PE to a designated forwarder (DF) PE must carry ESI label advertised by the egress DF PE. When the egress DF PE receives a packet with ESI label that it has advertised, it does not forward the packet on the ethernet segment (ES) corresponding to that ESI label. This avoids sending the packet back to the same ES from which the BUM packet originated. However, when a DF election is triggered, a PE may change its role from being Non-DF to DF. Since DF election...
Continue reading →

Support for TapAgg GRE tunnel termination

Description This feature terminates GRE packets on a TapAgg switch by stripping the GRE header and then letting the decapped packets go through the normal TapAgg path. With this feature, we can use an L3 GRE tunnel to transit tapped traffic to the TapAgg switch over an L3 network. That would widely extend the available use cases for TapAgg. Support IPv4 GRE tunnel interface only. Support different GRE types that include IPoGRE, L2GRE, GREenSPAN, ERSPAN and GREenTAP. Do packet forwarding/steering on the decaped packets. Not routing. Packets can be forwarded to a set of tool ports. Have a command to...
Continue reading →

Support for Traffic Policy on interfaces

Description Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries are reduced by masking off bits, if possible. TCAM...
Continue reading →

IGP cost for VTEP reachability

Introduction In EVPN deployment with VXLAN underlay when an EVPN type-5 prefix is imported into an IP VRF, the IGP cost of the underlay VTEP reachability is not considered as part of BGP bestpath selection post import. Therefore, if such a prefix is reachable via more than one VTEPs, the IGP metric step in the BGP best-path selection algorithm will not filter out any paths irrespective of the underlay’s IGP metric for the VTEP reachability. If ECMP is enabled in the overlay and multiple paths are found to be otherwise equivalent,  such paths would  form ECMP regardless of the IGP...
Continue reading →

VRRP support on 7280R3, 7500R3 and 7800R3 series

Platform Compatibility In EOS-4.25.2F release, VRRP support is enabled on the following platforms, DCS-7280R3 DCS-7500R3 DCS-7800R3 Configuration There are no configuration changes to the VRRP support. On 7280R3, 7500R3 and 7800R3 series, maximally 14 unique VRRP groups can be configured along with VARP and MLAG Peer gateway virtual MAC capabilities. Syslog messages When an oversubscription is detected during VRRP configuration, a syslog message such as the following is emitted. To resolve an oversubscription, remove one or more VRRP group configurations. "Virtual routing configuration, including VARP, MLAG Peer MAC, and VRRP exceeds the hardware limitation of 16 unique MAC addresses." Once...
Continue reading →

Tap Aggregation hardware forwarding profile

Description As of EOS-4.25.2F some advanced Tap Aggregation features require the hardware forwarding profile to be set. On EOS-4.25.2F these features are MPLS Pop and 802.1br-E/VN Tag Stripping. Setting the hardware forwarding profile will not affect the functionality of any other features that are supported while in Tap Aggregation mode. However, changing the forwarding profile does interrupt forwarding for a short period of time while the new configuration is applied. Platform compatibility DCS-7280R3 DCS-7500R3 DCS-7800R3 Configuration The default hardware forwarding profile can be set globally with the “hardware forwarding system profile” command: (config)#hardware forwarding system profile system-profile-tap-aggregation When not in...
Continue reading →

Support BGP PIC edge for EVPN VXLAN routes for remote VTEP failures

Description Prior to 4.25.2F, support for BGP PIC was restricted to locally identifiable failures such as link failures. If a remote VTEP went down, this would require action by the IGP and BGP to recompute a new best path traffic destined to affected BGP prefixes originally reachable by the problematic VTEP. This feature introduces support for RFC8971 (BFD for VXLAN) for EVPN learned VTEPs to improve convergence times in these scenarios by tying the liveness detection provided by the BFD sessions into existing BGP PIC support for software fast-failover. Without this feature, until the underlay route providing reachability to the...
Continue reading →

Storm Control Speed Rate Support

Description Storm control enables traffic policing on floods of packets on L2 switching networks. The documentation describes the storm control feature with the speed percentage rate support on the following platforms. The feature support on other platforms is available in the EOS manual. Platform compatibility DCS-7280R3 DCS-7500R3 DCS-7800R3 Configuration CLI command to configure storm-control with a speed percentage rate: switch(config-if-Et1)# [no] storm-control [ broadcast | multicast | unknown-unicast ] level [ <0.01-99.99> ] Sample config: switch(config-if-Et1)# storm-control broadcast level 0.01 switch(config-if-Et1)# storm-control multicast level 50 switch(config-if-Et1)# storm-control unknown-unicast level 99.99 switch(config-if-Et1)# no storm-control ? broadcast Configure storm control for broadcast...
Continue reading →

Storm Control Packet-per-second Support

Description 4.25.2F introduces storm control with packet-per-second support in the platforms listed below. TOI describing the feature in other platforms/versions, including CLI command details, is available here. Platform compatibility DCS-7280R3 DCS-7500R3 DCS-7800R3 Syslog Messages When configuring storm control pps with ingress protocol counters, the following syslog message may be generated if a conflict is detected with another enabled feature. SandCounters: %DATAPLANE-4-COUNTER_RESOURCE_CONFLICT: Counter resource conflict between features StormControlMeterIngress and Ipv4v6Ingress When configuring storm control pps while there are insufficient hardware counter resources, the following syslog message may be generated. SandCounters: %DATAPLANE-4-COUNTER_RESOURCE_FULL: Hardware resources are insufficient to enable counters for feature StormControlMeterIngress...
Continue reading →

Support for Static Topology

Description This feature addresses cases where the deployment infrastructure in an OpenStack setup which manages Virtual Machines and Bare Metal servers does not provide a support for enabling LLDP on interfaces connecting hosts to switches. As a result the topology information does not appear on CVX. An example of this case is some deployments of OpenStack that do not provide a good way to enable LLDP for DPDK interfaces. Even with manual configuration of LLDP on hypervisors, the configuration does not persist after OpenStack redeployment. With this feature, the topology can be configured statically using the CLI on CVX without...
Continue reading →

DHCP Relay

Introduction DHCP Relay feature forwards DHCP packets between client and server when the DHCP Server is not in the same broadcast domain as the client. DHCP Relay should be configured on the gateway interface (SVI/ L3 interface ) for the clients. DHCP Relay agent creates a new unicast DHCP packet and sets the giaddr field to the ‘primary’ IP address of the interface on which DHCP request packet is received. The modified request packet is then relayed to one or more configured DHCP servers. DHCP server assigns ip address to client from the pool corresponding to giaddr field. Platform Compatibility...
Continue reading →

Vlan tagged MACsec

Description In addition to MACsec on physical interfaces (see https://eos.arista.com/eos-4-15-4f/macsec), MACsec can also be enabled on subinterfaces. Since subinterfaces are logical interfaces that send and receive VLAN tagged traffic, encryption/decryption is applied per VLAN tag. The vlan tag stays “in the clear” and is not encrypted. Platform compatibility DCS-7050CX3M-32S Configuration MAC Security profiles can be enabled on subinterfaces using the following command: Arista(config-if-Et1.10)#[no|default] mac security profile <profile-name> A Configuration Example The following example enables mac security on a subinterface with a predefined macsec profile ‘test-profile’. Arista(config)#interface ethernet1 Arista(config-if-Et1)#no switchport Arista(config-if-Et1)#interface ethernet1.10 Arista(config-if-Et1.10)#encapsulation dot1q vlan 20 Arista(config-if-Et1.10)#mac security profile test-profile Syslog...
Continue reading →

BGP Labeled Unicast Hitless Restart Support

Description EOS 4.25.2F adds support for BGP LU hitless restart in the multi-agent routing protocol model This feature preserves the BGP LU routes across the BGP agent restart. It conforms to the BGP restarting speaker procedure described in RFC 4724. Related TOI: Bgp NSF TOI: https://eos.arista.com/eos-4-15-2f/bgp-nsf Configuration Graceful restart and optional convergence related parameters can be configured under “router bgp” mode as described in the Bgp NSF TOI referenced above. Additionally, the following commands are now also available under “address-family ipv4|ipv6 labeled-unicast” modes in the default VRF. Command Syntax :   [ no | default ] graceful-restart Command Syntax :...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: