• Tag : 4.25.2F

 
 

Vlan tagged MACsec

Description In addition to MACsec on physical interfaces (see https://eos.arista.com/eos-4-15-4f/macsec), MACsec can also be enabled on subinterfaces. Since subinterfaces are logical interfaces that send and receive VLAN tagged traffic, encryption/decryption is applied per VLAN tag. The vlan tag stays “in the clear” and is not encrypted. Platform compatibility DCS-7050CX3M-32S Configuration MAC Security profiles can be enabled on subinterfaces using the following command: Arista(config-if-Et1.10)#[no|default] mac security profile <profile-name> A Configuration Example The following example enables mac security on a subinterface with a predefined macsec profile ‘test-profile’. Arista(config)#interface ethernet1 Arista(config-if-Et1)#no switchport Arista(config-if-Et1)#interface ethernet1.10 Arista(config-if-Et1.10)#encapsulation dot1q vlan 20 Arista(config-if-Et1.10)#mac security profile test-profile Syslog...
Continue reading →

BGP Labeled Unicast Hitless Restart Support

Description EOS 4.25.2F adds support for BGP LU hitless restart in the multi-agent routing protocol model This feature preserves the BGP LU routes across the BGP agent restart. It conforms to the BGP restarting speaker procedure described in RFC 4724. Related TOI: Bgp NSF TOI: https://eos.arista.com/eos-4-15-2f/bgp-nsf Configuration Graceful restart and optional convergence related parameters can be configured under “router bgp” mode as described in the Bgp NSF TOI referenced above. Additionally, the following commands are now also available under “address-family ipv4|ipv6 labeled-unicast” modes in the default VRF. Command Syntax :   [ no | default ] graceful-restart Command Syntax :...
Continue reading →

EOS support for class E addressing ( 240/4 )

Description The feature allows assigning of class E addresses to interfaces by default with no option to turn that off and routing of E class addresses remains disabled by default. The feature provides a cli command that enables E class addresses to be routed through BGP, OSPF, ISIS, RIP, static routes and programmed to the FIB and kernel. Class E reserved addresses are 1/16 of the total address space so the option to use them extends potential deployment scale. Platform compatibility This feature is platform independent. Configuration This feature is configured under router general config. Command: [ no | default...
Continue reading →

Resilient ECMP deduping

Description Routes covered by a resilient equal-cost multi-path (RECMP) prefix are types of routes that make use of hardware tables dedicated for equal-cost multi-path (ECMP) routing. Resilient ECMP deduping is a new feature wherein the switch will reactively attempt to reduce the number of ECMP hardware table entries allocated by forcing routes that share the same set of next hops but point to different hardware table entries to point to the same hardware table entry when hardware resource utilization is high. Forcing RECMP routes to change the hardware table entry that they point to may potentially cause a traffic flow...
Continue reading →

BFD session telemetry

Description BFD (Bidirectional Forwarding Detection) session telemetry allows for the collection of per-session statistics as well as rbfd kernel module statistics to be automatically collected at a set interval and stored in shared memory where Cloud Vision Portal (CVP) or other applications may gather them.  Previously, this information was only available to the user via execution of several CLI show-commands.  In addition, several new statistics have been added which are updated within the session-stats interval and provide a finer “snapshot” view of session health than the previously-available session lifetime statistics.  This feature supports both hardware-accelerated and software (kernel module) accelerated...
Continue reading →

802.1br-E/VN Tag Stripping

Description This article describes a feature for Tap Aggregation mode, which strips IEEE 802.1BR E-Tag and Cisco VN-Tag headers from all tagged packets received on tap interface before delivering them out of tool interfaces. Untagged packets are unaffected. This feature may be useful for third-party tools and/or packet analyzers which cannot parse these headers. Platform Compatibility DCS-7280R/R2/R3 DCS-7500R/R2/R3 DCS-7800R3 DCS-7020R Configuration By default, Arista switches do not strip BR-E/VN tags from ingress packets. On DCS-7280R/R2, DCS-7500R/R2, and DCS-7020R BR-E/VN tag stripping is globally configured for Tap Aggregation. This means that packet ingressing any tap port will have their BR-E/VN tags...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: