• Tag : 4.26.0F

 
 

Flexible Interface Encapsulation (FlexEncap)

Description EOS supports the ability to match on a single VLAN tag (via encapsulation dot1q vlan 10)  or a VLAN tag pair (via encapsulation dot1q vlan 10 inner 20) to map a packet to an interface. In this case, the encapsulation string is considered consumed by the mapped interface before forwarding, which means that the tags are effectively removed from the incoming packet for the purposes of any downstream forwarding.   The Flexible Encapsulation feature provides a wider range of behaviors: retaining the received tag(s) or rewriting them to new values. The FlexEncap is usually used in conjunction with pseudowires...
Continue reading →

Inband Network Telemetry (INT) Support on 7170

Description The  Inband Network Telemetry – eXport Data (INT-XD) feature is used to gather flow, queue, drop telemetry information like network path, hop latency, queue congestion, drop reasons etc which are used for network monitoring and troubleshooting. INT-XD supports flow, queue and drop telemetry reports. Flow telemetry report is generated from flow events. Flow events include new flows, change in the attributes of flow like ingress/egress port or latency. Flow reports include information about the path that packets traverse as well as other telemetry metadata such as hop latency and queue occupancy. Drop reports provide visibility into the impact of...
Continue reading →

User-defined TCAM Profiles

Description This article describes how to customize TCAM ( Ternary Content Addressable Memory ) lookup for each feature which uses TCAM. Lookup is composed of fields, in the packet header / forwarding chip pipeline decisions, that are of interest to a feature. Size of the lookup determines the number of banks to be used by a feature. Traditionally, any feature usesuse a predefined TCAM  lookup. As TCAM is a scarce resource, features which use it may run out of hardware resources. Listed below are some of the reasons for TCAM exhaustion, Number of features using TCAM is high, One or...
Continue reading →

Enabling ALPM with Flexible UFT mode

Description ALPM (Algorithmic Longest Prefix Management) is a scheme in which the route prefix is split and stored across DEFIP (tcam table for longest prefix matched (LPM) lookup) and ALPM tables. When this mode is enabled, a portion of shared table memory (UFT) is used to store route prefixes. This would increase the overall route scale. Flexible UFT mode is a UFT partition which allows more fine-grained allocation of UFT resources. Prior to Flexible UFT mode, UFT resources can only be used by L2 entries, L3 hosts or LPM entries. Earlier, the partitioning among L2 entries, L3 hosts and LPM...
Continue reading →

400GBASE-ZR Transceivers TOI Update

Description This TOI details the following feature additions: Support of 4x100G mode for the 400GBASE-ZR transceivers Support of 400GBASE-ZR with Open Forward Error Correction (O-FEC) The ability to override a transceiver slot’s maximum power limit Configuration Configuring 4x100G mode for 400GBASE-ZR transceivers 4x100G mode implements integrated muxponder function, combining 4 low-speed 100G interfaces into one 400G network stream. 4x100G mode connects 4 host ethernet interfaces, over electrical interfaces 100GAUI-2 to the single optical lane, acting as 4×1 muxponder. In order to enable this mode on a 400GBASE-ZR transceiver the speed on each of the 4 interfaces has to be configured...
Continue reading →

LANZ Support on the 7170 Series

Description 4.26.0F adds Latency ANalyZer (LANZ) support to the Arista 7170 series. LANZ monitors the egress queue usage through periodic readings of the high watermark. If a watermark reading is equal to or higher than a configurable high threshold, a congestion event is created and optionally logged. Consecutive high readings are considered to belong to the same congestion and the congestion duration is updated until a reading below or equal to a configurable low threshold is read. LANZ uses the congestion events to provide historical congestion data and per queue congestion statistics. LANZ is detailed in the Latency Analyzer (LANZ)...
Continue reading →

Dual Stack Underlay Support for VXLAN with EVPN Control Plane

Description This feature allows a Data Center (DC) operator to incrementally migrate their VXLAN network from IPv4 to IPv6 underlay when using the EVPN control plane. It is meant for brownfield deployments where operators are considering transitioning their VXLAN network to IPv6 underlay but do not want to migrate their whole network at the same time. This feature allows them to migrate parts of their network to IPv6 and leave the rest of the network untouched, without any overlay network partitioning. The incremental transition is achieved using the concept of a dual-stack VTEP.  Dual Stack VTEPs and incremental migration A...
Continue reading →

Support for streaming VOQ counters in Octa

Description This feature adds support for streaming the output of the following show command in Octa: show cpu counters queue summary Platform compatibility The platforms supported are all devices of the following series: 7020 7280 7500 7800 Configuration The feature can be enabled with the following commands: switch(config)#management api models switch(config-mgmt-api-models)#provider http-commands switch(config-provider-http-commands)# command show cpu counters queue summary 1 minutes The interval is optional, and defaults to 1 minutes. The counters are available under these paths: /Cpu/counters/queue/egressQueues /Cpu/counters/queue/ingressVoqs CLI correspondence The paths correspond to the output of show cpu counters queue summary. For example, for the Aggregate CPU counters,...
Continue reading →

MACsec configurable MKA lifetime

Description Media Access Control Security (MACsec) is an industry-standard encryption mechanism that protects all traffic flowing on the Ethernet links. MACsec is based on IEEE 802.1X and IEEE 802.1AE standards. MKPDUs are transmitted at regular intervals of MKA Hello Time, which is 2s by default, to prove the liveness of the connectivity association members. Live Peers List and a Potential Peers List are maintained and advertised, to avoid a new participant having to respond to each MKPDU from each partner in the connectivity association (CA). Peers are removed from each list when an interval of between MKA Life Time and...
Continue reading →

7800R3/7500R3/7280R3 L2 EVPN MPLS Support

Description The L2 EVPN MPLS feature is available when configuring BGP in the multi-agent routing protocol model. Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers. The release in which different features were supported in different platforms are as below: Feature Platform Release L2 EVPN MPLS SingleHoming DCS-7280R3, DCS-7500R3, DCS-7800R3 EOS-4.26.0F L2 EVPN MPLS MultiHoming DCS-7280R3, DCS-7500R3 and DCS-7800R3 EOS-4.27.0F Platform Compatibility DCS-7280R3 DCS-7500R3 DCS-7800R Configuration L2...
Continue reading →

Aboot Firmware Update

Description This feature supports to upgrade Aboot firmware via an Aboot Update File (AUF). The aim is to be able to provide a signed method of upgrading Aboot in the field. Platform compatibility Supported on all EOS platforms. Configuration An AUF file can be loaded on a device using the following command: install bios source SOURCE [ active | standby ] [ reload ] [ now ] Where: SOURCE is the location where the AUF is located. Active and standby optionally select the supervisor on a modular system. Both supervisors are upgraded by default, with active followed by standby. Reload...
Continue reading →

Postcard Telemetry

Description The postcard telemetry feature is used to gather per flow telemetry information like path and per hop latency. For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency and congestion information for flows at different times. Postcard telemetry samples flows at every switch, aggregates them and sends the samples to a collector with path and latency information using GRE encapsulation. For calculating latency information, switches in the network need to be in PTP sync. This information is processed by the collector and may be stored in a time series database for providing per...
Continue reading →

EVPN Single-active Multihoming & Preference-based DF Election

Description Single-active multihoming Multihoming in EVPN allows a single customer edge (CE) to connect to multiple provider edges (PE or tunnel endpoint). The default mode of operation is all-active, in which the CE connects using link aggregation and can send traffic to either PE by hashing (or any other means) and expect the traffic to be successfully delivered. Introduced in EOS 4.26.0F for VXLAN and 4.27.0F for MPLS, single-active is an alternative mode of operation in which only one PE per VLAN per ethernet segment accepts traffic. Any other PE in the ethernet segment will drop all inbound packets, effectively...
Continue reading →

Syslog with TLS support

Description This feature adds TLS support to the existing syslog logging mechanism. With the new added CLI commands, the user can specify an SSL profile when configuring a remote syslog server. Once configured, any traffic between the Arista device and the syslog server will be sent over TLS connections. By using TLS connections, syslog is better protected against attacks and information leakage. Platform compatibility This feature is compatible on all platforms. Configuration CLI command A remote syslog server can be configured with an SSL profile using the following CLI command: switch(config)#logging host test.example.com 1234 protocol tls ssl-profile test-profile In this...
Continue reading →

Flood traffic filtering with EVPN

Description There are use cases where all broadcast, multicast  and unknown MAC traffic are not needed to be flooded into the VxLAN fabric managed by EVPN. Some cases are okay with flooding only the ARP request broadcast traffic and ND multicast traffic into the fabric. There may be other cases where flooding ARP plus other traffic is allowed but not all broadcast traffic into the fabric. In some cases there is a requirement to prevent broadcast packets from being flooded into the Vxlan fabric except for the ARP request broadcast packets and that too in a rate limited fashion. These...
Continue reading →

MACsec LLDP Bypass

Description Media Access Control Security (MACsec) is an industry standard encryption mechanism that protects all traffic flowing on the Ethernet links. MACsec is based on IEEE 802.1X and IEEE 802.1AE standards. By default, if MACsec configuration is applied on the interface, then it encrypts and decrypts all the other protocols PDU and other data packets. This document talks about a feature which allows LLDP protocol packets to bypass encryption and decryption. Additionally, from release 4.26.0F, there is a way to allow LLDP packets to be sent/received from the port even when the port is not authorized i.e. even when MKA...
Continue reading →

Disable ingress interface from LAG hashing

Description In older EOS releases the ingress interface was always included in LAG hash calculations input together with other currently configured fields, for instance source/destination MAC addresses, source/destination IP addresses and or L4 ports, etc. A new CLI was added to control the inclusion of the ingress interface to the LAG hash.  Having an ingress interface as one of the inputs to LAG hash calculation ensures that the same flows of packets (identified by a unique set of selected packet fields) will be transmitted out of different members of a LAG. There may be a need to disable this behavior,...
Continue reading →

LSP ping/traceroute for BGP labeled unicast tunnels

Description The MPLS ping/traceroute utilities were extended in EOS version 4.26.0F to support connectivity checking of BGP labeled unicast (BGP LU) tunnels. Platform compatibility This feature is platform independent, and is also supported by vEOS-lab/cEOS-lab. CLI commands MPLS ping over BGP labeled unicast tunnels Command syntax and optional arguments for IPv4 tunnel endpoints: nlrtr1#ping mpls bgp labeled-unicast ip ? A.B.C.D Match this IP address A.B.C.D/E Destination prefix nlrtr1#ping mpls bgp labeled-unicast ip 10.7.7.7/32 ? bgp BGP next hop pad-reply Indicates that the reply should copy the Pad TLV repeat specify repeat count size Specify packet size in bytes source Specify...
Continue reading →

Sharing BGP update groups between similar RCF functions

Description In EOS, BGP creates different update groups based on the outbound configuration. Different route maps or Routing control functions (RCF) result in different update groups. A user can configure multiple RCF functions with functionally identical contents intended for use as outbound configuration for various peers. For example a user may wish to have a unique RCF function per peer, even though all of these RCF functions are identical. This would allow the user to modify the policy for a specific peer without impacting other peers. This enhancement allows a user to choose the above pattern without incurring the memory...
Continue reading →

VxLAN DSCP Mapping

Description This feature allows selecting Differentiated Services Code Point ( DSCP ) and Traffic Class ( TC ) values for packets at VTEPs ( VxLAN Tunnel Endpoint) along VxLan encapsulation and decapsulation directions respectively.  DSCP is a field in IP Header and TC is a tag associated with a packet within the switch, both influence the Quality of Service the packet receives. This feature can be enabled via configuration as explained later in this document. In the encapsulation direction, an incoming packet from an edge port is encapsulated with a new IP and VxLan header before being sent out to...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: