Hello, I’m looking for a way to check if the running configuration is different from the startup config in order to detect uncommitted changes. Is there a way to do that in the CLI and/or the eAPI ? Thank you
BFD quick introduction: What is BFD? Bidirectional Forwarding Detection(BFD) is a low overhead protocol designed to provide rapid detection of failures in the path between adjacent forwarding engines over any media and at any protocol layer – this base protocol is defined in RFC5880. It does not operate independently, but only as an adjunct to routing protocols Operation: BFD is a simple Hello protocol that involves a pair of systems transmitting BFD packets periodically over a path between the two systems, and if a system stops receiving BFD packets for long enough , that bidirectional path is assumed to have...
Continue reading →
Description The ‘show interfaces interactions’ command aims to provide users a resource that explains various relationships between ethernet interfaces. It describes interactions in which a configuration on an interface causes another set of interfaces to become inactive or have reduced capabilities. Examples include a primary interface consuming subordinate interfaces to service a four-lane speed or platform restrictions that require four interfaces of a port to operate at the same speed. Platform compatibility With the EOS-4.21.3F release, the command is supported on the following products: 7280QR-C72 7280QRA-C36S With the EOS-4.23.1F release, the command is supported on the following products: 7060DX4-32 7060PX4-32...
Continue reading →
Introduction Proxmox is an open source server virtualization solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, high availability clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. The purpose of this article is to assist in deployment of Arista’s Cloudvision Portal (CVP) within Proxmox VE. The benefit of utilizing CVP within Proxmox VE is that it offers an open source, subscription free option for those who may not be able to afford proper VMware licensing for lab/demo deployments and/or would like to utilize the rich, open source feature set provided by Proxmox...
Continue reading →
Introduction For many years, network deployments for enterprise Internet edge environments have consisted of dedicated routing platforms and a switching or aggregation layer to distribute this to various network zones. With the advances in merchant silicon forwarding engines and the software expertise put into Arista’s Extensible Operating System (EOS), we can now fully replace this legacy architecture with a collapsed routing and switching layer using Arista R Series platforms. Arista R Series platforms allow for holding a full copy of the Internet routing table for both IPv4 and IPv6 in hardware (the Forwarding Information Base, or FIB) with plenty of...
Continue reading →
Description This article describes speed configuration for the management SFP port. Platform compatibility DCS-7300-SUP2 DCS-7300-SUP2-D DCS-7368-SUP DCS-7368-SUP-D DCS-7800-SUP Configuration The user may configure the management SFP port’s speed to either “auto” or “forced 1000full”. The default value is “auto”. switch(config)#interface ma1/2 switch(config-if-Ma1/2)#speed forced 1000full Show Commands The port’s configuration settings can be seen using the following command. switch(config-if-Ma1/2)#show interface ma1/2 status Port Name Status Vlan Duplex Speed Type Flags Encapsulation Ma1/2 connected routed full 1G 1000BASE-T Limitations The speed “forced 1000half” is not supported. Attempts to set the speed to this value will result in a silent failure. The port’s...
Continue reading →
Description The ‘show interfaces interactions’ command aims to provide users a resource that explains various relationships between ethernet interfaces. It describes interactions in which a configuration on an interface causes another set of interfaces to become inactive or have reduced capabilities. Examples include a primary interface consuming subordinate interfaces to service a four-lane speed or platform restrictions that require four interfaces of a port to operate at the same speed. Platform Compatibility With the EOS-4.21.3F release, the command is supported on the following products: 7280QR-C72 7280QRA-C36S With the EOS-4.23.1F release, the command is supported on the following products: 7060DX4-32 7060PX4-32...
Continue reading →
Motivation The term Hybrid Cloud is not clearly defined but the most common definition is a scenario where a customer wants to combine resources in their own data centre (the private cloud) with resources in the public cloud. To allow these services to communicate, a connection between the two cloud environments needs to be established. Most cloud providers offer two options: An Internet Protocol Security (IPsec)-based Virtual Private Network (VPN) connection using the Internet as a transport media and a private link using dedicated lines or equivalent technology. In this article, we cover the VPN based approach using EOS-based services...
Continue reading →
ClearPass TACACS+ Authorization with CVP Introduction The purpose of this article is to learn how to correctly set up the TACACS+ service in Aruba ClearPass in order to successfully authenticate on the CVP GUI as a network admin. Our goal is to configure ClearPass Policy Manager [CPPM] to send us the cvp-roles=network-admin attribute in the TACACS+ Authorization reply packet. By default this does not happen, because cvp-roles is a custom attribute that has to be added to the TACACS+ dictionary on any type of TACACS+ implementation. Without this, the default role of network-operator will be allocated to the user, that...
Continue reading →
Hi Forum, In the linux world I work with text files, I edit then (submit to source control on occasion, I might even write an ansible role), then hang up a process and I have a new personality of the device. Is there an existing feature within EOS or a planned features that supports this type of action? Or is the view that with effective out of band management it’s all a bit unnecessary? My own practical experience is, sadly, I get a load of blockers for out of band (security, cost etc) and I have to “get on with...
Continue reading →
Introduction In this document we will demonstrate how to effectively leverage Arista’s vEOS Router in a Transit – Edge VPC model to satisfy a common security use case. As most companies look to move into the public cloud space, security vulnerabilities have gained more focus than ever before. Objective Provide a centralized security model within an AWS region, which will allow for ease of visibility and control. Deploying separate AWS Internet Gateways in every VPC, increases complexity and vulnerabilities in the public cloud space. Prerequisites This document assumes that you have the following architecture deployed: A Transit – Edge VPC topology deployed...
Continue reading →
Overview In high performance leaf and spine networks the Arista 7280R Series enables a high level of flexibility with a common consistent architecture, with a choice of 1RU and 2RU fixed systems, 10G to 100G interface speeds and port density up to 72 ports of 40G and 60 ports of 100G. The 7280R Series include the ability for enabling multiple speeds on QSFP ports, with a per interface configuration that is optimized for the maximum overall system flexibility. On some members of the 7280R Series to maximise the total system port count, and at the same time facilitate the most...
Continue reading →
By default all ports on an Arista switch are configured to be switch ports, as you would expect. If you are mostly dealing with routed ports, this behaviour may not be totally desirable. Starting in EOS-4.18.0, this behaviour is configurable e.g. we can have all interfaces in routed mode by default. switch1...11:10:56(config)#show run int et 1-4interface Ethernet1interface Ethernet2interface Ethernet3interface Ethernet4switch1...11:11:00(config)#show interface Et1-4 switchport | i Name|Switchport:Name: Et1Switchport: EnabledName: Et2Switchport: EnabledName: Et3Switchport: EnabledName: Et4Switchport: Enabled To change the default, simply issue the configuration command switchport default mode routed As you can see, all interfaces are now in routed mode by default:...
Continue reading →
Introduction There are many network architectures, which include a separate network for out-of-band management. All Arista switches come with at least one designated management interface that is VRF-aware. When VM Tracer is configured on an Arista switch, by default, vCenter communication will be sourced from the management interface. There are situations where a layer 2 switch has the management interface configured in a separate VRF, not reachable from the vCenter network segment. Objective Create reachability to vCenter from layer 2 switches that have the management interface configured in a separate VRF, not reachable from the vCenter network segment. Prerequisites Proper VM Tracer configuration...
Continue reading →
Arista 7280QR-C36 The Arista DCS-7280QR-C36 switch is a purpose built flexible fixed configuration 1RU system capable of supporting a wide range of interface choices. Its designed for the highest performance environments such as IP Storage, Content Delivery Networks, Data Center Interconnect and IP Peering. The 7280QR-C36 is optimized for environments with dual connected nodes such as storage and for spine applications with dual homed leaf switches. This technical application note describes the internal optimized load-balancing mechanism used within the switch and how network architects can best deploy this system to maximize overall system performance. The internal architecture of the DCS-7280QR-C36...
Continue reading →
Why is PTP Multicast Routing Needed? PTP is a highly precise time protocol, the best practice for PTP is to introduce devices as PTP-Transparent (vs Passive) if the device is L3 and does not act as Boundary Clock. Any introduction of PTP-Passive devices in the path reduces the accuracy of the protocol. Both Transparent and Passive devices require additional configuration in order to forward the PTP stream. If a device must also manage a control-plane flow (and hence has a dependency on the control traffic), this can also reduce the accuracy of PTP. Due to this, and as the capability for a...
Continue reading →
Overview MLAG ISSU (In-Service Software Upgrade) upgrades EOS software on one MLAG peer with minimal traffic disruptions on active MLAG interfaces and without changing the network topology. Note: Traffic impact could be seen for orphan links, active partial links and packets in flight MLAG considerations before upgrade I. Check for configuration inconsistencies Following features should be configured consistently on each switch: VLANs Switchport configuration on port channel interfaces that are configured with an MLAG ID STP configuration (global) In EOS versions 4.15.2F onwards, we can use MLAG configuration check feature: https://eos.arista.com/eos-4-15-2f/mlag-config-check/ II. Resolve ISSU warnings Resolve the following warnings before...
Continue reading →
Description: This article shows how to implement 4-eyes-principle, task separation and delegation in your network. In this particular example, you can delegate configuration preparation to the operators team, retaining the control to commit the submitted changes, and having a delayed roll-back as a safety network in case something went wrong. Please also refer to the article “How to keep last X startup configs” for further tips on config handling and versioning. Since this article has been published, there have been quite a few improvements to the way EOS handles configurations sessions. Please refer to “Config Checkpoint” and “Config Session Commit...
Continue reading →
If you would like to keep track of last 10 (or more, or less) configuration changes, here’s the event-handler code to do that: event-handler config-versioning trigger on-startup-config action bash FN=/mnt/flash/startup-config; LFN="`ls -1 $FN.*-* | tail -n 1`"; if [ -z "$LFN" -o -n "`diff -I 'last modified' $FN $LFN`" ]; then cp $FN $FN.`date +%Y%m%d-%H%M%S`; ls -1r $FN.*-* | tail -n +11 | xargs -I % rm %; fi delay 0 Description: Every time the startup config gets changed, this event handler will be executed (“trigger on-startup-config”). You could increase the delay, if you wish, but now it’s engaged immediately...
Continue reading →
I am configuring a pair of new Arista 7050T switches in MLAG. My question relates to port configurations for the ports that will connect to the 6 x ESX hosts. Each host has 2 dual port NICS and 2 vDS (1 for VM and 1 for IPStorage). Each vDS has a single uplink to each NIC(2 in total) and each NIC is connected to both switches. 1. When using vmtracer is the only config I need on the port “vmtracer vmware-esx” and this implements best practices regarding spanning-tree, switchport mode, flow control etc on each port or is this command...
Continue reading →
