• Tag : configuration

 
 

Deploying Cloudvision Portal (CVP) on Proxmox VE

Introduction Proxmox is an open source server virtualization solution based on QEMU/KVM and LXC.  You can manage virtual machines, containers, high availability clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. The purpose of this article is to assist in deployment of Arista’s Cloudvision Portal (CVP) within Proxmox VE.  The benefit of utilizing CVP within Proxmox VE is that it offers an open source, subscription free option for those who may not be able to afford proper VMware licensing for lab/demo deployments and/or would like to utilize the rich, open source feature set provided by Proxmox...
Continue reading →

Configurations and Optimizations for Internet Edge Routing

Introduction For many years, network deployments for enterprise Internet edge environments have consisted of dedicated routing platforms and a switching or aggregation layer to distribute this to various network zones.  With the advances in merchant silicon forwarding engines and the software expertise put into Arista’s Extensible Operating System (EOS), we can now fully replace this legacy architecture with a collapsed routing and switching layer using Arista R Series platforms.  Arista R Series platforms allow for holding a full copy of the Internet routing table for both IPv4 and IPv6 in hardware (the Forwarding Information Base, or FIB) with plenty of...
Continue reading →

Management SFP port configuration

Description This article describes speed configuration for the management SFP port. Platform compatibility DCS-7300-SUP2 DCS-7300-SUP2-D DCS-7368-SUP DCS-7368-SUP-D DCS-7800-SUP Configuration The user may configure the management SFP port’s speed to either “auto” or “forced 1000full”. The default value is “auto”. switch(config)#interface ma1/2 switch(config-if-Ma1/2)#speed forced 1000full Show Commands The port’s configuration settings can be seen using the following command. switch(config-if-Ma1/2)#show interface ma1/2 status Port Name Status Vlan Duplex Speed Type Flags Encapsulation Ma1/2 connected routed full 1G 1000BASE-T Limitations The speed “forced 1000half” is not supported. Attempts to set the speed to this value will result in a silent failure. The port’s...
Continue reading →

“Show Interfaces Interactions” CLI Command

Description The ‘show interfaces interactions’ command aims to provide users a resource that explains various relationships between ethernet interfaces. It describes interactions in which a configuration on an interface causes another set of interfaces to become inactive or have reduced capabilities. Examples include a primary interface consuming subordinate interfaces to service a four-lane speed or platform restrictions that require four interfaces of a port to operate at the same speed. Platform Compatibility With the EOS-4.21.3F release, the command is supported on the following products: 7280QR-C72 7280QRA-C36S With the EOS-4.23.1F release, the command is supported on the following products: 7060DX4-32 7060PX4-32...
Continue reading →

Hybrid cloud connectivity with Arista’s Extensible Operating System (EOS) and Amazon Web Services (AWS)

Motivation The term Hybrid Cloud is not clearly defined but the most common definition is a scenario where a customer wants to combine resources in their own data centre (the private cloud) with resources in the public cloud. To allow these services to communicate, a connection between the two cloud environments needs to be established. Most cloud providers offer two options: An Internet Protocol Security (IPsec)-based Virtual Private Network (VPN) connection using the Internet as a transport media and a private link using dedicated lines or equivalent technology. In this article, we cover the VPN based approach using EOS-based services...
Continue reading →

ClearPass TACACS+ Authorization with CVP

ClearPass TACACS+ Authorization with CVP Introduction The purpose of this article is to learn how to correctly set up the TACACS+ service in Aruba ClearPass in order to successfully authenticate on the CVP GUI as a network admin. Our goal is to configure ClearPass Policy Manager [CPPM] to send us the cvp-roles=network-admin attribute in the TACACS+ Authorization reply packet. By default this does not happen, because cvp-roles is a custom attribute that has to be added to the TACACS+ dictionary on any type of TACACS+ implementation. Without this, the default role of network-operator will be allocated to the user, that...
Continue reading →

Candidate Configuration and Active Configuration type features?

Hi Forum, In the linux world I work with text files, I edit then (submit to source control on occasion, I might even write an ansible role), then hang up a process and I have a new personality of the device. Is there an existing feature within EOS or a planned features that supports this type of action? Or is the view that with effective out of band management it’s all a bit unnecessary? My own practical experience is, sadly, I get a load of blockers for out of band (security, cost etc) and I have to “get on with...
Continue reading →

Arista Any Cloud Platform – Security Use Case

Introduction In this document we will demonstrate how to effectively leverage Arista’s vEOS Router in a Transit – Edge VPC model to satisfy a common security use case. As most companies look to move into the public cloud space, security vulnerabilities have gained more focus than ever before. Objective Provide a centralized security model within an AWS region, which will allow for ease of visibility and control. Deploying separate AWS Internet Gateways in every VPC, increases complexity and vulnerabilities in the public cloud space.  Prerequisites This document assumes that you have the following architecture deployed: A Transit – Edge VPC topology deployed...
Continue reading →

Arista 7280R Series 40G/100G systems Multi-Speed Port Configuration

Overview In high performance leaf and spine networks the Arista 7280R Series enables a high level of flexibility with a common consistent architecture, with a choice of 1RU and 2RU fixed systems, 10G to 100G interface speeds and port density up to 72 ports of 40G and 60 ports of 100G. The 7280R Series include the ability for enabling multiple speeds on QSFP ports, with a per interface configuration that is optimized for the maximum overall system flexibility. On some members of the 7280R Series to maximise the total system port count, and at the same time facilitate the most...
Continue reading →

Changing the switchport default mode

By default all ports on an Arista switch are configured to be switch ports, as you would expect. If you are mostly dealing with routed ports, this behaviour may not be totally desirable. Starting in EOS-4.18.0, this behaviour is configurable e.g. we can have all interfaces in routed mode by default. switch1...11:10:56(config)#show run int et 1-4interface Ethernet1interface Ethernet2interface Ethernet3interface Ethernet4switch1...11:11:00(config)#show interface Et1-4 switchport | i Name|Switchport:Name: Et1Switchport: EnabledName: Et2Switchport: EnabledName: Et3Switchport: EnabledName: Et4Switchport: Enabled To change the default, simply issue the configuration command switchport default mode routed As you can see, all interfaces are now in routed mode by default:...
Continue reading →

VM Tracer configuration on a layer 2 switch

Introduction There are many network architectures, which include a separate network for out-of-band management. All Arista switches come with at least one designated management interface that is VRF-aware. When VM Tracer is configured on an Arista switch, by default, vCenter communication will be sourced from the management interface. There are situations where a layer 2 switch has the management interface configured in a separate VRF, not reachable from the vCenter network segment.  Objective Create reachability to vCenter from layer 2 switches that have the management interface configured in a separate VRF, not reachable from the vCenter network segment.  Prerequisites Proper VM Tracer configuration...
Continue reading →

Arista 7280QR-C36 Load Balancing Optimization for Dual Homed Systems and Networks

Arista 7280QR-C36  The Arista DCS-7280QR-C36 switch is a purpose built flexible fixed configuration 1RU system capable of supporting a wide range of interface choices. Its designed for the highest performance environments such as IP Storage, Content Delivery Networks, Data Center Interconnect and IP Peering. The 7280QR-C36 is optimized for environments with dual connected nodes such as storage and for spine applications with dual homed leaf switches. This technical application note describes the internal optimized load-balancing mechanism used within the switch and how network architects can best deploy this system to maximize overall system performance. The internal architecture of the DCS-7280QR-C36...
Continue reading →

Enabling Passive/Transparent Devices for PTP Multicast Routing

Why is PTP Multicast Routing Needed? PTP is a highly precise time protocol, the best practice for PTP is to introduce devices as PTP-Transparent (vs Passive) if the device is L3 and does not act as Boundary Clock. Any introduction of PTP-Passive devices in the path reduces the accuracy of the protocol. Both Transparent and Passive devices require additional configuration in order to forward the PTP stream. If a device must also manage a control-plane flow (and hence has a dependency on the control traffic), this can also reduce the accuracy of PTP.  Due to this, and as the capability for a...
Continue reading →

MLAG ISSU

Overview MLAG ISSU (In-Service Software Upgrade) upgrades EOS software on one MLAG peer with minimal traffic disruptions on active MLAG interfaces and without changing the network topology. Note: Traffic impact could be seen for orphan links, active partial links and packets in flight MLAG considerations before upgrade I. Check for configuration inconsistencies Following features should be configured consistently on each switch: VLANs Switchport configuration on port channel interfaces that are configured with an MLAG ID STP configuration (global) In EOS versions 4.15.2F onwards, we can use MLAG configuration check feature: https://eos.arista.com/eos-4-15-2f/mlag-config-check/ II. Resolve ISSU warnings Resolve the following warnings before...
Continue reading →

Config Sessions Tips

Description: This article shows how to implement 4-eyes-principle, task separation and delegation in your network. In this particular example, you can delegate configuration preparation to the operators team, retaining the control to commit the submitted changes, and having a delayed roll-back as a safety network in case something went wrong. Please also refer to the article “How to keep last X startup configs” for further tips on config handling and versioning. Since this article has been published, there have been quite a few improvements to the way EOS handles configurations sessions. Please refer to “Config Checkpoint” and “Config Session Commit...
Continue reading →

How to keep last X startup configs

If you would like to keep track of last 10 (or more, or less) configuration changes, here’s the event-handler code to do that: event-handler config-versioning    trigger on-startup-config action bash FN=/mnt/flash/startup-config; LFN="`ls -1 $FN.*-* | tail -n 1`"; if [ -z "$LFN" -o -n "`diff -I 'last modified' $FN $LFN`" ]; then cp $FN $FN.`date +%Y%m%d-%H%M%S`; ls -1r $FN.*-* | tail -n +11 | xargs -I % rm %; fi    delay 0 Description: Every time the startup config gets changed, this event handler will be executed (“trigger on-startup-config”). You could increase the delay, if you wish, but now it’s engaged immediately...
Continue reading →

VMTracer ESX port configurations

I am configuring a pair of new Arista 7050T switches in MLAG.  My question relates to port configurations for the ports that will connect to the 6 x ESX hosts.  Each host has 2 dual port NICS and 2 vDS (1 for VM and 1 for IPStorage). Each vDS has a single uplink to each NIC(2 in total) and each NIC is connected to both switches. 1. When using vmtracer is the only config I need on the port “vmtracer vmware-esx” and this implements best practices regarding spanning-tree, switchport mode, flow control etc on each port or is this command...
Continue reading →

Intelligent Bootstrap with Arista EOS and ZTPServer

Many customers inquire about how to get started with automation into their operational networks. These conversations tend to revolve around how to reduce the operational expense and risk associated with managing data center networks. In most cases, the general consensus leads to starting automation around the bootstrap process or, in other words, how to find a better way to introduce consistency and agility into the deployment process.  Arista’s early heritage grew from solving real world operational problems that enhance our customers ability to deliver massively scalable data center networks efficiently. Throughout the development process EOS has provided innovative solutions that...
Continue reading →

Introducing Arista EOS Roles for Ansible

This article introduces the newly released Arista EOS role for Ansible.  The Arista EOS role provides a set of Ansible modules that can used in playbooks for automating the configuration of network resources contained in Arista EOS nodes.  The EOS role replaces the existing arista_* modules that are currently available in the Ansible distribution.  The base code that comprises the EOS role has been re-worked from the beginning, influenced by lessons learned from the first generation modules.   In addition, the EOS role now takes advantage of Ansible Galaxy to provide a streamlined distribution mechanism to make getting started with...
Continue reading →

Configuring Port Channel LACP Fallback on Arista Switches

The Port-Channel Fallback mode in Arista switches allows an active LACP interface to establish a Port Channel/LAG before it receives LACP PDU’s from its peer. This feature is useful in environments where customers have Preboot Execution Environment (PXE) Servers connected with a LACP Port Channel to the Ethernet switch.  Since PXE images are very small, many operating systems are unable to leverage LACP during the preboot process.  The Server NICs do not have the capability to run LACP without the assistance of a fully functional OS, and during the PXE process they are independent and have no knowledge of the...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: