I was wondering if there any way to execute the reconcile process but backwards; from the switch. I know how to do it from CVP but the plan is to execute remote changes over CLI and then execute the reconcile process to keep consistency between CVP and the switch configuration. Thanks,
Description Traditionally, network image upgrades have been done manually on a device-by-device basis. With Arista’s CloudVision Portal this arduous task has been greatly simplified. Multiple groups of devices can be upgraded with a few simple clicks by modifying the applied image bundle in the Network Provisioning page. The tedious task of manually uploading device images is handled entirely by CVP. For a majority of use cases, the default settings of CVP will not need any sort of modification. However, if device upgrades will be done over slower WAN links it is recommended that the image upload timeout value within CVP...
Continue reading →
Sending Telemetry Data from TerminAttr to Multiple CVP instances Overview This article will explore the ability of the CloudVision Telemetry agent to send data to more than one CloudVision Portal (CVP) instance or CloudVision and a third party application. The configuration used in this lab was also used as part of the “Synchronising CloudVision Portal Configlets with Ansible” POC lab to enable both CloudVision instances to receive Telemetry data from all the switches. The article for “Synchronising CloudVision Portal Configlets with Ansible” can be found here : https://eos.arista.com/synchronising-cloudvision-portal-configlets-with-ansible/ Introduction The Proof of Concept Lab created to demonstrate...
Continue reading →
Hello guys! I’m learning and studying ARISTA programming, could you suggest some book or article to study? Regards, Rodrigo Almeida.
Introduction This document describes a procedure and tooling to reallocate the RAM and CPUs in the DCA-CV-100 in order to maximize the performance of the CVP virtual machine. By scavenging resources from the CVX VM and allocating them to the CVP VM the CVP application can achieve higher scale. Prerequisites The scripts and procedures in this document are first available in CVA Version 2.1.3. In CVA 2.1.3 this procedure only runs on the DCA-CV-100. Procedure Allocating Maximum Resources to the CVP VM Find the script reallocateVM.py in the folder /cva/scripts. Run the script as ./reallocateVM.py --maxCvp This will stop the...
Continue reading →
The CloudVision WiFi (CVW) service is available as a container on the Arista CloudVision platform from its 2019.1.0/Grant release. Once you activate the CVW service, you can configure, monitor, troubleshoot, and upgrade Arista WiFi access points using the cognitive CVW UI. This chapter gives an overview of the CVW containerization on CV and explains how to set up the service. An appendix lists the CLI commands you can run on the CVW service. Overview of CVW on CV The figure below shows a conceptual overview of the Arista CVW solution. As shown in the figure, CVW is containerized within the...
Continue reading →
Introduction This document presents several procedures to reduce the time taken to upgrade CVP between major releases. This can reduce the CVP outage window from 10s of hours to under an hour. The trade off with these procedures is that some or all telemetry data will be discarded. Upgrading from 2018.1.x to 2018.2.x See the 2018.2.x release notes for details on the upgrade process, there are other upgrade requirements and restrictions beyond what’s discussed here. When upgrading from 2018.1.x to 2018.2.x there are two migrations that take place. The first migration is to move the provisioning data from hbase to...
Continue reading →
Introduction This document describes the TerminAttr certificate authentication feature introduced in the CVP 2019.1.0 release. TerminAttr Authentication with CVP Every switch managed by CVP uses TerminAttr to stream updates to CVP and every one of these TerminAttr connections needs to be authenticated. Authentication is provided via shared key or certificates. Certificate-based authentication provides additional security by (1) eliminating the shared key from the switch’s configuration and (2) by uniquely authenticating each connection between the switch and CVP. Enabling Certificate Authentication In 2019.1.x CVP is configured, by default, to authenticate using shared keys. The TerminAttr certificate authentication can be turned ON...
Continue reading →
Overview The ChangeControl APIs offer a way to programmatically interact with the ChangeControl service on CVP. Description Data Model From the data model perspective a ChangeControl is a collection of stages that could be executed in sequence (series) or simultaneously (parallel). An action is the executable unit of work (for instance Task is an action). Each stage can either have an action or a list of stage_rows. The list of stage_rows are executed in series. A stage_row has a list of stages that are executed in parallel. In summary action: Executable unit of work. stage: ...
Continue reading →
Introduction Script action is a very effective feature to enable customers to add their own custom actions to Change controls. Examples of customized script action could be To check or configure third party devices including other switches, storage devices etc Adding specific checks on Arista devices which isn’t already available as a prebuilt action Interacting with third party messaging systems or git repositories Script and config file CVP supports running only python scripts as a script action. Each script runs in its own container. Uploaded python scripts cannot make any changes to the CVP’s underlying filesystem. We additionally also need...
Continue reading →
Introduction This document describes the BGP Maintenance Mode (MM) and MLAG ISSU Actions for Change Control to support hitless image updates for EOS switches managed by CVP. References The following documents provide some background on EOS’s BGP MM and MLAG ISSU functionality: EOS Users Manual: MLAG EOS Users Manual: MLAG Maintenance EOS Users Manual: BGP Maintenance Mode BGP Maintenance Mode Hitless upgrade with BGP MM is typically achieved by wrapping an Image Upgrade Action with Enter and Exit BGP MM Actions. The basic sequence is shown below where first the device enters MM, executes the task and then exits MM....
Continue reading →
Hello, Im using a REST API Client called Postman to send APIs to CVP. I’m receiving a “401” Response due to failed authentication. I was able to make the API call using the FQDN/web/api/ but I noticed it works only when a user is logged in to the CVP console. If no user is logged in then the API call fails with the failed authentication error. Also, I noticed when I used Postman or any other REST client the CVP console user was logged out automatically. Im doing something simple (a new label). I added the content-type and the authentication...
Continue reading →
Hey everyone, Do we need a special account privilege to download CVP for testing? I have a customer account, but the software download page doesn\’t have any links to CVp download and there is a message indicating that I might not have necessary privileges for downloads. Note: cEOS and vEOS are available for download Any hint? Thanks a lot!
CVP AAA TACACS+ authorization with Cisco ISE Introduction We saw last time how to correctly integrate Aruba ClearPass CPPM with CVP so TACACS+ users can authenticate with the correct network role. The purpose of this document is to show the same for Cisco ISE (successor of ACS) TACACS+. Our goal is to make Cisco ISE send us the cvp-roles=network-admin attribute in the Authorization reply packet. NOTE If you are running CVP versions 2018.2.0 and 2018.2.1 you might hit BUG 345723 due to which in tacacs-provider authorization we are not checking for TAC_PLUS_AUTHOR_STATUS_PASS_ADD flag. We can provide a binary patch...
Continue reading →
Intro Network simulation environments have always been limited to a single compute node, which made the labbing of a full-scale production network an exercise in compromise and trade-offs. At the same time compute resources are cheap and abundant and modern application designs are making use of them by adopting meshed scale-out architectures, treating multiple hosts as a single pool of resources. In this post, we’ll see how (with just a few clicks*) we can build a replica of a real production network, orchestrated by Kubernetes based on information extracted from Arista’s CloudVision Portal (CVP). * Assuming all the prerequisites are met
Introduction There are many advantages to using Arista’s vEOS Router and CloudVision Portal (CVP) in hybrid cloud environments. Among those advantages are: Arista EOS is a proven and stable network operating system used in some of the largest networks in the world. The same EOS that runs on our physical switches also runs in the public cloud. CloudVision Portal provides a common management model for network devices whether running in a customer’s private data center or in public cloud environments. CloudVision Portal provides turn-key automation and real-time telemetry across private and public cloud environments. One of the primary challenges to...
Continue reading →
ClearPass TACACS+ Authorization with CVP Introduction The purpose of this article is to learn how to correctly set up the TACACS+ service in Aruba ClearPass in order to successfully authenticate on the CVP GUI as a network admin. Our goal is to configure ClearPass Policy Manager [CPPM] to send us the cvp-roles=network-admin attribute in the TACACS+ Authorization reply packet. By default this does not happen, because cvp-roles is a custom attribute that has to be added to the TACACS+ dictionary on any type of TACACS+ implementation. Without this, the default role of network-operator will be allocated to the user, that...
Continue reading →
Hi, since CVP 2018.1 introduced the SSL/TLS certificate management to the web ui I wondered if there is also a supported way to change it via the cli on the system itself? I would like to automatically deploy and update the certificates with letsencrypt. Since the renewal happens every few weeks that would be better done via a cron job than by hand in the gui. I guess replacing the file on disk and then restarting nginx is not the best or supported way for our multinode cluster ;) What would you recommend to to besides buying a certificate with...
Continue reading →
What’s the best way of handling error conditions in a python configlet builder? My script takes data from a git repository to generate the configlet, the script validates the data before generating the configuration. If it’s invalid it will need to signal an error to CVP. What’s the best way to do this? I’m thinking I should raise and exception, however this simple test doesn’t seem to do the right thing:- <pre> from cvpServices import CvpErrorimport errorCodes CvpError(errorCodes.CONFIGLET_GENERATION_ERROR, ‘error an error occured’) </pre> Any suggestions?
Arista Cloudvision® Portal (CVP) provides a central point of management for Arista network switches through shared snippets of configuration (configlets) enabling Network Engineers to provision the network more consistently and efficiently. While CVP highlights a graphical user interface for configuration and management of devices, it also includes a full-featured RESTful API that provides all of the same functionality available via the GUI which can be used to automate workflows and integrate with other tools. CVPRAC is a wrapper client for CVP’s RESTful APIs which greatly simplifies usage of the API and more elegantly handles the connections to the CVP nodes....
Continue reading →
