IPv6 Policy Based Routing

Policy-Based Routing (PBR) provides the flexibility of routing according to custom-defined policies. This feature will allow IPv6 packets to be redirected to IPv6 or IPv4 destinations. Platform Compatibility DCS-7050X Series DCS-7250X Series DCS-7300X Series Configuration The following example illustrates defining classes for IPv6. Here ACL ‘acl-103’ is used as the match criterion. Packets are checked against the contents of this ACL to determine if they belong to the class. switch(config)# class-map type pbr match-any class3 switch(config-cmap-pbr-class3)# [seq no] match ipv6 access-group acl-103 switch(config-cmap-pbr-class3)# exit Note: The same ACL name can be used for both IPv4 and IPv6. They are differentiated...
Continue reading →

VXLAN Hardware Head End Replication (HER)

Hardware Head End Replication (HW HER) optimizes flooding of inter VTEP broadcast, unknown unicast and broadcast (BUM) traffic by using hardware to perform replication on the supported platform. This is a VXLAN infrastructure feature and is enabled by default on the supported platforms starting EOS version 4.15.3F. Platform compatibility DCS-7050TX Series DCS-7050SX Series DCS-7050QX Series DCS-7300X Series Configuration This feature is enabled by default on supported platforms and does not require any configuration. Show Commands Use following show commands to display HW HER information switch#show interface vxlan 1 Vxlan1 is up, line protocol is up (connected) Hardware is Vxlan Source interface...
Continue reading →

Mirroring to GRE Tunnel and Filtered Mirroring

This article covers two distinct but related features: Filtered Mirroring and Mirroring to GRE Tunnel. Filtered Mirroring allows certain packets to be selected for mirroring, rather than all packets ingressing or egressing a particular port. Mirroring to GRE Tunnel allows mirrored packets to transit a L3 network using GRE encapsulation.  These features can be used together or independently. These advanced mirroring features can be used for more precise and flexible troubleshooting than what is afforded by normal port mirroring. Platform compatibility DCS-7280SE DCS-7500E DCS-7050/7050X DCS-7250X DCS-7300X Configuration Filtered Mirroring Note: To use this feature on the DCS-7280SE and DCS-7500E series,...
Continue reading →

DSCP Rewrite for Bridged traffic

This feature allows the user to remark outgoing IPv4/IPv6 packets with a new DSCP value derived using the global traffic-class to dscp map and trust mode of ingress port. User can enable or disable this feature globally. This feature uses the existing “qos dscp rewrite” and “qos map traffic-class to dscp” CLIs for configuration. If ingress port is cos trusted, incoming COS is mapped to traffic-class ( via cos-to-tc map ). Traffic-class is then mapped to a DSCP value ( via tc-to-dscp map ) which is rewritten at the egress. If ingress port is untrusted, default COS will determine the...
Continue reading →

VXLAN Routing with Overlay VRFs

This document describes VXLAN routing with overlay VRFs on the DCS-7050X platforms. The feature allows users to configure VXLAN SVIs in non-default VRFs. Note that while the overlay SVIs can be in configured in non-default VRFs, the underlay SVI, which provides IP connectivity between VTEPs, must remain in the default VRF. Also, only IPv4 based VXLAN routing is currently supported. This feature makes VXLAN routing more deployable by: Allowing users to configure separate overlay routing domains using VRFs on a per tenant, thereby allowing support for overlapping IP addresses in the overlay.  Allowing users to have a clean separation between underlay...
Continue reading →

On-counter Event Manager

Introduction The EOS Event Manager feature provides the ability to specify a condition and an action to be carried out when that condition is detected. It is a flexible and configurable way to automate the reaction to conditions without the need for a system operator to observe and apply the desired actions manually. The on-counters event handler extension to the Event Manager, provides a framework to specify a condition in the form a logical expression (in Python syntax) to be evaluated at a configured time interval. When the condition is met, an action specified by the user will be carried out. The...
Continue reading →

OSPF auto-cost reference b/w

EOS-4.15.3F adds support for configuring auto-cost in OSPFv3 for routed ethernet interfaces and LAG interfaces. Support for LAG interfaces has also been added in OSPF for this feature. OSPF auto-cost reference-bandwidth allows automating link cost calculation. The link cost is computed as reference bandwidth divided by the link bandwidth, unless the cost is already set on the interface using ‘ipv6 ospf cost’ command. This cost assigned to the interface will override the auto-cost.  Link cost will be set as 1 in the scenario where reference bandwidth value is less than the link bandwidth or the link speed becomes zero due to some reason. Platform compatibility...
Continue reading →

PFC Watchdog Enhancements

PFC watchdog feature enables detection of traffic stuck scenarios caused by PFC storm coming from the neighbor which results in traffic not to leave the switch on that port at that PFC priority. This features also enables to take an appropriate action on such a stuck condition. Action can be either error-disable the port or drop the traffic entering or leaving the port at the stuck PFC priority. Recovery on PFC storm going away is also supported. Monitoring can be supported at a per port level. Actions and timer threshold’s are configurable from CLI. Platform compatibility DCS-7050x Series Configuration PFC watchdog monitoring can be enabled via the following command: Arista(config)# priority-flow-control pause watchdog...
Continue reading →

Selective Q-in-Q

Selective Q-in-Q tunneling feature allows a set of customer VLANs (hereafter referred to as c-vlan(s)) to be tunneled and bridged over a service-provider VLAN (hereafter referred to as s-vlan). By using selective Q-in-Q, we can have multiple s-vlan(s) pushed for different sets of c-vlan(s) which is not possible with normal Dot1Q tunneling. Note : Selective Q-in-Q mapping is applicable only to bridged traffic and is not relevant to L3 routed traffic. Platform compatibility DCS-7280 DCS-7500E Configuration s-vlan(s) should be part of vlan configuration on the DUT Arista(config)#vlan 100,200,300 Configure the interface as trunk and make the interface a member of s-vlan(s) Arista(config)#interface <interface-no> Arista(interface-config)#switchport...
Continue reading →

Egress ACL counters

This feature provides the capability to count the number of packets hitting rules associated to egress ACLs applied to various interfaces in a switch. Platform compatibility DCS-7280E DCS-7500E Configuration Both IPv4 and IPv6 egress ACL counters are enabled by default. Counters for each ACL will be shown only if "statistics per-entry" is enabled in ACL configuration. Arista(config)#ip access-list acl1 Arista(config-acl-acl1)#statistics per-entry Ipv6 egress ACL counters can be enabled/disabled by user by using the following command: Arista(config)# [no|default] hardware counter feature acl in Status Show Commands show ip access-lists [ACL_NAME] shows all the IPv4 ACLs or a specific IPv4 ACL configured in...
Continue reading →

Flow Trend Monitor

This feature enables detection of abnormal system flows (total in vs. out packet counters) by showing packet loss variance across time intervals on a switch. Platform compatibility DCS-7500E DCS-7280 Status Show Commands Show counter events across all time intervals which are currently more than 1 standard deviation apart from a given time interval, the output will look like the following. switch#show hardware counter events ------------------------------------------------------------------------------------------------------------ Interval | Event Name | Chip Name | First | Last | Count | Z-Score | | | Occurrence | Occurrence | | ------------------------------------------------------------------------------------------------------------ 5 Minutes | MacCounters | All | 2015-12-06 12:31:26 | 2015-12-06...
Continue reading →

Drop Counters

With this feature, user can fetch various internal hardware drops info from each switch and isolate the switch or fabric card or SerDes which is seeing abnormal internal drops. EOS aggregates following hardware drops from forwarding ASICs and fabric SerDeses: Adverse drop counters: IptCrcErrCnt,  IngrReplFifoDrop,  UcFifoFullDrop,  DeqDeletePktCnt, RqpDiscardPacketCtr,  RqpPC,  McastDataBuffersDropCtr,  PqpMcastPC, EnqPktCnt,  IngressDiscardCounter,  EgressDiscardCounter,  FabricReceiveCellDiscard, SerdesCrcErrors, DchFifosDiscards, DchReordDiscards, DchFifosMulticastLowDrops, RtpDrhMulticastLowDrops, DchUnreachables, DcmFifosIpDrops, DcmFifosTotalDrops, DclFifosTotalDrops Packet processor counters: dropVoqInPortNotVlanMember, dropVoqInSaEqualsDa, dropVoqInSaMulticast, dropVoqInRpf, dropVoqInIpv6MulticastSource, dropVoqInAcl, dropVoqInNoArp, dropVoqInNullRoute, dropVoqInRouteOverflow, dropVoqInPbr, dropVoqInTunRoute, dropVoqInTunMpls, dropVoqInIpv4ChecksumError, dropVoqInTunGre, dropVoqInIpv6VersionError, dropVoqInIpv4VersionError, dropVoqInTunVxlan, dropVoqInIpv6UnspecifiedDestination, EgressAclDropCounter, The rate at which hardware drops seen in last 1 min, 10 min, 1 hr, 1 day and 1...
Continue reading →

Pause/PFC Frame Mirroring

This feature provides the capability to mirror special L2 control frames, called the Pause or Priority Flow Control (PFC) frames, that are received on a switch interface. The mirror destination can be another interface on the same switch or a remote GRE Tunnel. Filtered mirroring can be used in conjunction with this feature in order to mirror only those Pause/PFC frames that match certain criteria (like opcode or timestamp contained in the packet). Platform compatibility DCS-7050/7050X DCS-7250X DCS-7300X Configuration Pause/PFC mirroring is enabled/disabled by the following steps. 1. By default, Pause/PFC frames are not visible in the switch chip pipeline....
Continue reading →

L3 Default Ports

In our current implementation, on a switch with default startup config or no config, all ports come up in access mode. This could cause some undesired behavior in cases where all the ports are intended to be used as routed ports, as the traffic gets bridged between ports until their config is updated. This feature provides an ability to boot up a switch with all ports in routed mode. Platform compatibility This feature is supported on all platforms Configuration On boot up ZTP (Zero touch provisioning) is enabled by default if the startup config (/mnt/flash/startup-config) is deleted. ZTP can be disabled by setting “DISABLE=True” in ZTP config (/mnt/flash/zerotouch-config)....
Continue reading →

Enhancement to IP in IP Decapsulation

IP in IP decapsulation was first introduced for the supported platforms(below) in EOS version 4.15.0F (IP in IP decapsulation TOI). The enhancement in 4.15.3F will allow users to configure decap-ip in addition to decap-interface under the same decap-group. It allows the user to configure multiple decap IP addresses under one decap-ip CLI line. If the ARP entry is not resolved for the inner destination IP, the incoming encapsulated packet will be punted to the CPU, the outer IP will be removed and the packet will be software forwarded. Platform compatibility DCS-7010 DCS-7050 DCS-7050X DCS-7250X DCS-7300X Configuration (config)ip decap-group foo (config-dg-foo)...
Continue reading →

Routed Port Storm Control

The broadcast queue towards the CPU is shared among all interfaces of the forwarding chip. So broadcast storm on a single port adversely impacts other interfaces of the same chip by potentially dropping even low rate broadcast frames. This feature attempts to mitigate this effect by performing storm control on the broadcast frames for routed ports. With this feature, in the 7280E and 7500E series, broadcast storm is suppressed on routed ports. Broadcast traffic rate above 500Kbps is dropped on routed ports. Configuration There is no configuration required. Broadcast storm control is always effective on routed ports. Troubleshooting The ‘show interfaces counters queue ingress’...
Continue reading →

Port Security: Protect Mode

Port Security: Protect mode (PortSec-Protect) is newly added to the Port Security feature and is designed to restrict the number of MAC addresses that are allowed to send traffic to an interface. Once PortSec-Protect is applied to an interface with a specified address limit of N (default is 1), traffic will only be accepted from the first N MAC addresses that are learned/configured on that interface. The restriction is enforced by way of a MAC ACL, which is programmed as soon as the address limit is reached (note that this is different from Shutdown mode, where the restriction is applied...
Continue reading →

Dynamic Resizing of Nexthop-Groups

Dynamic resizing of nexthop-groups, as the name suggests, is a feature that enables a nexthop-group to dynamically adjust its size in the hardware based on tunnel reachability. If any nexthop entry is added or removed, or there is a change in tunnel resolution, the hardware is automatically programmed with only those entries that are both fully resolved and reachable. In addition, this feature is supported for all nexthop-group types, specifically “ip”, “ipinip”, “gre”, “mpls”, etc. An introduction to Nexthop-groups can be seen in the 4.14.5F TOI. Configuration When configuring a new nexthop-group dynamic resizing will automatically be enabled.  To manually disable this feature append either no size or default size while configuring...
Continue reading →

Instantaneous Queue Depth

The DCS-7280E and DCS-7500E platforms are virtual output queue (VOQ) based architectures where there is a VOQ for all egress ports and traffic classes per ingress chip.  The instantaneous queue length feature provides additional visibility into the virtual output queues by indicating the current depth in bytes of each of the queues.  This can be used as one method for determining if traffic to an egress interface from a particular ingress chip is being affected by congestion within the system. Platform compatibility DCS-7280E DCS-7500E Status Show command The queue length can be seen from the show interfaces queue length command: 7500E(s1)#show...
Continue reading →

NAT Application Gateway

The NAT Application Gateway (ALG) feature allows FTP connections between client-server to be translated using Dynamic NAT. Both Active and Passive forms of FTP are supported. Without this feature enabled, the FTP Data connections will fail because, the PORT command sent from client to server in Active FTP contains IP Address and Port information that are not translated by NAT. This causes the server to initiate a FTP Data connection to untranslated IP of the client, to which there may not be a valid route. With this feature enabled, the IP information inside the PORT command of the control-connection is translated, and an ‘expect’...
Continue reading →