Changing the switchport default mode

By default all ports on an Arista switch are configured to be switch ports, as you would expect. If you are mostly dealing with routed ports, this behaviour may not be totally desirable. Starting in EOS-4.18.0, this behaviour is configurable e.g. we can have all interfaces in routed mode by default. switch1...11:10:56(config)#show run int et 1-4interface Ethernet1interface Ethernet2interface Ethernet3interface Ethernet4switch1...11:11:00(config)#show interface Et1-4 switchport | i Name|Switchport:Name: Et1Switchport: EnabledName: Et2Switchport: EnabledName: Et3Switchport: EnabledName: Et4Switchport: Enabled To change the default, simply issue the configuration command switchport default mode routed As you can see, all interfaces are now in routed mode by default:...
Continue reading →

VXLAN Routing on 7280E, 7500R and 7280R Platforms

The 7500 and 7280 switch series platforms have previously supported VXLAN bridging, which enables stretching of Layer 2 domains across an Layer 3 IP Cloud. In EOS-4.18.0F, VXLAN routing is introduced on these platforms, which provides the capability to route between these stretched Layer 2 domains. In this release, only IPv4 unicast routing is supported in the overlay. In particular, VXLAN Routing is only supported in the Direct Routing mode, where every host is directly attached in the overlay to every VTEP in the network. This requires all VXLAN SVIs for the overlay subnets to be configured on all VTEPs....
Continue reading →

BGP Convergence Timer Improvements

BGP Convergence Overview To avoid hardware updates and route advertisement churn during switch reload or BGP instance start, BGP enters into convergence state where it will wait for all the peers to join and receive all the routes from all the peers. In this phase BGP also waits for IGP protocols to converge before declaring its convergence, this is required for all IBGP sessions to get Established and also for routes learned over IBGP sessions to get recursively resolved via IGP routes. BGP declares convergence when it has received route updates from all its peers, received EOR (End-Of-RIB) markers from...
Continue reading →

BGP Prefix Independent Convergence Enhancements for IBGP

The BGP Prefix Independent Convergence (PIC Edge) is an existing feature that was first introduced in EOS-4.15.0F. This feature refers to fast re-convergence of traffic destined for BGP prefixes on a network event affecting the best path(s) such that the time taken to switch traffic from the active best path(s) to the next best path (i.e. backup path) is independent of the number of prefixes. The above behavior is achieved by pre-programming the best path and alternate backup path in the forwarding agent in steady state. It is supported for both IPv4 and IPv6 address families for default and non-default VRFs....
Continue reading →

Igmp Snooping Proxy

IGMP Snooping Proxy feature is an optimization over IGMP snooping. When IGMP Snooping Proxy is enabled, the switch gathers IGMP reports from downstream hosts by sending queries periodically and updates its local state. Later, when it receives a query from an upstream router, the switch responds with a report immediately based on its local state. When IGMP Snooping Proxy is not enabled, IGMP Snooping floods the query in the VLAN for the hosts to respond with a report and the reports are flooded to ports that are known to have multicast routers. Enabling IGMP Snooping Proxy prevents a sudden burst...
Continue reading →

DHCP for SVI interfaces

Dynamic Host Configuration Protocol (DHCP) is a feature which can be used to provide an IP address to the interfaces on the switch. DHCP can be used to fetch an IP address dynamically from a DHCP server without the administrator needing to configure the IP address manually. Platform compatibility This feature is provided on all platforms Configuration The following configuration can be used under the interface configuration mode to enable or disable this feature [no|default] ip address dhcp An interface is not configured via DHCP by default DHCP is supported on Ethernet, Port-channel, SVI and management interfaces The following sequence...
Continue reading →

Yum support for downloading extensions

EOS Yum support is a feature that allows yum repositories to be configured and saved in the running-config. This allows users to configure repositories that are persistent across reboots and download packages from the repositories. This feature allows an operator to configure a single yum repository and easily deploy extensions and security hot-fixes across all managed switches. Platform compatibility This feature is provided on all platforms Configuration & Usage The following configuration can be used under the configure mode to configure a Yum repository. Arista(config)#management package Arista(config-mgmt-package)#repository <repository-name> Arista(config-mgmt-package-repository-foo)#type yum Arista(config-mgmt-package-repository-foo)#description Network repo Arista(config-mgmt-package-repository-foo)#url http://url/to/my/repo The following is used to...
Continue reading →

Certificate chain and CRL

This is an addition to the SSL certificate and key management feature added in EOS-4.15.0F. Previously, only certificates directly issued by the trusted CA could be configured in an SSL profile. Certificate chaining allows a trusted CA to issue intermediate certificates that will in turn sign other intermediate CAs or the subject certificate. This hierarchical list of certificate going all the way up to the root CA is called the certificate chain. During the TLS handshake, a client will send its peer the entire certificate chain for verification, and vice-versa. The peer only needs to be configured to trust the...
Continue reading →

Transceiver Performance Monitoring and Enhanced Diagnostics

This feature adds support for viewing the Digital Optical Monitoring (DOM) parameters for the optics that support enhanced diagnostics from the CLI. The show commands described later in this document can be used to view the instantaneous values for various PAM4 parameters like Signal-To-Noise Ratio, Residual Inter Symbol Interference, PAM4 Level Transition Parameters, etc. that such optics support. EOS-4.18.0F also introduces the Performance Monitoring feature wherein EOS collects and maintains certain performance statistics over a user-defined time period. EOS stores data for two intervals, the current interval and the most recently completed interval. When the current interval completes, the data...
Continue reading →

TACACS+ RBAC Support

Role-based access control (RBAC) is an approach to regulating access to network resources based on the roles of individual users. Each user has one or more roles. Each role has its own rules which indicate the allowed and denied commands under specified mode. Commands authorization of a user is performed based on these rules. TACACS+ RBAC allows users to configure roles on TACACS servers and rules on switches, which is a much more scalable solution than local RBAC. Roles can be set and modified on the server side once and applied to all switches who connect to the server, instead...
Continue reading →

DCS-7160: ACL based QoS

ACL based QoS marking and policing is supported on DCS-7160 switches. Currently we support IPv4 ACL based QoS via policy-map configuration. The feature can be configured on front panel ports and port-channel interfaces and will be applied to traffic in ingress direction. Platform compatibility DCS-7160-32CQ DCS-7160-48YC6 Configuration Please refer to EOS configuration guide to configure ACL based QoS marking and policing using QoS service-policies. Sample configuration can be found below, Arista(config)#ip access-list acl1 Arista(config-acl-acl1)#permit ip 10.1.1.1/24 any Arista(config-acl-acl1)#exit Arista(config)#class-map match-any class1 Arista(config-cmap-qos-class1)#match ip access-group acl1 Arista(config-cmap-qos-class1)#exit Arista(config)#policy-map policy1 Arista(config-pmap-qos-policy1)#class class1 Arista(config-pmap-c-qos-policy1-class1)#police cir 100 mbps bc 100 kbytes Arista(config-pmap-c-qos-policy1-class1)#set dscp 20...
Continue reading →

Incoming LACPDU Rate-Limit

Incoming LACPDU Rate-Limit on Arista switches allows for errdisabling of ports experiencing a sustained rate of incoming LACPDUs greater than or equal to 10 packets per second. This feature has been introduced in 4.18.0F. Platform compatibility All models supported by EOS-4.18.0F Configuration Incoming LACPDU Rate-Limit is enabled by default, but can be configured on a global or per-port basis. The per-port config will override the global config unless it is set to default. The feature is either enabled or disabled, and currently does not support a user configurable threshold. Global config for LACPDU Rate-Limit can be disabled using: Arista(config)#no lacp...
Continue reading →

LACP on Loopback Interfaces

LACP on Loopback Interfaces allows for Active Port-Channels on one or more interfaces whose link endpoints terminate on the same switch. This feature has been introduced in 4.18.0F and is applicable in custom scenarios where there is a requirement to connect multiple interfaces, back to back, on the same physical switch and form a bundled port-channel. Previously, such a scenario was only possible using a static lag, however, with this feature we introduce the capability to run LACP on such a port-channel which helps with link down discovery via the propagation of LACP PDUs. Platform compatibility All models supported by...
Continue reading →

Enhance “show ip bgp” commands to display age of paths received

The BGP implementation now provides the ability to display the age of paths received for a given prefix using the following CLI show commands when the ‘detail’ option is used show ip bgp show ip bgp [prefix] show ip bgp neighbors [NEIGHBOR_ADDR] received-routes show ip bgp neighbors[NEIGHBOR_ADDR] routes Example: #show ip bgp 0.0.0.0/0 detail BGP routing table information for VRF default Router identifier 10.254.81.1, local AS number 6001 route status: [a.b.c.d] - Route is queued for advertisement to peer. BGP routing table entry for 0.0.0.0/0 Paths: 3 available 65074 65377 65400 10.254.1.4 from 10.254.1.4 (10.254.80.1) Origin IGP, metric 0, localpref...
Continue reading →

BGP AS path prepend using “last-as” keyword

The “set as-path prepend” clause in route-map configuration mode has been enhanced with the addition of the “last-as” keyword, which will prepend the AS path with the specified number of instances of the last AS number in the AS path. Currently, the command only accepts an explicit list of AS numbers to prepend to the AS path. This list may also include one or more “auto” keywords in place of AS numbers, which are replaced by the peer AS number for inbound routes, and the local AS number for outbound routes. By extending some AS paths, this feature enables customers...
Continue reading →

4-Octet BGP AS Specific Extended Communities

The BGP extended communities support within EOS has been enhanced to include support for 4-octet AS Extended BGP Communities (as per RFC5668). This permits 4-octet AS numbers extended-community values to be used in the same manner as 2-octet AS numbers. BGP Extended communities permit the labelling of BGP routing information, permitting administrators filter and manipulate routes based upon the community values. Each extended communities value includes a type field and a value. For the BGP extended community types ‘Two-Octet Route-target’ and ‘Two-Octet Site-of-origin’ the values specified are a 2-octet AS number and a 4-octet local-admin. Two new BGP Extended Community...
Continue reading →

BFD Support for ISIS IPv6

IPv6 support for BFD in ISIS. BFD provides a faster convergence in scaled deployments where using aggressive times may cause scalability issues. This also addresses scenarios which need sub-second hello timers, which is not supported in EOS. Platform compatibility ISIS IPv6 BFD feature is supported on all platforms. Configuration This feature can be configured in two ways. 1.The following command is available under the config-router-isis mode. Arista(config)#router isis <Isis Process ID> Arista(config-router-isis) address-family ipv6 Arista(config-router-isis-af)#[ no | default ] bfd all-interfaces This enables or disables BFD for all ISIS interfaces for ipv6. It is disabled by default. 2. The following...
Continue reading →

BGP Missing Policy Action

The default policy behavior is to permit/accept all routes when a BGP neighbor or peer group is configured with a route-map which is misconfigured (e.g. the route-map is either empty or referencing a non-existing route-map). This type of misconfiguration can go undetected causing undesirable issues (such as hitting the peer max prefix limit). A route-map is considered “empty” when it is referenced by a neighbor or peer group but not defined by the CLI (or perhaps has been deleted). A route-map is considered “non-empty” once a sequence is defined for the route-map. It need not have any match or set...
Continue reading →

BGP Add-Path TX

Introduction BGP Add-Path TX allows for a BGP speaker to advertise multiple paths (instead of a single best-path) for a prefix towards a peering BGP speaker (RFC7911). EOS implemented the BGP Add-Path receiver (RX) functionality in 4.15.XF and is implementing the advertisement (TX) functionality in 4.18.0F. There can be several options for choosing exactly which paths to advertise for a prefix to an Add-Path capable peer: Advertise the best-path (same as not configuring Add-Path) Advertise the best-path and the backup path Advertise ECMP paths Advertise any arbitrary subset of paths using an “Add-Path route-map” Advertise all paths In the 4.18.0F...
Continue reading →

Directed Broadcast

Directed broadcast is method of transfer to send a packet to recipients in a target subnet. This is done by sending a directed broadcast packet as a standard unicast packet until it reaches a switch connected to the target subnet. Then, the packet is broadcast to reach all recipients in the target subnet. Directed broadcast packets are designated by having a IP destination address that is the broadcast address for the target subnet. When a directed broadcast is received, if the receiving switch is not connected to the target subnet, then packet is forwarded as a normal unicast packet. If...
Continue reading →