Changing the switchport default mode

By default all ports on an Arista switch are configured to be switch ports, as you would expect. If you are mostly dealing with routed ports, this behaviour may not be totally desirable. Starting in EOS-4.18.0, this behaviour is configurable e.g. we can have all interfaces in routed mode by default. switch1...11:10:56(config)#show run int et 1-4interface Ethernet1interface Ethernet2interface Ethernet3interface Ethernet4switch1...11:11:00(config)#show interface Et1-4 switchport | i Name|Switchport:Name: Et1Switchport: EnabledName: Et2Switchport: EnabledName: Et3Switchport: EnabledName: Et4Switchport: Enabled To change the default, simply issue the configuration command switchport default mode routed As you can see, all interfaces are now in routed mode by default:...
Continue reading →

VXLAN Routing on 7280E, 7500R and 7280R Platforms

The 7500 and 7280 switch series platforms have previously supported VXLAN bridging, which enables stretching of Layer 2 domains across an Layer 3 IP Cloud. In EOS-4.18.0F, VXLAN routing is introduced on these platforms, which provides the capability to route between these stretched Layer 2 domains. In this release, only IPv4 unicast routing is supported in the overlay. In particular, VXLAN Routing is only supported in the Direct Routing mode, where every host is directly attached in the overlay to every VTEP in the network. This requires all VXLAN SVIs for the overlay subnets to be configured on all VTEPs....
Continue reading →

BGP Convergence Timer Improvements

BGP Convergence Overview To avoid hardware updates and route advertisement churn during switch reload or BGP instance start, BGP enters into convergence state where it will wait for all the peers to join and receive all the routes from all the peers. In this phase BGP also waits for IGP protocols to converge before declaring its convergence, this is required for all IBGP sessions to get Established and also for routes learned over IBGP sessions to get recursively resolved via IGP routes. BGP declares convergence when it has received route updates from all its peers, received EOR (End-Of-RIB) markers from...
Continue reading →

BGP Prefix Independent Convergence Enhancements for IBGP

The BGP Prefix Independent Convergence (PIC Edge) is an existing feature that was first introduced in EOS-4.15.0F. This feature refers to fast re-convergence of traffic destined for BGP prefixes on a network event affecting the best path(s) such that the time taken to switch traffic from the active best path(s) to the next best path (i.e. backup path) is independent of the number of prefixes. The above behavior is achieved by pre-programming the best path and alternate backup path in the forwarding agent in steady state. It is supported for both IPv4 and IPv6 address families for default and non-default VRFs....
Continue reading →

Igmp Snooping Proxy

IGMP Snooping Proxy feature is an optimization over IGMP snooping. When IGMP Snooping Proxy is enabled, the switch gathers IGMP reports from downstream hosts by sending queries periodically and updates its local state. Later, when it receives a query from an upstream router, the switch responds with a report immediately based on its local state. When IGMP Snooping Proxy is not enabled, IGMP Snooping floods the query in the VLAN for the hosts to respond with a report and the reports are flooded to ports that are known to have multicast routers. Enabling IGMP Snooping Proxy prevents a sudden burst...
Continue reading →

DHCP for SVI interfaces

Dynamic Host Configuration Protocol (DHCP) is a feature which can be used to provide an IP address to the interfaces on the switch. DHCP can be used to fetch an IP address dynamically from a DHCP server without the administrator needing to configure the IP address manually. Platform compatibility This feature is provided on all platforms Configuration The following configuration can be used under the interface configuration mode to enable or disable this feature [no|default] ip address dhcp An interface is not configured via DHCP by default DHCP is supported on Ethernet, Port-channel, SVI and management interfaces The following sequence...
Continue reading →

Yum support for downloading extensions

EOS Yum support is a feature that allows yum repositories to be configured and saved in the running-config. This allows users to configure repositories that are persistent across reboots and download packages from the repositories. This feature allows an operator to configure a single yum repository and easily deploy extensions and security hot-fixes across all managed switches. Platform compatibility This feature is provided on all platforms Configuration & Usage The following configuration can be used under the configure mode to configure a Yum repository. Arista(config)#management package Arista(config-mgmt-package)#repository <repository-name> Arista(config-mgmt-package-repository-foo)#type yum Arista(config-mgmt-package-repository-foo)#description Network repo Arista(config-mgmt-package-repository-foo)#url http://url/to/my/repo The following is used to...
Continue reading →

Certificate chain and CRL

This is an addition to the SSL certificate and key management feature added in EOS-4.15.0F. Previously, only certificates directly issued by the trusted CA could be configured in an SSL profile. Certificate chaining allows a trusted CA to issue intermediate certificates that will in turn sign other intermediate CAs or the subject certificate. This hierarchical list of certificate going all the way up to the root CA is called the certificate chain. During the TLS handshake, a client will send its peer the entire certificate chain for verification, and vice-versa. The peer only needs to be configured to trust the...
Continue reading →

Transceiver Performance Monitoring and Enhanced Diagnostics

This feature adds support for viewing the Digital Optical Monitoring (DOM) parameters for the optics that support enhanced diagnostics from the CLI. The show commands described later in this document can be used to view the instantaneous values for various PAM4 parameters like Signal-To-Noise Ratio, Residual Inter Symbol Interference, PAM4 Level Transition Parameters, etc. that such optics support. EOS-4.18.0F also introduces the Performance Monitoring feature wherein EOS collects and maintains certain performance statistics over a user-defined time period. EOS stores data for two intervals, the current interval and the most recently completed interval. When the current interval completes, the data...
Continue reading →

TACACS+ RBAC Support

Role-based access control (RBAC) is an approach to regulating access to network resources based on the roles of individual users. Each user has one or more roles. Each role has its own rules which indicate the allowed and denied commands under specified mode. Commands authorization of a user is performed based on these rules. TACACS+ RBAC allows users to configure roles on TACACS servers and rules on switches, which is a much more scalable solution than local RBAC. Roles can be set and modified on the server side once and applied to all switches who connect to the server, instead...
Continue reading →

XP: ACL based QoS

ACL based QoS marking and policing is supported on DCS-7160 switches. Currently we support IPv4 ACL based QoS via policy-map configuration. The feature can be configured on front panel ports and port-channel interfaces and will be applied to traffic in ingress direction. Platform compatibility DCS-7160-32CQ DCS-7160-48YC6 Configuration Please refer to EOS configuration guide to configure ACL based QoS marking and policing using QoS service-policies. Sample configuration can be found below, Arista(config)#ip access-list acl1 Arista(config-acl-acl1)#permit ip 10.1.1.1/24 any Arista(config-acl-acl1)#exit Arista(config)#class-map match-any class1 Arista(config-cmap-qos-class1)#match ip access-group acl1 Arista(config-cmap-qos-class1)#exit Arista(config)#policy-map policy1 Arista(config-pmap-qos-policy1)#class class1 Arista(config-pmap-c-qos-policy1-class1)#police cir 100 mbps bc 100 kbytes Arista(config-pmap-c-qos-policy1-class1)#set dscp 20...
Continue reading →

Incoming LACPDU Rate-Limit

Incoming LACPDU Rate-Limit on Arista switches allows for errdisabling of ports experiencing a sustained rate of incoming LACPDUs greater than or equal to 10 packets per second. This feature has been introduced in 4.18.0F. Platform compatibility All models supported by EOS-4.18.0F Configuration Incoming LACPDU Rate-Limit is enabled by default, but can be configured on a global or per-port basis. The per-port config will override the global config unless it is set to default. The feature is either enabled or disabled, and currently does not support a user configurable threshold. Global config for LACPDU Rate-Limit can be disabled using: Arista(config)#no lacp...
Continue reading →

LACP on Loopback Interfaces

LACP on Loopback Interfaces allows for Active Port-Channels on one or more interfaces whose link endpoints terminate on the same switch. This feature has been introduced in 4.18.0F and is applicable in custom scenarios where there is a requirement to connect multiple interfaces, back to back, on the same physical switch and form a bundled port-channel. Previously, such a scenario was only possible using a static lag, however, with this feature we introduce the capability to run LACP on such a port-channel which helps with link down discovery via the propagation of LACP PDUs. Platform compatibility All models supported by...
Continue reading →

Enhance “show ip bgp” commands to display age of paths received

The BGP implementation now provides the ability to display the age of paths received for a given prefix using the following CLI show commands when the ‘detail’ option is used show ip bgp show ip bgp [prefix] show ip bgp neighbors [NEIGHBOR_ADDR] received-routes show ip bgp neighbors[NEIGHBOR_ADDR] routes Example: #show ip bgp 0.0.0.0/0 detail BGP routing table information for VRF default Router identifier 10.254.81.1, local AS number 6001 route status: [a.b.c.d] - Route is queued for advertisement to peer. BGP routing table entry for 0.0.0.0/0 Paths: 3 available 65074 65377 65400 10.254.1.4 from 10.254.1.4 (10.254.80.1) Origin IGP, metric 0, localpref...
Continue reading →

BGP AS path prepend using “last-as” keyword

The “set as-path prepend” clause in route-map configuration mode has been enhanced with the addition of the “last-as” keyword, which will prepend the AS path with the specified number of instances of the last AS number in the AS path. Currently, the command only accepts an explicit list of AS numbers to prepend to the AS path. This list may also include one or more “auto” keywords in place of AS numbers, which are replaced by the peer AS number for inbound routes, and the local AS number for outbound routes. By extending some AS paths, this feature enables customers...
Continue reading →

4-Octet BGP AS Specific Extended Communities

The BGP extended communities support within EOS has been enhanced to include support for 4-octet AS Extended BGP Communities (as per RFC5668). This permits 4-octet AS numbers extended-community values to be used in the same manner as 2-octet AS numbers. BGP Extended communities permit the labelling of BGP routing information, permitting administrators filter and manipulate routes based upon the community values. Each extended communities value includes a type field and a value. For the BGP extended community types ‘Two-Octet Route-target’ and ‘Two-Octet Site-of-origin’ the values specified are a 2-octet AS number and a 4-octet local-admin. Two new BGP Extended Community...
Continue reading →

BFD Support for ISIS IPv6

IPv6 support for BFD in ISIS. BFD provides a faster convergence in scaled deployments where using aggressive times may cause scalability issues. This also addresses scenarios which need sub-second hello timers, which is not supported in EOS. Platform compatibility ISIS IPv6 BFD feature is supported on all platforms. Configuration This feature can be configured in two ways. 1.The following command is available under the config-router-isis mode. Arista(config)#router isis <Isis Process ID> Arista(config-router-isis) address-family ipv6 Arista(config-router-isis-af)#[ no | default ] bfd all-interfaces This enables or disables BFD for all ISIS interfaces for ipv6. It is disabled by default. 2. The following...
Continue reading →

BGP Missing Policy Action

The default policy behavior is to permit/accept all routes when a BGP neighbor or peer group is configured with a route-map which is misconfigured (e.g. the route-map is either empty or referencing a non-existing route-map). This type of misconfiguration can go undetected causing undesirable issues (such as hitting the peer max prefix limit). A route-map is considered “empty” when it is referenced by a neighbor or peer group but not defined by the CLI (or perhaps has been deleted). A route-map is considered “non-empty” once a sequence is defined for the route-map. It need not have any match or set...
Continue reading →

BGP Add-Path TX

Introduction BGP Add-Path TX allows for a BGP speaker to advertise multiple paths (instead of a single best-path) for a prefix towards a peering BGP speaker (RFC7911). EOS implemented the BGP Add-Path receiver (RX) functionality in 4.15.XF and is implementing the advertisement (TX) functionality in 4.18.0F. There can be several options for choosing exactly which paths to advertise for a prefix to an Add-Path capable peer: Advertise the best-path (same as not configuring Add-Path) Advertise the best-path and the backup path Advertise ECMP paths Advertise any arbitrary subset of paths using an “Add-Path route-map” Advertise all paths In the 4.18.0F...
Continue reading →

Directed Broadcast

Directed broadcast is method of transfer to send a packet to recipients in a target subnet. This is done by sending a directed broadcast packet as a standard unicast packet until it reaches a switch connected to the target subnet. Then, the packet is broadcast to reach all recipients in the target subnet. Directed broadcast packets are designated by having a IP destination address that is the broadcast address for the target subnet. When a directed broadcast is received, if the receiving switch is not connected to the target subnet, then packet is forwarded as a normal unicast packet. If...
Continue reading →

ISIS ignore attach bit

The default behavior of a level-1 router running IS-IS is to install a default route to a level-1-2 router present in a different area after it finds the attach-bit set in the incoming LSPs from a level-1-2 router. Sometimes this behavior may not be desired and the user might wish for IS-IS on level-1 router to ignore the attach-bit in the incoming LSPs and skip installing a default route to the level-1-2 router. Platform compatibility ISIS ignore attach bit feature is supported on all platforms. Configuration The following command is available under the config-router-isis-af mode. Arista(config)#router isis <Isis Process ID>...
Continue reading →

BGP Fallback AS

BGP Fallback AS offers the ability for BGP peering relationships be established with either the local-as or the router-as. This assists in deployments where the peer AS is expected to change as it avoids the need for concurrent configuration updates. For example, if a service provider is updating their ASN from <old-ASN> to <new-ASN>, peers must make corresponding changes to their eBGP configuration to accept the new value. This will involve configuration updates on both sides of the peering relationship. If the updates are not co-ordinated, connectivity may be lost. With fallback AS, the service provider can configure their BGP...
Continue reading →

OSPF Max LSA Retransmission Threshold

The OSPF Max LSA Retransmission Threshold feature adds a configurable limit to the number of LSA update retransmissions. OSPF sends LSA updates to its OSPF neighbors in a Link State Update packet. The neighbor acknowledges that it received and accepted the LSA update by sending a LSA Acknowledgment in a Link State Acknowledgement packet. If a LSA acknowledgment is not received in the configured retransmit interval from a neighbor, OSPF retransmits the LSA update to that neighbor. Retransmissions will continue until an acknowledgement is received or the maximum retransmission limit is reached. When the limit is reached for a neighbor,...
Continue reading →

OSPF Non Stop Forwarding

Introduction The OSPF Non Stop Forwarding (NSF) feature adds support for Graceful OSPF Restart (IETF RFC 3623). When OSPF Graceful Restart (GR) is configured, a Smart System Upgrade (SSU), redundancy switchover from active to standby supervisor, or a restart of the OSPF software should be hitless. Neighboring routers continue to forward traffic to the restarting router, and traffic forwarding through the restarting router continues without loss. If GR is successful, router downtime should be completely transparent to network applications. NSF allows the router to retain its hardware routing tables (Forwarding Information Base/FIB) and continue forwarding utilizing those tables while routing...
Continue reading →

Storm Control: Rate limiting unknown unicast packets

  Introduction A traffic storm is a flood of packets entering a network, resulting in excessive traffic and degraded performance. Storm control prevents network disruptions by limiting traffic beyond specified thresholds on individual physical LAN interfaces. Storm control monitors inbound traffic levels over one-second intervals and compares the traffic level with a specified benchmark. The storm-control command configures and enables storm control on the configuration mode physical interface. Unknown unicast storm control is another mode added to the existing storm control command. This mode provides the capability to rate limit unknown unicast traffic to a user configurable value in pps...
Continue reading →

DirectFlow

DirectFlow runs alongside the existing layer 2/3 forwarding plane, enabling a network architecture that incorporates new capabilities, such as TAP aggregation and custom traffic engineering, alongside traditional forwarding models. DirectFlow allows users to define flows that consist of match conditions and actions to perform that are a superset of the OpenFlow 1.0 specification. DirectFlow does not require a controller or any third party integration as flows can be installed via the CLI. Platform compatibility DCS-7010T DCS-7010T-DC DCS-7050S DCS-7050T-36 DCS-7050T-52 DCS-7050T-64 DCS-7050TX DCS-7050SX DCS-7050QX DCS-7260QX-64 DCS-7060CX-32S DCS-7060CX2-32S DCS-7250QX DCS-7260CX DCS-7300X DCS-7320X Configuration Directflow supports flow configuration at different stages of the...
Continue reading →

WRED Support on Trident2

WRED ( Weighted Random Early Detection ) is one of the congestion management techniques. It works at queue level to drop packets randomly after crossing given queue threshold even before queue is full. Without WRED, all newly arriving packets get tail dropped once the queue is full, which creates TCP global synchronization issue. WRED helps to avoid TCP global synchronization. Platform compatibility DCS-7050X DCS-7300X DCS-7250X Configuration This is configured at interface’s tx-queue level. The drop profile is defined by minimum-threshold, maximum-threshold and drop-probability. The units for thresholds can be given in segments ( 1 segment is equivalent to 208 bytes on T2...
Continue reading →

Aggregate Storm Control per Traffic Class

Introduction Aggregate storm-control with traffic-class option provides the capability to rate limit BUM( Broadcast, Unknown-unicast, Multicast ) traffic to user configurable value in pps( minimum value can go to 1 pps ) per traffic-class across all ports in the system. Platform compatibility DCS-7050QX DCS-7050SX DCS-7050TX DCS-7260QX-64 DCS-7060CX-32S Configuration CLI command to configure aggregate storm-control per traffic-class is Arista(config)#[no] storm-control bum aggregate traffic-class <tc> level pps <rate> ‘bum’ means BUM ( broadcast, unknown-unicast, multicast ) traffic. ‘aggregate’ means all ports. This will create a shared policer instance and attach entries corresponding to traffic-class to it. Sample configuration Arista(config)#storm-control bum aggregate traffic-class...
Continue reading →

Per port Per VLAN Qos range

Classification of traffic for QoS policies on a per-port-per-vlan basis is already supported and corresponding information can be found here – http://eos.arista.com/eos-4-17-0f-toi/per-port-per-vlan-qos/. ‘match vlan’ configuration under a class-map helps in programming that configuration. This enhancement to the ‘match vlan’ is to allow configuration for multiple vlans as a range (single range or comma-separated multiple ranges) instead of just vlan and a mask. This feature only works with QoS-based class-maps. Platform compatibility DCS-7010T DCS-7050X DCS-7250X DCS-7260X DCS-7280E, DCS-7280R DCS-7300X DCS-7320X DCS-7500E, DCS-7500R Configuration Please refer to EOS configuration guide to configure ACL policing QoS and per-port-per-VLAN. Once created, policy-maps can be...
Continue reading →

Policy maps under QoS Profiles

QoS profiles have been applicable on fabric and front panel ports across all platforms from EOS 4.17.0F release onwards with support for all interface level QoS configurations. Support for application of a policy-map under QoS profile has now been added in EOS 4.18.0F. The same policy-map can be applied through QoS profile on one interface and directly attached on another. If two policy-maps are applied on an interface through directly and QoS profile, the one applied directly is given more priority and used. Configuration The command to configure a policy-map under qos profile is – Arista(config)#qos profile <qos-profile name> Arista(config-qos-profile-name)#service-policy...
Continue reading →

Explicit Congestion Notification (ECN) Counters

This enhancement is to display the number of packets that were ECN (Explicit Congestion Notification) marked by the switch. The counter value does not include the incoming packets that were already marked. The existing show platform trident counters will now display this counter as an additional item. Platform compatibility DCS-7060X series DCS-7260X series DCS-7320X series Configuration These counters are enabled by default and no configuration is required. Show Commands The command show platform trident counters will display the ECN marked packets value. Arista#show platform trident counters interface ethernet 8 … Ethernet8 TX – ECN marked packets 124 …

SMPTE and AES PTP Profile Support

The SMPTE ST 2059-2:2015 and AES67-2013 standards define PTP profiles specifically developed for synchronization of audio and video streams being transported over an IP network. Each of these PTP profiles leverage the existing IEEE-1588 standards and vendor implementations while defining message rates and management messages unique to the requirements of rapid synchronization of end points for media streams. In this release, we have added support for both PTP profiles on all Arista platforms currently supporting PTP. The following additions were made. Expanded Maximum PTP Message Rates Both SMPTE ST 2059-2:2015 and AES67-2013 define faster message rates than what was previously...
Continue reading →

MLAG Unicast Convergence

On an MLAG chassis we sync the MAC addresses learnt on individual peers and make sure we use the appropriate interface to map the MAC addresses. In case of unexpected events like reloading of one of the peers in the MLAG chassis or flapping of one or more MLAG interfaces, we may observe some loss of traffic. If an MLAG flaps on one peer, then we may have to remap the MAC addresses learned, such that the reachability is via the other peer in the MLAG domain. Until we re-map the MAC addresses and host routes, we may drop some...
Continue reading →

PFC Global Knob

PFC ( Priority-based Flow Control ) is a flow control mechanism used in RDMA environments. PFC provides a link-level flow control mechanism that can be controlled independently for each Class of Service ( Cos ). The PFC global [on|off] knob is a CLI command to enable or disable PFC functionality on the switch globally. This command will apply to all interfaces, including fabric interfaces in the case of multi-chip devices. This feature is supported from EOS-4.18.0F onwards. Functionality PFC configuration will now be honored only when the PFC global knob is enabled. If the PFC global knob is disabled, the...
Continue reading →

Config Session Commit Timer

The Commit Timer mechanism provides a way to automatically rollback changes done by a config session, unless confirmed within a certain interval. This is especially useful when the user commits configuration changes that can potentially cause a network disruption. After issuing a commit timer operation, the user is required to a second commit of that session, to confirm that the changes need to be persisted. If due to any reason (such as network disruption), the user is not able to issue the second commit, the system will automatically rollback to the previous state at the end of the timer. Platform...
Continue reading →

Usage of RADIUS VSAs in Role-Based Access Control

Role-based access control (RBAC) is an approach to regulating access to network resources based on the roles of individual users. Each user has one or more roles. Each role has its own rules which indicate the allowed and denied commands under specified mode. Commands authorization of a user is performed based on these rules. RADIUS RBAC allows users to configure roles and rules by using Vender-Specific Attributes (VSAs) on the RADIUS server side, which is a much more scalable solution than local RBAC. Configurations can be set and modified on the server side once and applied to all switches who...
Continue reading →

Hardware load-balancing for ingress/egress and fabric/egress replication

In ingress/egress and fabric/egress replication mode, on DCS-7280E, DCS-7280R, DCS-7500E and DCS-7500R, Broadcast, Unknown Unicast and Multicast (BUM) traffic is load balanced over LAG members on a per-replication group basis. Distribution of BUM traffic and multicast groups over LAG member ports is decided by software and the hardware is configured accordingly. This would result in following shortcomings: As each replication group is associated with a specific LAG member port, the member port may carry more traffic than other members of the LAG (BUG177895). When a LAG member goes down, the replication groups carried by it are redistributed to other LAG...
Continue reading →