VXLAN Indirect Routing on 7280E, 7280R and 7500R series

In EOS-4.18.0F, VXLAN direct routing was introduced on the 7500R and 7280E/R series platforms. VXLAN routing provides the capability to route between VXLAN Layer 2 domains. In EOS-4.18.1, support for VXLAN Indirect Routing model is added to the 7500R and 7280E/R series platforms. In the Indirect routing model, the destination host is not directly attached to the VTEP(s) where the default gateway functionality is present. This model is called “indirect” because, in this model,  the packet possibly needs to go through multiple hops in the overlay to reach the final destination. It typically involves running routing protocols in the overlay...
Continue reading →

25/50G support on 7500R, 7280R, 7500R2, 7280R2 Series

In EOS-4.18.1, support for 25G/50G is added on 7500R, 7280R, 7500R2 and 7280R2 series. This feature provides forced 25G/50G speed and IEEE802.3 Clause73 auto-negotation (AN) connectivity. This feature allows configuring 25G Consortium AN mode and/or IEEE802.3by AN mode on 25G interface. Platform compatibility DSC-7500R DCS-7280R DSC-7500R2 DSC-7280R2 Configuration Configure forced 25G/50G  speed Arista(config)#interface ethernet 1 Arista(config-if-Et1)#speed forced 25gfull Arista(config)#interface ethernet49/3 Arista(config-if-Et49/3)#speed forced 50gfull Configure 25G/50G AN speed Arista(config)#interface ethernet 1 Arista(config-if-Et1)#speed auto 25gfull Arista(config)#interface ethernet49/3 Arista(config-if-Et49/3)#speed auto 50gfull Configure 25G AN mode Enable IEEE802.3by AN mode only, Arista(config-if-Et1)#phy media 25gbase-cr negotiation standard ieee Enable 25G Consortium AN mode only, Arista(config-if-Et1)#phy media 25gbase-cr negotiation standard consortium Enable...
Continue reading →

MPLS Push

This feature allows the Arista switch to act as the tunnel head for an MPLS tunnel and is exposed through two mechanisms: 1) Static IP routes having a label associated with each route. 2) NexthopGroup of type MPLS. Each NexthopGroup entry can have a single MPLS label associated with it. Platform compatibility DCS-7050X DCS-7250X DCS-7260X DCS-7300X DCS-7260QX DCS-7060CX DCS-7060CX2 DCS-7260CX DCS-7320X-32C-LC Configuration MPLS push route configuration MPLS push routes are configured similar to static IP routes with the addition of the label parameter. The below example configures an IPv4 static MPLS push route with label 12000. Arista(config)#ip route 10.1.2.0/24 10.0.3.7 label...
Continue reading →

Traffic Steering using User-Defined Fields

This article describes the TAP Aggregation User-Defined Fields feature. The purpose of the User-Defined Fields feature is to provide custom offset pattern matching to be used in TAP Aggregation Traffic Steering. This allows for deeper packet inspection of up to 128 bytes. User-Defined Fields, or UDFs, are defined as part of an access-list filter and are comprised of an offset, length and pattern match. This describes a single portion of any incoming packet to match the provided value upon. Access-list filters containing a UDF are then applied as usual as part of a TAP Aggregation Traffic Steering policy. Platform Compatibility DCS-7280E DCS-7280R DCS-7500E...
Continue reading →

TapAgg truncation

EOS-4.18.1F added truncation capability for Tap Aggregation, which allows tapped traffic to be truncated to a smaller size before being transmitted. It can be used to reduce the amount of traffic received by analysis devices, if only the headers are to be analyzed while the payload of the packets is irrelevant or unwanted for practical or legal reasons. An example could be the analysis of packets in a video streaming network where packets would typically have large payloads that are not necessarily useful for the analyzers. Packet truncation can be configured on tap or tool ports: Truncation configured on a...
Continue reading →

Tap Aggregation – Caveats and Limitations

This article describes the known caveats and limitations of the Tap Aggregation feature. Generally, the described limitations are due to available hardware resources and may change between products. As such, the article is arranged to be per-platform. Caveats and Limitations Platform Compatibility DCS-7280SE DCS-7500E Truncation Global Truncation Size: The truncation size is configured globally, not per port Hardware Resource Constraints: Tap ports associated with a given forwarding ASIC can forward to up to 7 unique tool groups when truncation is enabled on the tap port or any member of the tool group. This includes both default tool groups and tool groups...
Continue reading →

SVI blocking for RACLs

When configuring or modifying a RACL applied to a VLAN interface, the VLAN will be blocked while applying the updated RACL.  This will prevent inconsistent forwarding of traffic to or from the VLAN interface while the RACL is being modified.  As with ACLs applied to ports, the default blocking behavior can be overridden using the hardware access-list update default-result permit command. Platform compatibility 7010T 7050Q 7050S 7050T 7050QX 7050SX 7050TX 7060CX 7060CX2 7250QX 7260CX 7260QX 7304 7308 7316 Configuration This feature is the default behavior for ACL configuration. In order to prevent any traffic from being dropped during RACL configuration...
Continue reading →

SNMP MIB support for “show hardware capacity”

Hardware Table Capacity Monitoring is an existing feature to keep track of the capacity and utilization of various hardware forwarding resources and generate alerts/syslogs when the utilization exceeds a threshold value. With SNMP MIB support, Users can use SNMP server to monitor hardware utilization. Whenever utilization exceeds threshold value, Switch sends SNMP traps in addition to alerts/syslogs. The Main use-case would be for troubleshooting in overflow situations and avoid overflows altogether by taking corrective actions on high utilization. Platform compatibility DCS-7280E DCS-7500E DCS-7050SX DCS-7050TX DCS-7050QX DCS-7260CX DCS-7260QX DCS-7160-32CQ DCS-7160-48YC6 DCS-7160-48TC6 Configuration SNMP Configuration EOS supports a growing number of both...
Continue reading →

Sampled Mirroring

Sampled Mirroring is an extension of the Mirroring feature and sampling is a property of the individual mirroring session: when the session’s sample rate N is specified, a packet eligible for mirroring will have a 1/N chance of being mirrored, that is, 1 packet is mirrored for every N packets. Sampled Mirroring is supported for mirroring sessions where Mirroring ACLs are defined: only the incoming packets matching the ACL are subject to sampling. Sampled Mirroring is supported for mirroring sessions where the destination is set to CPU. The Sampled Mirroring feature described in this document provides support for statistical sampled mirroring [as opposed to random...
Continue reading →

Port-security – preserve MACs on link flap/reload

General points Persistent port security is a new feature that is applicable to the port security protect mode (https://eos.arista.com/eos-4-15-3f/portsec/). Persistent port-security is a platform independent feature. Persistent port-security ensures that port-security MAC cache and any restriction applied are preserved across link flap and system reload. No new configuration  or show commands are added for this feature. Please refer to https://eos.arista.com/eos-4-15-3f/portsec/ for existing commands. Clear port-security MAC addresses learned/configured on the interface are persistent, i.e. the port security MAC cache will not be updated when forwarding database entries are changed (e.g. an address aged out or is deleted from configuration). To clean up stale forwarding...
Continue reading →

Packet Time Stamping on the 7500R/7280R/7500E/7280E

Time stamping is an important tool for network engineering and performance analysis. EOS-4.18.1F added header time stamping of all packets received on any tap interface in Tap Aggregation mode at line rate (only supported on the 7500R/7280R/7500E/7280E series). A timestamp is taken on ingress and then inserted in packet headers on egress. Timestamp Format and Placement Three timestamp formats are supported: 64-bit header timestamp; i.e., encapsulated in a L2 header (in EOS-4.18.1F and onward) 48-bit header timestamp; i.e., encapsulated in a L2 header (in EOS-4.20.0F and onward) 48-bit timestamp that replaces the Source MAC (in EOS-4.20.0F and onward) The timestamp format is...
Continue reading →

Overlay IPv6 routing over VXLAN

Overlay IPv6 routing over VXLAN Tunnel is simply routing IPv6 packets in and out of VXLAN Tunnels, similar to VXLAN overlay IPv4 routing. Underlay ( Outer IP Header ) in VXLAN still uses IPv4, and common for both overlay IPv4 and IPv6 . Hence VXLAN configuration remains exactly same for both IPv4 and IPv6 overlay routing support. This feature enables IPv6 networks/hosts get connected through VXLAN Tunnels. Following figure illustrates IPv6 routing followed by VXLAN encapsulation to reach a remote host across the VXLAN tunnel.   Following figure illustrates VXLAN decapsulation and routing of an IPv6 packet. Platform compatibility DCS-7050X DCS-7060X DCS7260X DCS-7050X2 DCS-7250X DCS-7304 / DCS-7308 /...
Continue reading →

OpenStack Enhancements

This release introduces enhancements to the CloudVision eXchange and OpenStack integration. The following features were added as part of this release: OpenStack Ironic Integration OpenStack Keystone v3 support OpenStack DVR support OpenStack Ironic Integration Through OpenStack Ironic integration with Neutron, it is possible to provision bare metal servers that are attached to Arista switches and connect them to tenant networks. All of the features that Arista supports for provisioning networks for VMs is extended to bare metal servers. This includes automatic VLAN-to-VNI mapping and Hierarchical Port Binding. Security groups can be applied as ACLs on switch interfaces connected to bare...
Continue reading →

LANZ Notifying Mode on 7500R, 7280R series

LANZ adds Notifying Mode support for DCS-7500R and DCS-7280R. Notifying Mode provides more granular congestion monitoring with Start, Update, and Stop events. Notifying Mode on DCS-7500R and DCS-7280R supports congestion monitoring on front-panel and CPU ports. The previous behavior of polling the most congested queue per chip is still available in Polling mode, which is enabled by default on the 7500(E/R) and 7280(E/R) series. This document focuses on the differences with the 7500E and 7280E series. Please refer to the existing documentation for configuring and using Notifying Mode. Platform compatibility Platform Polling Mode support Notifying Mode support LANZ enabled by default Default...
Continue reading →

IPv6 Support for Decap Groups

The document describes an extension of the decap group feature, that allows IPv6 addresses to be configured and used as part of a group. IP-in-IP packets with v6 destination matching a configured decap group IP will be decapsulated and forwarded based on the inner header. That will allow any IP-to-IP packet type to be decapsulated, i.e. v4 in v4, v4 in v6, v6 in v4 and v6 in v6. Platform compatibility DCS-7050X DCS-7500X DCS-7260X DCS-7500R DCS-7500E DCS-7280R DCS-7280E Configuration Configuration is similar to IPv4-only decap group. Additional option of configuring IPv6 address is now available after the “decap-ip” keyword. If...
Continue reading →

HSC support for multiple standalone external controllers

External controllers can communicate with HSC (Hardware Switch Controller) running on CVX/EOS using the OVSDB management protocol (RFC 7047) in order to orchestrate a VXLAN L2/L3 overlay network over a physical network of Arista switches. To enable communication with an external controller, its IP address (and, optionally, port number) needs to be configured via the “manager” command in the HSC configuration mode on CVX. Arista# cvx Arista(config-cvx)# service hsc Arista(config-cvx-hsc)#manager <ip> [ port ] Arista(config-cvx-hsc)#no shutdown Prior to EOS 4.18.1F, only a single controller IP was allowed to be configured in the above CLI. If a new controller was configured via...
Continue reading →

EVPN extension to BGP using VXLAN

Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers within a tunnel [1]. In EOS 4.18.1F VXLAN tunnel support is introduced [2]. The available features are: Single-homing L2 routes (EVPN type 2 and type 3), with MLAG used as the L2 multi-homing solution. Multi-homing L2 routes (EVPN type 1 and type 2) are received and installed, with up to two all-active remote paths per destination (additional paths...
Continue reading →

DSCP for CPU generated traffic

The differentiated services code point (DSCP) is a 6 bit field in the IP header, which can be used to mark traffic for providing quality of service (QoS). This feature can be used to set the DSCP value individually for various protocols that are used for network management. All protocol specific traffic leaving the switch will be marked with the configured DSCP value. The supported protocols are RADIUS, TACACS, SNMP, SSH and sFlow. Platform compatibility This feature is provided on all platforms. Configuration The following CLI commands can be used in global configuration mode, to configure the DSCP value for...
Continue reading →

Control WRED threshold for non-ECT packets

This feature is an extension to the Explicit Congestion Notification (ECN) functionality for non-ECN-Capable Transport (non-ECT). It allows the user to configure Weighted Random Early Detection (WRED) thresholds for dropping non-ECT packets, which enables non-ECT packets to participate in WRED congestion avoidance independent of the ECT packets. Platform compatibility DSC-7050X DCS-7250X DCS-7300X Configuration The non-ECT thresholds are configured at an interface’s tx-queue level. The drop profile is defined by minimum-threshold, maximum-threshold, and drop-probability. The units for thresholds can be given in segments, bytes, kilobytes or megabytes. Please note that global config level qos random-detect ecn allow non-ect configuration is needed to allow (and not...
Continue reading →

Coherent Modulation Formats and 7500R-8CFPX-LC

The 7500R-8CFPX-LC linecard with ACO CFP2 optics provides connectivity over DWDM systems and links. 7500R-8CFPX-LC currently only supports connections to other 7500R-8CFPX-LC linecards. 7500R-8CFPX-LC when used with Linear CFP2-ACO supports three modulation formats allowing three different combinations of reach and data rate as required by the application. Enhancements for 7500R-8CFPX-LC Modulation Formats Capabilities The show interfaces capabilities command has been enhanced to show the available modulations for coherent interfaces. Arista#show interfaces Ethernet4/1/1-4/2/1 capabilities Ethernet4/1/1  Model:        7500R-8CFPX-LC  Type:         100G-DWDM-E  Speed/Duplex: 100G/full(default)  Flowcontrol:  rx-(off,on),tx-(off)  Error Correction:     Reed-Solomon: 100G  Modulation:   DP-QPSK,8QAM,16QAM(default) Ethernet4/1/2  Model:        7500R-8CFPX-LC  Type:         100G-DWDM-E  Speed/Duplex: 100G/full(default)...
Continue reading →