Tag :: TOI

The traffic steering policies used in tap aggregation mode allow steering traffic from tap to tool ports using ‘set

This article describes a new TAP Aggregation TCAM profile and a corresponding enhancement to the TAP Aggregation

This article describes the Tap Aggregation Traffic Steering on MPLS Labels feature. The purpose of this feature is to

This TOI briefs the commands related to the traffic steering policies used in Tap Aggregation. These commands

As of EOS 4.15.0F, there are two general enhancements to Tap Aggregation on the 7500E platform in 4.15.0F:

As of 4.15.0F, tap aggregation can be configured in conjunction with other switching and routing features.  This

The Tap Aggregation Manager (TAM) is a GUI front end for configuring and monitoring Tap Aggregation features of

In TAP Aggregation mode, configuration options are provided to handle special packet types. When receiving a packet whose Frame Check Sequence (FCS) is corrupted, the default behavior is to replace the bad FCS with the correct value and forward it. Configuration options are available to control the FCS behavior, such as to discard errors, pass through the bad FCS, or append a new FCS.

This feature comprises two parts:

To extend Traffic Steering to Nexthop Groups (GRE) by allowing us to specify one or more nexthop groups of type DzGRE (DANZ GRE) as the destination for a TAP aggregation steering policy. A DzGRE header will be encapsulated to the packets sending out a nexthop group of type DZGRE.

Traffic steering to nexthop groups allows specifying one or more nexthop groups as the destination, either by default for a TAP port or for a TAP aggregation steering policy. Traffic steering is a TAP aggregation process that uses class maps and policy maps to direct data streams received on TAP ports. A nexthop group is a data structure that defines a list of nexthop addresses and a tunnel type for packets routed to the specified address.

This article describes the addition of a show command to display the mapping between tap and tool ports on a per

Media Access Control Security (MACsec) is an industry standard security technology that provides secure

This document describes the truncation capability for Tap Aggregation, which allows tapped traffic to be truncated to a smaller size before being transmitted.

With the 13.0 release, you can enable Target Wake Time(TWT) from CloudVision Cognitive Unified Edge (CV-CUE). TWT is one of the advanced features of Wi-Fi 6. It enables access points (AP) and stations (STAs) to negotiate schedules for active and sleep durations.

DMF 8.7.0 introduces an updated dashboard for analyzing TCP Flows from Dapper. The DMF Analytics Node (AN) displays TCP Window, Network Loss, Zero Window, RTT vs Sender Reaction Time for flows or select Flow from TCP Health Flows.

BGP routing information often contains more than one path to the same destination network. The BGP best-path selection algorithm determines which of these paths should be considered as the best path to that network.

Topology Independent Fast Reroute, or TI-LFA, uses OSPF SR to build loop-free alternate paths along the post-convergence path. These loop-free alternates provide fast convergence.

Before release 4.34.0F traffic in Port Mode PW was always classified based on COS-To-TC global map irrespective of trust mode. This feature allows users to classify traffic in accordance with trust mode, default CoS and default DSCP of the interface.

This feature enables applying traffic policies on incoming traffic and redirecting the traffic to a nexthop other than the one the routing logic would choose. This essentially overrides the routing logic decision. If there is no rule matching the packet, the packet is sent to the routing logic to be routed.

This article describes the TAP Aggregation User Defined Fields feature. The purpose of the User Defined

This feature introduces a slot level CLI command for SFP transceivers. When configured, EOS will only manage the transceiver via the low speed hardware pins. The command is intended to be used in situations where SMBUS communication to access transceiver EEPROM is not reliable, which would normally lead to EOS disabling the port. Enabling this feature ignores any EEPROM dependent functionality and only turns on the laser, which may allow the link to come up when the default factory settings for both ends of the link are compatible.

This feature adds support for viewing the Digital Optical Monitoring (DOM) parameters for the optics that support

The feature introduces a CLI command for transceiver reinitialization, simulating a physical removal and reinsertion of the transceiver. This is a great feature for remote troubleshooting, when physical access is not possible or convenient. To configure, issue the CLI command "transceiver reinitialize slot" in exec mode. The command takes effect immediately, toggles the reset pin and initiates a transceiver initialization sequence.

When the system exhausts ECMP resources, the Transient ECMP feature enables route programming through a single available next-hop from the original ECMP route. Once the system can program the full ECMP route, the transient ECMP route is removed after successfully installing the ECMP route.

The following describes LAG hashing for L2GRE and VXLAN transit traffic on Arista 7050X4 platforms: For L2GRE transit traffic, LAG hashing uses only the encapsulated (inner) packet header fields. There is no option to use underlay (outer) packet header fields. When the encapsulated packet is IP, the system uses the IP parameters configured with hash ipv4 or hash ipv6 for hashing.

UDF is an important DMF feature that matches customized fields in packet payloads for network traffic filtering on the Arista 7050X4 Series. Only supports IPv4 traffic UDF filtering, Maximum UDFs per rule: 6 UDFs.

As of EOS 4.15.2F, the support for the tuning of tunable DWDM 10G SFP+ transceivers (10GBASE DWDM) is added.

DMF 8.7.0 introduces an updated dashboard for viewing tunnel traffic. The widgets display traffic distribution by tunnel type using sFlow traffic categorized by a combination of Ethernet Type, Protocol, and L4 ports. Recognized tunnels include:

4.21.3F introduces support for the feature on the platforms listed below. The TOI describing the feature support on different versions/platforms is available here. 

The BGP labeled unicast (LU) RFC is used to advertise BGP routes with a stack of MPLS labels, thereby allowing

Trident2 is a Switch on Chip (SoC) single chip with support for up to 1280Gbps of forwarding capacity (oversubscribed

This feature provides a configuration option to disable egress IPv4 RACL sharing allowing for uRPF to be configured.

Unidirectional links is a feature that configures an Ethernet interface transmit and receive paths to be independent. Specifically, the transmit path can be up or down independent of the receive path being up or down.

The Unified Forwarding Table (UFT) is a group of memories that is shared between Layer2 and Layer3 lookup tables with capabilities for variable partitions. Rather than separate Layer2 and Layer3 lookup tables of fixed size, the UFT may be partitioned to support user-requested combinations of Layer2 and Layer3 lookup tables of varying sizes. The new UFT partitioning CLI has capabilities to reconfigure individual forwarding table scales (Layer2, Layer3 Unicast, Layer3 Multicast) according to the user’s input. The CLI provides an interface for granular control of the underlying UFT resources.

With the 13.0 release, CloudVision Cognitive Unified Edge (CV-CUE) lets you configure Unique PSK (UPSK) for client authentication. UPSKs allow users  to connect to the same SSID using a unique PSK which is user specific. UPSK provides added security as compared to single PSK because single PSKs are easily compromised.

With the 15.0 release, CloudVision Cognitive Unified Edge (CV-CUE) introduces the following enhancements to the Unique-PSK(UPSK) workflow:

With the 12.0 release, you can check for available upgrades and upgrade your server to the latest version of CloudVision Cognitive Unified Edge (CV-CUE).  Only a Superuser  can initiate a server upgrade.

CVA 6.x may be upgraded to CVA 7.0 with an upgrade launcher. The launcher is an interactive executable that is run on the CVA system that is to be upgraded, and performs several functions Staging of an appropriate upgrade image for autoinstall

With the 16.0 release, you can authenticate edge devices from a centrally managed network access control server using the 802.1X authentication. As a network administrator, you want to authenticate the access points (APs), before the APs connect to the network. To enable the authentication, you need to first configure the uplink port on the AP using CV-CUE.

This feature adds the capability to import as path access-list from a URL, in release 4.20.1F. The file specified by the URL can contain one or more as-path access-list entries. All the entries that are in the file are added to the as-path access-list being configured. This feature gives the advantage of using one EOS CLI command to configure many as-path access-list entries, instead of adding each one of them line by line in the CLI.

Role based access control (RBAC) is an approach to regulating access to network resources based on the roles of

Packets which exceed the L2 Maximum Transmission unit (MTU) in EOS are dropped. The value of the L2 MTU is configurable for each Ethernet or Port-channel interface.

This article describes how to customize TCAM ( Ternary Content Addressable Memory ) lookup for each feature which uses TCAM.

User-defined TPIDs allows an arbitrary TPID (Tag Protocol Identifier) to be used with a FlexEncap specification. A TPID is used in Ethernet frames to identify the encapsulation protocol, where standard values like 0x8100 (for IEEE 802.1q VLAN tagging) and 0x88a8 (for IEEE 802.1ad Q-in-Q) are commonly used. However, some network equipment may use non-standard or legacy values such as 0x9100. This feature allows FlexEncap subinterfaces to be configured with an arbitrary TPID to allow interfacing with networking equipment that uses values besides 0x8100 and 0x88a8.

This feature expands Multi Domain EVPN VXLAN to support an Anycast Gateway model as the mechanism for gateway

EOS 4.15.0F added support for a CLI knob to determine whether the L3 forwarding agent (responsible for programming FECs and routes into hardware) would react to BFD status events for an interface to update next-hop programming for FECs programmed in hardware. This required two events, one for the BFD session to transition to an “Up” status and a subsequent transition to a “Down” status. This is identical to how various protocols in EOS (i.e. BGP, IS-IS) leverage BFD for faster down detection, and is useful to allow the L3 forwarding agent to preemptively remove next hops that would later be deprogrammed due to protocol session status state.

This feature enables exchanging IPv4 NLRI using MP BGP over an IPv6 TCP connection.  Additionally, this feature

The vertical navigation bar is an update to the layout of CloudVision. It replaces the existing horizontal header with a vertical navigation menu that lines the left side of the page. This allows for a cleaner horizontal header where key functions of CloudVision sections are highlighted.

Virtual Private LAN Service (VPLS) can be used when one wishes to connect several LANs dispersed across a packet switched network. VPLS can allow the dispersed LANs to act like a single bridged LAN by providing a service to connect the LANs. The service will appear like an Ethernet LAN (in almost all regards). VPLS achieves this by creating a mesh of pseudowires that connect the dispersed LANs, while also processing the traffic that moves through the pseudowires in a similar way to how a L2 service would. For example, MAC address learning, flooding and forwarding functions are applied to the pseudowire traffic in a VPLS. This allows  VPLS to mimic the functionality of an any-to-any L2 service when connecting dispersed LANs.

This article describes the support of a VLAN filter for IP, IPV6 and MAC ACLs on the ingress ports. The users will be able to filter the packets by specifying a VLAN id in the ACL rule. VLAN id specified in the ACL rule is internal broadcast domain VLAN id.