Tag :: TOI

This feature enables ACL functionality on subinterfaces. ACLs on subinterfaces are configured using the

Subinterfaces are logical L3 interfaces that enable the division of a single Ethernet or Port-channel interface into multiple logical L3 interfaces based on the incoming 802.1q tag.  They are commonly used in the L2/L3 boundary.  They can also be used in the context of VRF-lite, by configuring each subinterface in a different VRF.

This feature introduces support for the SFP-10G-MRA-T SFP transceiver. This is a rate adapting transceiver, meaning it can convert the system side interface to a lower rate on the line side.

The guaranteed bandwidth feature ensures minimum bandwidth for outgoing lower priority traffic from a

A fundamental business requirement for any network operator is to reduce costs where possible. For network operators, deploying devices to many locations can be a significant cost as sending trained specialists to each site for installations is both time-consuming and expensive.

This feature extends the existing UDP payload hashing support to allow an alternative set of bytes to be used in the calculation of the LAG and ECMP hash if an 16 bit field of the payload matches a provided pattern.

This feature adds support for configurable max sFlow datagram size. The current default max datagram size is 1400 bytes, which can cause some sFlow datagrams to be dropped when there is an MTU set. This feature enables the configuration of the max datagram payload size within the range of 200 to 1500 bytes to help avoid fragmentation. Note that this feature only configures software sFlow and is not supported on hardware-accelerated sFlow.

This feature adds support for CPU traffic policy capable of matching and acting on IP traffic which would otherwise

Prior to 4.32.2F, the “reset system storage secure” CLI command can be used to perform a best-effort storage device wipe of all sensitive data. However, this command has the limitation that it wipes EOS from the storage device, leaving the system “stuck” in Aboot. The “reset system storage secure rollback” command provides the same secure erase functionality, but additionally allows the user to preserve a subset of files on the main flash device by copying them into RAM during the secure erase procedure. The set of files that are preserved is configurable. After a successful wipe, the system will return to EOS after the erase is complete if the EOS SWI image and adequate configuration files are preserved (such as boot-config and startup-config).

This feature adds support for “Dynamic Load Balancing (DLB)” on Equal Cost Multi Path (ECMP) groups.
It is intended to help overcome the potential shortcomings of traditional hash-based load balancing by considering the traffic load of members of ECMP groups. DLB considers the state of the port while assigning egress ports to packets, resulting in a more even flow. The state of each port member is determined by measuring the amount of data transmitted from a given port and total number of packets enqueued to a given port.

The packet path, prerequisites, and restrictions listed in this document apply to this feature as well Dynamic Twice NAT is a variant of the dynamic NAT feature where both the source and destination IP can be modified while forwarding a packet. One of the IP addresses will be dynamically assigned, while the other will be statically assigned.

gNSI (gRPC Network Security Interface) defines a set of gRPC-based microservices for executing security-related operations on network devices. Some of the RPCs that gNSI exposes are used to rotate security configurations on the switch.

In the realm of network service level agreements (SLAs), a customer often commits to a certain level of service for their clients. This may necessitate limiting bandwidth at the Layer 3 sub-interface level. Currently, egress service policies can achieve bandwidth control, but ingress control lacks a similar mechanism.

This document describes the support for user-defined fields (UDF) acl rules in QoS policy feature. This feature is an extension of QoS policy to allow increased flexibility of the match criteria by using user-defined fields which will help customers control traffic based on other parts of the packet header and payload that is not supported by the other key-fields.

IS-IS SR Stateful Switchover (SSO) support allows for a switchover from an active supervisor to a standby supervisor where MPLS traffic remains undisrupted during switchover. This involves reconciliation of all Segment Routing related information in the network using IS-IS Graceful Restart procedures. And also installing the same in forwarding hardware in a manner that does not disrupt the ongoing traffic.

This feature provides a CLI command showing the list of mac addresses that could not be learned due to hash collision in the hardware table. A hash collision occurs when two or more distinct pieces of data map to the same entry ( or slot ) in the hardware table. It can happen when the hash function used to calculate the index for a given mac address results in the already occupied index, resulting in the failure of inserting the later mac address to the hardware table.

Linear pluggable optics (LPO) represent a significant advancement in transceiver technology. These modules are designed to reduce costs, power consumption, and latency compared to traditional Digital Signal Processing (DSP) based transceivers.

The Linux audit system provides the ability to record security events on the switch. Audit rules must be configured and enabled at the CLI. Audit rules can be configured in different groups to assist with organization and maintenance.

The Lowest Load feature uses load as a key metric for selecting the best path. When this metric is prioritized, routers will choose the path with the lowest load as the best option.

DMF 8.7.0 provides support for Management Redundancy on an Extensible Operating System (EOS) Fixed System Chassis. It provides a method to enable redundant active/active connectivity on the management IP address for a Danz Monitoring Fabric (DMF) switch in a fixed system chassis using an out-of-band management port and a front-panel port on the switch.

ARP and IPv6 Neighbor Discovery use a neighbor cache to store neighbor address resolutions. The capacity of the neighbor cache is determined by the resources and capabilities of the device platform. The neighbor cache capacity feature adds a means to specify a per-interface capacity for the neighbor cache. A neighboring device, through misconfiguration or maliciousness, can unfairly use a large number of address resolutions. This feature can help to mitigate this over-utilization.

This document describes the OSPFv2 and OSPFv3 feature that allows enabling or disabling the inclusion of LSAs having “Down” (DN) bit set in SPF calculations. The DN Bit is a loop prevention mechanism implemented when OSPF is used as CE - PE IGP protocol.

This feature enables the user to configure PBR policy on an interface in any VRF, to match and forward incoming packets

In order to support PIM/IPv4 multicast routing on EOS switches with Broadcom Tomahawk4 ASICs, multicast support using ALPM is required. This works in both 3-level Algorithmic Longest Prefix Match (ALPM) capabilities and 2-level ALPM.

Private VLAN is a feature that segregates a regular VLAN broadcast domain while maintaining all ports in the same IP subnet. There are three types of VLAN within a private VLAN

A remark is a user specified comment that is written within an IP prefix-list. Remarks allow documentation to be added directly into the configuration of an IP prefix-list. Both IPv4 and IPv6 prefix-lists are supported.

There are two types of reload on a switch running EOS, normal reload and Smart System Upgrade (SSU). Scheduled normal reload is supported via ‘reload in’ command, to perform a normal reload after a specified delay. It asks for saving unsaved configuration changes and confirmation in order to schedule the reload. Scheduled SSU is supported via ‘reload fast-boot in’ command. However, after scheduling an SSU reload, if there are unsaved configuration changes, or saved configuration changes which block an SSU reload, the scheduled reload will be aborted at scheduled time.

This feature adds support for a selected set of configured interfaces to collect egress flow samples. Egress sFlow can be configured on Ethernet and Port-Channel interfaces, and on subinterfaces on select platforms. Hardware acceleration is not currently supported for egress sFlow and all sample processing is performed in software.

The S-BFD hold down timer feature enables delaying the steering of traffic to a previously preferred SR-TE Down path that came back Up. This delay period is configurable. Using this functionality allows time for the path to stabilize (by avoiding potential further path flaps) and allows the user to debug and diagnose the failure state.

Topology Independent Fast Reroute, or TI-LFA, uses IS-IS SR to build loop-free alternate paths along the post-convergence path. These loop-free alternates provide fast convergence.

Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules. For example, there can be a rule to match the packet source IP address against a list of IP addresses, and drop the packet if there is a match. This will be expressed in TCAM with multiple entries matching the list of IP addresses. Number of entries is reduced by masking off bits, if possible. TCAM is a limited resource, so with classifiers having a large number of rules and a big field list, TCAM runs out of resources.

This feature introduces the support for Traffic Policy on VLANs. Traffic Policy allows the user to configure rules to match on certain packets through the packet processing pipeline. The user can also place actions to match packets.

This document describes the support for user-defined fields (UDF) ACL rules in egress mac/IPv4/IPv6 access lists. This feature is an extension of egress ACL to allow increased flexibility of the match criteria by using user-defined fields which will help customers control traffic based on other parts of the packet header and payload that is not supported by the other key-fields.

This supports checking that the value of a given x509 certificate OID matches a user-provided value during the TLS handshake in OpenConfig. If the value does not match, no connection will be established.

This document describes the availability of VLAN ingress and egress counters on R Series platforms. VLAN counters provide the ability to count packets and bytes ingressing or egressing a bridge domain (VLAN).

This feature allows the export of IP FIB (Forwarding Information Base) through the OpenConfig AFT YANG models.

This feature enables the support of applying a policy-map in egress direction on an SVI interface. A policy-map is a QoS feature in which we have multiple class-maps each with a match criteria and an action. These class-maps match on the given criteria and the configured action is applied on the traffic which matches. We can apply these policy-maps on interfaces in both input and output directions which match on ingress and egress traffic respectively. This feature adds the support of applying such output policy-map on an SVI( Switch Virtual Interface ).

This feature enables the user to configure PBR policy on an interface in the default VRF to match and forward

This feature adds support for standard BGP GSHUT (0xFFFF0000) community. GSHUT community is the community used in

When configuring or modifying a RACL applied to a VLAN interface, the VLAN will be blocked while applying the updated

VXLAN tunneling requires that the switch where the tunnel terminates is configured with a VTEP that matches the configuration on the AP. CV-CUE now provides an easier way to match configurations on both AP and the switch. By having the same VXLAN configuration for access points (APs) and switches, you can aggregate all wireless traffic from the same VXLAN to a single wired destination for better traffic management and visibility.

SwitchApp is an FPGA-based feature available on Arista’s 713x-Series platforms. It performs ultra low latency Ethernet packet switching. Its packet switching feature set, port count, and port to port latency are a function of the selected SwitchApp profile. Detailed latency measurements are available in the userguide on the Arista Support site.

As a result of upgrading the Debian distribution to Bookworm, the original Python CLI (based on python2) was removed, as the interaction with the DANZ Monitoring Fabric (DMF) and CCF is performed mainly from the Controller. However, several customer operations involve some of the commands used on the switch. These commands are implemented in the new CLI (based on python3) in Switchlight in the Bookworm Debian distribution.

For modular systems operating under the SSO redundancy policy, if  the system database agent (Sysdb) on the

On platforms with multiple FAPs (e.g., chassis), hashing parameters (hash seed, polynomial, etc.) must be synced across all the FAPs when symmetric hashing is enabled to ensure hashing behavior is consistent for any given ingress port. The fix applies to all DMF Sand platforms running EOS.

With the 13.0 release, CloudVision Cognitive Unified Edge (CV-CUE) introduces system backup and restore capability. You can back up the entire system or only the configuration files, and restore them when needed.

Role based access control (RBAC) is an approach to regulating access to network resources based on the roles of

The tag matcher is a new simple input in Studios that allows you to specify a list of devices to be passed as the value for another input field. It is similar to the resolver input in that it allows users to specify a set of devices or interfaces using tag queries, but unlike the resolver, the tag matcher doesn’t require a member input to be configured.

In TAP Aggregation mode, when receiving a packet whose Frame Check Sequence (FCS) is corrupted, the default behavior

This article describes the Tap Aggregation MPLS Pop feature. The purpose of this feature is to support tools that do not parse MPLS labels and therefore need the switch to remove (pop) the MPLS header.