09 Aug

Arista EOS – BGP remove-private-as

This is a post copied/stolen/updated from Kevin Wang’s wiznote – [EOS] [RFC6996] BGP remove-private-as

Summary:

  1. Feature support starts from 4.19.1F and 4.18.4F
  2. “remove-private-as” works for both 2B/4B AS#. 
  3. Private AS number: 64512-65534(2B), 4200000000-4294967294(4B). convert to asdot notation is 64086.59904.
  4. “neighbor x.x.x.x remove-private-as” only works for those as-path which only have private as number present.
  5. 3. In case you have both public as number and private as number, you need give the keyword “all” to force remove all private as number within the as-path-list. “neighbor x.x.x.x remove-private-as all”
  6. 4. If you want to keep the as-path length, using replace-as. “neighbor x.x.x.x remove-private-as all replace-as”
  7. 5. If the AS_PATH contains the AS number of the eBGP neighbor, BGP does not remove the private AS number.
  8. 6. If the AS_PATH contains confederations, BGP removes the private AS numbers only if they come after the confederation portion of the AS_PATH.
  9. If the eBGP neighbor using private as number which you intend to apply “remove-private-as”, you will get below warning message, but the CLI still able to apply and functionality also works as expected, the reason why we have this warning before it may create potential loop, because on local switch, you remove all private-as number which might be include peer’s ASN, in this case, the loop will happen, so that’s why we put the warning here.
  10. If you configured remote-as on peer-group, and peer inherit that information from peer-group, in this case, remove-private-as on peer will not prompt warning, because that’s inherit information, EOS will not check it.

13 Feb

Arista EOS 101

This is a simple short notes taken from Arista Configuration Essentials (ACE) Lab Guide

CLI & BASH

Enter bash
switch# bash
switch-bash$ ifconfig -a
switch-bash$ top
switch-bash$ cd /mnt/flash

Upgrade EOS

Upload EOS to switch
switch# copy http://1.1.1.1/EOS/EOS-4.15.5M.swi flash:

Verify image
switch# dir flash:

Configure boot image
switch# boot system flash: EOS-4.15.5M.swi

Verify boot-config
switch# show boot-config

MLAG

Configure port channel for your peerlink
switch# interface Ethernet47-48
switch# channel-group 1000 mode active
switch# interface port-channel 1000
switch# switchport mode trunk

Configure a VLAN and trunk group used for MLAG peer communications
switch# vlan 9094
switch# trunk group mlagpeer

Assign the port-channel to the trunk group
switch# interface po1000
switch# switchport trunk group mlagpeer

Disable STP on the VLAN used for the MLAG peer
switch# no spanning-tree vlan 4094

Configure SVI for peer-to-peer communications
switch# int vlan 4094
switch# ip address 10.100.100.9/30
switch# no autostate

Configure local interface and peer address
switch# mlag configuration
switch# local-interface vlan 4094
switch# peer-address 10.100.100.10

Configure domain-d, peer-link & reload-delay on BOTH switches
switch# domain-id mlagDomain
switch# peer-link port-channel 1000
switch# reload-delay 200

Configure the MLAG interface (upstream interface to spine)
switch# int Eth31-32
switch# channel-group 999 mode active
switch# int po999
switch# mlag 999

Optional (configure Virtual ARP for downstream device)
switch# ip virtual-router address 001c.7300.0009 (for both switches)
switch# int vlan 2 (for both switches)
switch# ip address 10.2.2.1/24
switch# ip virtual-router address 10.2.2.254 (for both switches)

Verify MLAG
switch# show mlag
switch# show mlag config-sanity
switch# show mlag detail
switch# show mlag interfaces
switch# show int po999

VXLAN

switch-XX# interface Vxlan 1
switch-XX# vxlan source-interface Loopback 1
switch-XX# vxlan vlan 101 flood vtep 10.1.2.1
switch-XX# vxlan udp-port 4789
switch-XX# vxlan vlan 101 vni 10000

switch-YY# interface Vxlan 1
switch-YY# vxlan source-interface Loopback 1
switch-YY# vxlan vlan 101 flood vtep 10.1.1.1
switch-YY# vxlan udp-port 4789
switch-YY# vxlan vlan 101 vni 10000

Verify vxlan
switch# sh vxlan vtep
switch# sh vxlan address-table

Use TCPDUMP

Configure port mirror to CPU (control plane)
switch# monitor session sniff source Eth33 both
switch# monitor session sniff destination Cpu

switch# bash
switch-bash$ tcpdump -i mirror1

*use the mirror number from “sh monitor session” output (Cpu : active (mirror1)

BGP Path Selection

Incoming search terms:

  • show mlag detail