22 Oct

Arista – dealing with inactive routes in BGP

In EOS, BGP implementation normally considers only active routes in RIB for advertisement to its peers.

In certain deployments, IGP protocol like OSPF may carry same set of prefixes as BGP (especially if we use OSPF to form iBGP). In addition, routes from OSPF and BGP may be mutually redistributed. As a result, when local BGP process advertises these prefixes to its neighbors, it would always choose OSPF routes over corresponding BGP routes (admin distance of OSPF is better than that of BGP).

For a Cisco network engineer, this is totally deviate from their normal understanding. In Cisco, if the similar situation happened, it only marked as rib failure, but the BGP prefixes are still advertised out to other BGP peer.

Coincidentally, I encountered this situation and I will share my findings and workaround for reference.

Option 1 – advertise-inactive

This is documented by Arista, basically it tells the BGP to advertised out prefixes even though it is inactive (inactive due to better AD is exist in other routing protocol).
https://eos.arista.com/eos-4-15-0f/bgp-advertise-inactive/

Option 2 – override the AD for prefixes learnt from iBGP peer

ip prefix-list default-only seq 10 permit 0.0.0.0/0
!
route-map set-distance-for-default permit 10
    match ip address prefix-list default-only
    set distance 20
 !
 route-map set-distance-for-default permit 20
!
router bgp 65999
   neighbor 10.3.36.2 route-map set-distance-for-default in

For my case, the 0.0.0.0/0 is not installed in BGP because the switch is also receiving the same prefix from OSPF. Above config will set the AD for 0.0.0.0/0 to 20 (instead of 200) when it received the BGP update from the peer. I can set it to any value as long as it is lower than 110 (OSPF)

https://eos.arista.com/forum/change-ad-for-specific-prefix-in-bgp-or-ospf/



09 Aug

Arista EOS – BGP remove-private-as

This is a post copied/stolen/updated from Kevin Wang’s wiznote – [EOS] [RFC6996] BGP remove-private-as

Summary:

  1. Feature support starts from 4.19.1F and 4.18.4F
  2. “remove-private-as” works for both 2B/4B AS#. 
  3. Private AS number: 64512-65534(2B), 4200000000-4294967294(4B). convert to asdot notation is 64086.59904.
  4. “neighbor x.x.x.x remove-private-as” only works for those as-path which only have private as number present.
  5. 3. In case you have both public as number and private as number, you need give the keyword “all” to force remove all private as number within the as-path-list. “neighbor x.x.x.x remove-private-as all”
  6. 4. If you want to keep the as-path length, using replace-as. “neighbor x.x.x.x remove-private-as all replace-as”
  7. 5. If the AS_PATH contains the AS number of the eBGP neighbor, BGP does not remove the private AS number.
  8. 6. If the AS_PATH contains confederations, BGP removes the private AS numbers only if they come after the confederation portion of the AS_PATH.
  9. If the eBGP neighbor using private as number which you intend to apply “remove-private-as”, you will get below warning message, but the CLI still able to apply and functionality also works as expected, the reason why we have this warning before it may create potential loop, because on local switch, you remove all private-as number which might be include peer’s ASN, in this case, the loop will happen, so that’s why we put the warning here.
  10. If you configured remote-as on peer-group, and peer inherit that information from peer-group, in this case, remove-private-as on peer will not prompt warning, because that’s inherit information, EOS will not check it.

13 Feb

Arista EOS 101

This is a simple short notes taken from Arista Configuration Essentials (ACE) Lab Guide

CLI & BASH

Enter bash
switch# bash
switch-bash$ ifconfig -a
switch-bash$ top
switch-bash$ cd /mnt/flash

Upgrade EOS

Upload EOS to switch
switch# copy http://1.1.1.1/EOS/EOS-4.15.5M.swi flash:

Verify image
switch# dir flash:

Configure boot image
switch# boot system flash: EOS-4.15.5M.swi

Verify boot-config
switch# show boot-config

MLAG

Configure port channel for your peerlink
switch# interface Ethernet47-48
switch# channel-group 1000 mode active
switch# interface port-channel 1000
switch# switchport mode trunk

Configure a VLAN and trunk group used for MLAG peer communications
switch# vlan 9094
switch# trunk group mlagpeer

Assign the port-channel to the trunk group
switch# interface po1000
switch# switchport trunk group mlagpeer

Disable STP on the VLAN used for the MLAG peer
switch# no spanning-tree vlan 4094

Configure SVI for peer-to-peer communications
switch# int vlan 4094
switch# ip address 10.100.100.9/30
switch# no autostate

Configure local interface and peer address
switch# mlag configuration
switch# local-interface vlan 4094
switch# peer-address 10.100.100.10

Configure domain-d, peer-link & reload-delay on BOTH switches
switch# domain-id mlagDomain
switch# peer-link port-channel 1000
switch# reload-delay 200

Configure the MLAG interface (upstream interface to spine)
switch# int Eth31-32
switch# channel-group 999 mode active
switch# int po999
switch# mlag 999

Optional (configure Virtual ARP for downstream device)
switch# ip virtual-router address 001c.7300.0009 (for both switches)
switch# int vlan 2 (for both switches)
switch# ip address 10.2.2.1/24
switch# ip virtual-router address 10.2.2.254 (for both switches)

Verify MLAG
switch# show mlag
switch# show mlag config-sanity
switch# show mlag detail
switch# show mlag interfaces
switch# show int po999

VXLAN

switch-XX# interface Vxlan 1
switch-XX# vxlan source-interface Loopback 1
switch-XX# vxlan vlan 101 flood vtep 10.1.2.1
switch-XX# vxlan udp-port 4789
switch-XX# vxlan vlan 101 vni 10000

switch-YY# interface Vxlan 1
switch-YY# vxlan source-interface Loopback 1
switch-YY# vxlan vlan 101 flood vtep 10.1.1.1
switch-YY# vxlan udp-port 4789
switch-YY# vxlan vlan 101 vni 10000

Verify vxlan
switch# sh vxlan vtep
switch# sh vxlan address-table

Use TCPDUMP

Configure port mirror to CPU (control plane)
switch# monitor session sniff source Eth33 both
switch# monitor session sniff destination Cpu

switch# bash
switch-bash$ tcpdump -i mirror1

*use the mirror number from “sh monitor session” output (Cpu : active (mirror1)

BGP Path Selection

Incoming search terms:

  • show mlag detail