fbpx

Network-Engineering | 7 min read

How to ACE with Arista

ngworx Team
July 2021
written by Christian Weber
Network & Security Engineer

Would you like to know how to ace with Arista? Practice is the path of mastery, but getting help from a friend can get you there faster.

As an Arista partner, we are obliged to have a certain number of engineers certified in different levels of the Arista Cloud Engineer (ACE) Certification Program. The new ACE program is structured into seven levels:

  1. Cloud Novice
  2. Cloud Associate
  3. Cloud Journeyman
  4. Cloud Professional
  5. Cloud Automation
  6. Cloud Architect
  7. Cloud Expert

You may find a more in-depth explanation of the levels and the requirements on the Arista website, in this blog I would like to focus on the content of the ACE 3 course. The ACE L3 is an intermediate course to Arista network solution, network automation, and Arista’s CloudVision GUI (CVP). It teaches how to use and run configlets (Configure templates) and to set up a Datacenter Network within a Leaf-Spine design.

How to get certified

At the moment Arista is building new procedures so things might change, currently, you need to complete the following steps, to get certified:

  • 5 – day instructor-led online course
  • practical exam [1]

Below you can read my journal during the 5-day course as preparation for the Arista ACE L3 certification.

Monday

The online class started at 9 AM, we were about 25 participants from all over the world. My first thought was that we are too many participants for this class. It might be difficult for the instructor to take the different levels of experience into account while discussing the topic at hand. As we came to discuss the topic of Leaf-Spine architecture, I realized that experienced engineers debating together and sharing their experience is a big advantage for me and the rest of the group. This way we can learn a lot from each other.

Next on the agenda was the evolution of network designs and the impact that the increased east-west traffic volume has on modern data center architectures. This included the common Layer 2 Leaf-Spine architecture and its advantages. The L2LS (Layer 2 Leaf-Spine) set-up with MLAG [2] (oldie but goldie ) and its use-cases.

One big topic and discussion was how to arrange spanning tree to eliminate the disadvantages, mainly that traffic is only concentrated on a single STP path. The STP protocol blocks, and limits the resources.

After the architecture and design introduction, we started with the first steps in CloudVision Portal (CVP), learned how to navigate and use the GUI. I finished my first day with exercises in the lab environment. 

How to ACE with Arista

Figure 1 Leafe-Spine Architecture with DATA and MGMT Network (Source: Arista EOS Central – CVP HA Deployment Guide)

Tuesday

In the morning our instructor presented his amazing drawing skills on the virtual whiteboard. I was amused to see how fast a network design drawing can get confusing if you’re not actively following the steps. We spent the whole morning on the topic of routing protocols and learned why eBGP is the recommended protocol by Arista and how to enable and configure it on EOS with CloudVision.

You may ask, why is BGP preferred as an underlay protocol in a Leaf-Spine Architecture. For the overlay protocol, the discussion would be about the choice between eBGP vs. iBGP.

  • BGP supports multiple address families
  • It is scaleable
  • Controllable by policies
  • Only deal with one protocol (eBGP)

We followed up with a short overview of IS-IS (Intermediate System to Intermediate System Protocol) and OSPF (Open Shortest Path First) and other routing protocols. The goal was to compare the lesson learned from Layer 2 Leaf-Spine Architecture the day before, with Layer 3 Leaf-Spine Architecture. We discussed the challenge of choosing the preferred routing protocol and why it does not always have to be the recommended path and design preferences…

The next topic of the course was VXLAN. For large networks that start running out of VLAN IDs, VXLAN is a solid solution.

How to ACE with Arista

Figure 2 My instructor’s drawing skills, explaining OSPF

Wednesday

On Wednesday we started with an overview of how to deal with redundancy, more specifically about FHRP (First Hop Redundancy Protocols).

When it comes to FHRP, Arista differentiates between: 

  • Virtual Router Redundancy Protocol (VRRP), with virtual IP address and
  • Virtual ARP (VARP)

The configuration of VRRP and VARP on Arista EOS might be confusing. I refer here to “ip virtual-router address” and “ip address virtual” commands. [3] 

Later that day we continued with the chapter on Virtual Extensible LAN, VXLAN [4], and its propagating modes – then we moved on to Multiprotocol BGP with a deep dive into EVPN [5], the usage of a Route Distinguisher RD, transporting Layer 2 and Layer 3 over L3 with VXLAN. We learned about the advantages and disadvantages, how to configure and troubleshoot Arista devices. These were mostly “dry” theoretical lessons, more complex than the routing protocols a day before.

Thursday

On Thursday we proceeded with the EVPN topic and learned the differences between Route types, Dual homing, and Active/Active with a longer discussion. The most important conclusion was “BGP is more than a routing protocol it’s an application” as our instructor taught us.

After the lunch break, we continued with self-study in the lab environment. We tested EVPN, VXLAN, and a Multicast configuration. With a small script, we could produce multicast traffic and tested the outcome in leaf-spine switch architecture. We visually observed this traffic flow in the whole network on CVP. 

Friday

The last day started with the topic of QOS, COS. The instructor told us a story, when he was in Saudi Arabia trying to talk to his wife but couldn’t understand her, because of delay. Starting with this example, we cover the topic of the impact of delay, latency, and jitter.

This topic reminded me of the mars rover prioritization issue that happened in 1997 as the rover got stuck on mars. The system prioritized a task with lower priority in its queue over a task with a high priority. This ended up in a mess [6].  Queueing and prioritizing can be an art if you include them in your network properly and a disaster if you do it wrong!

After QoS, we proceeded with security in Leaf-Spine networks: Macro Segmentation Services (MSS). Securing East-West traffic automated network segmentation and securing management interfaces, which needs direct flow supported platforms and Layer-2 adjacency between the firewall and TOR (top of rack) switches. Direct flow is used to steer interesting traffic from the host to the firewall.

Before lunch, we shortly discussed how to intergrade Data Analyzer /Network Tap onto your LS architecture. This is a passive mechanism to collect data and a GDPR requirement in the EU.

Then we had a short overview of the Arista AI-driven network security protection device called AWAKE.

Finally, we finished the course with some maintenance tasks in the lab – adding configuration examples (configlets).

Next Steps

The course alone does not prepare you sufficiently to take the exam. More steps are required.

  • self-study with the coursebook
  • practice, practice, practice.
  • Practical exam

Conclusion

It was my first interaction with CVP, from this point of view, the course was a good choice. Most impressive was the lab infrastructure with a well-described lab guide.

Following the lessons from my instructor was not always easy, he sometimes lost me, mainly because of his whiteboard skills. I would recommend taking notes during the course.

All in all, the course was well structured and clear. Thanks to the instructor for championing best practices, this made this week more interesting.

If you are new to data center networks and you have previous experience with networking and routing, the ACE L3 is a good choice to start with.

References: 

[1] https://www.arista.com/en/support/hands-on-training

[2] https://www.arista.com/en/um-eos/eos-multi-chassis-link-aggregation

[3] https://eos.arista.com/forum/what-is-different-between-ip-virtual-router-address-and-ip-address-virtual-command/

[4] https://www.arista.com/en/um-eos/eos-vxlan-description#xx1156439

[5] https://www.arista.com/en/um-eos/eos-evpn-overview

[6] https://www.cs.unc.edu/~anderson/teach/comp790/papers/mars_pathfinder_long_version.html

ngworx Team
July 2021
written by Christian Weber
Network & Security Engineer

Most Popular

Network-Engineering | 8 min read

Junos upgrade – filesystem is full

Not enough storage during Junos upgrade (EX2300 and EX3400). An extension of Juniper's article…

Read more