Welcome to the November 2025 Edition of the Arista Federal Newsletter!¶
As we head into the Thanksgiving season, we want to take a moment to say thank you to our incredible Federal Agencies, System Integrators, and Arista Federal Partners who continue to drive innovation, collaboration, and success across the Federal landscape.
This time of year is all about gratitude and connection, and we’re truly thankful for the trust and partnership you place in Arista.
Together, we’re helping agencies modernize their networks, simplify operations, and build the secure, cloud-first infrastructures that our nation depends on every day.
From all of us at Arista Federal, we wish you and your families a safe, joyful, and connected Thanksgiving!
In this month’s newsletter, you’ll find:
Arista and Palo Alto Networks Strengthen Partnership in the New Age of AI Security
Arista & Palo Alto announced a deepened Arista-Palo Alto partnership to deliver a modern Enterprise security architecture based on Arista MSS with "smart hooks" into an EOS EVPN fabric, and integrated with the Palo Alto NGFW management suite. The solution delivers holistic zero-trust security for both east-west and north-south traffic with optimized Firewall performance, improved resilience, and a much simplified network design to enable granular control of the traffic redirected to Firewalls in distributed Enterprise Data Centers.
Arista Federal SE Casey Durst explores the benefits of Smart System Upgrade (SSU) — a capability that brings new levels of network agility and uptime. With SSU, you can perform software upgrades on Arista switches while keeping traffic flowing — no lengthy downtime, no complex manual work, and no juggling dashboards. It’s a smarter, more efficient way to maintain and evolve your network without disruption.
Unlock the Power of Programmatic Networking with Arista EOS API (eAPI)
Arista Federal SE Mike Reyes breaks down how Arista’s Extensible Operating System (EOS®) API — eAPI — is transforming network automation.
This newsletter is for you and we welcome your feedback, ideas, and requests at fed@aristafederal.com.
Thank you for reading the Arista Federal Newsletter — your go-to source for the latest innovations, industry insights, and mission-focused networking solutions for Federal Agencies and System Integrators.
Casey Durst, Systems Engineer, Arista Networks Federal
Some time ago while supporting ongoing kinetic military operations it was the time for the daunting required reboot of network devices for Unclassified and several Classified networks. The careful orchestration of the upgrade timelines ensuring the authorized service interruption window would not impact military operations was complete. We were given a short time to execute a zone-based reboot across the Base Area Network and Data Centers. At first, all was well but during the window we were instructed that the devices need to be back in operation and the maintenance window was canceled. The nine minute reboot could not be expedited and another device came back with the frustrating error outlining corrupted or loss of flash staring at me… tick tok.
While the pressure for your restarts and reboots may not be at the same level or may very well exceed it, Arista Networks provides Smart System Upgrades (SSU) or ‘Hitless’ upgrades across DataCenter and Campus switching variants which may be one of the most underrated and undervalued capabilities in the Arista arsenal.
What is SSU?
SSU is a solution suite designed to address some of the most complex and challenging tasks facing network administrators - network appliance maintenance. Changes to the underlying network infrastructure can affect large numbers of devices and cause significant outages. Using the flexibility of Arista design to your advantage, there are multiple variations of SSU at your disposal:
Leaf SSU enables hitless software upgrade that allows a network operator to upgrade the software while keeping the switch data plane operational during the upgrade. Hitless upgrade is completely seamless to connected hosts ensuring uptime to services and applications to singly attached hosts during a software upgrade.
Spine SSU introduces maintenance mode to intelligently insert and remove a spine device from the network by combining protocol based graceful shutdown and traffic redirection hence minimizing loss to application traffic. Maintenance mode enables network operation teams to stay on top of software upgrades, hardware replacements or isolated troubleshooting without taking downtime for applications.
Regardless of the network model you are operating, be it a spine-leaf topology, MLAG or other, SSU utilizes Arista’s Extensible Operating System’s (EOS) modular architecture to ensure hitless upgrades (when traffic forwarding continues uninterrupted) is available to you. For details on the EOS construct, design, and history please see the October Federal Newsletter as understanding the distributed state database is paramount to understanding how SSU functions.
SSU orchestrates upgrades using a multi-stage process working carefully with SysDB while ‘siloing’ agents. While silo’ing may have a negative connotation in our lives, in this instance these agents acting independent of one another is used to our advantage because each does not directly impact the other; rather each informs the central SysDB of state changes.
Preparation Phase: Validate and confirm the EOS future image and ensure up to date running configurations are saved.
Shutdown: Topology dependent but effectively the re-direction of traffic to MLAG Peers device or maintenance mode for Core spine devices. This traffic re-direction, as applicable, allows for L2 or L3 tables to populate and accept traffic during the upgrade of the primary device.
Accelerated boot: Fast boot technology will skip unnecessary hardware initialization and load the required modules, again, based on type of device, topology, and configuration.
Reconciliation: A graceful restart of configured protocols (OSPF, BGP, etc) allowing for traffic convergence and updates once- not progressive or consecutive state-based update(s).
WIFM: What’s in it for me? (you)
We have all experienced device reloads with outages and accept it as just a part of doing business. This capability, with the flexibility built-in based on Arista’s EOS and platforms, brings renewed fervor to the planned outage frustration:
Faster reload times: gaining approximately 80% of your time back
Hitless upgrades: upgrade during any point of the business day without impacting users
Traffic Redirection: Maintenance mode or traffic re-direction minimizes disruptions in multi-device architectures
Automation Integration: Use Ansible, Puppet, and Arista’s eAPI
Fault Tolerance: If a fault occurs, only that process restarts and only receives the most recent state changes. We leave the rest of the device and its capability alone.
Scalable: From a few access devices or massive data center architectures managed via CloudVision, SSU is orchestrated as required by the site admins on their schedule and their capabilities.
Uninterrupted connections: By sending LACP link-state information, the network connections remain active which allows traffic to continue to traverse the device
Intelligent insertion and removal of network elements, customized to the Spine or the Leaf layer
Programmatic interface to tailor upgrades to operating environment
The steps and commands utilized are outlined here, generically. You can also (and we would recommend) using CloudVision to execute SSU to ensure success of each device as it completes the upgrade and reboot process. Arista prides itself in quality and simplicity.
Save the current configuration:
Ensure space is available for new EOS + logs
Verify connectivity for management
Verify configuration supports SSU. Fix errors presented, as required.
For BGP / MP-BGP **Ensure all BGP sessions are stable; for BGP within a specific VRF, use ‘graceful-restart’ within the respective VRF
For switches using MLAG:
Transfer new EOS image onto device via USB, FTP, SCP, HTTP
Prep device to boot from new image EOS would be the version you are upgrading to and wr mem
Reboot the device
Verify new EOS version is utilized
The dual supervisor version is utilized in nearly the same method; however, there are some nuances with the process of rebooting to be aware of. Namely, that the secondary supervisor receives the image from the primary and both are restarted together.
Conclusion
There is no doubt that the opening scenario will bring back memories for many on the Arista Federal team and our customers as each of us has our own scenario that may mimic it. Only you know the risk level of your environment but with Arista Networks, the frustrating era of 0200 maintenance windows to limit network downtime has now paved the way for day-time reboots with little risk to customers, end-users, and in our world, military operations.
Unlock the Power of Programmatic Networking with Arista EOS API (eAPI)¶
Mike Reyes, Systems Engineers, Arista Networks Federal
In today’s fast-paced data centers, manual configuration via SSH is no longer enough. Network operators need speed, reliability, and seamless integration with modern automation tools. That’s where Arista’s Extensible Operating System (EOS®) API – better known as eAPI – shines as a game-changer for network automation.
What Makes eAPI Stand Out?
Arista EOS offers multiple programmable interfaces for applications. The applications running on the switch or external EOS applications can leverage these interfaces. For example, Arista’s EOS API (eAPI) interface allows applications and scripts complete programmatic control over EOS with a stable and easy-to-use syntax. Once the API is enabled, the switch accepts commands using Arista’s command line interface (CLI) syntax, and responds with machine-readable output and errors serialized in JSON, served over HTTPS.
Here are the three pillars that have made eAPI a favorite among network engineers and DevOps teams worldwide:
Comprehensiveness
With Arista’s eAPI, customers can access any state and configure any properties on the switch that they could otherwise do over the CLI.
Every command available in the CLI is accessible via eAPI. From show interfaces to full configuration sessions (configure terminal → multiple commands → end), you get 100% parity with interactive sessions.
Ease of Use & Flexibility
The simplicity of this protocol and the availability of third-party JSON clients means that eAPI is language agnostic and can integrate into any existing infrastructure and workflow. Additionally, on-box, interactive documentation for the API and return values make writing new programs simple.
Language-agnostic: Works with Python, Go, Ruby, PowerShell – any language with an HTTPS client.
Built-in interactive documentation: Just point your browser to https://<switch-ip>/eapi after enabling the service.
On-box API explorer at https://<switch-ip>/eapi/spec lets you test commands live
Rock-Solid Stability
Arista ensures that a command’s structured output will remain compatible with multiple future versions of EOS. The compatibility allows end users to confidently develop critical applications without compromising their ability to upgrade to newer EOS releases and gain additional features. Furthermore, this enables scripts to operate cleanly in data centers running multiple versions of EOS without compromising eAPI’s simplicity.
Arista guarantees backward compatibility of structured output across multiple EOS releases. Upgrade your switches without breaking your automation scripts – a promise that removes the biggest barrier to adopting new features.
EOS Architecture Overview
Clients send an HTTP POST request to the server using the lightweight JSON-RPC 2.0 protocol. Requests specify » The “method” to use (at this time, always “runCmds”). » A list of commands to run, for example [‘show interfaces’], or [‘configure’, ‘interface Ethernet 1’, ‘shutdown’] » A “version” number specifying which revision of the model output your script expects (at this time, always “1”).
The server processes the request and collects a structured data model for each command, which will then be converted into JSON. The JSON-RPC 2.0 ‘error’ field is set if a command returns an error. Otherwise, the response is in the ‘result’ field. You can view further documentation on response formats at https:///eapi/spec and overview documentation at https:///eapi/overview. EOS Command Validation over eAPI and embedded EOS Sanity Checks Command and control over eAPI (configuration change or command execution) can optionally be sent with a validation flag, meaning the CLI command will not be executed on the switch but will be parsed by EOS. This function is leveraged by Arista's AVD (Architect, Validate, Deploy ) and Arista's CloudVision to ensure a CLI command or configuration change is syntactically correct and supported by the target device the platform it is executed against.
Sanity Check functions embedded in EOS can also be programmatically called to validate a syntactically correct config change is also functionally correct. One example is the MLAG Sanity Check - a CLI command call that triggers EOS to query its neighboring MLAG switch to ensure a proposed config change will not disrupt MLAG functionality.
Real-World Applications
Imagine replacing an entire running configuration on hundreds of leaf and spine switches in seconds instead of hours or feeding live interface counters directly into your monitoring stack without custom parsers. Customers are already doing this:
Zero-touch provisioning: Push complete configurations in a single API call.
Integration with Ansible, AVD, and Terraform: Official modules and the Arista Validated Designs (AVD) framework make eAPI the backbone of modern data-center-as-code.
Advanced telemetry: Pull structured show command output into Splunk, Elasticsearch, or Grafana with zero transformation effort.
eAPI’s completeness, stability, and ease of use make it well-suited for various customer applications.
For example, traditional network configuration workflows involve connecting to nodes over SSH and setting the configuration command by command. eAPI makes this trivial and allows network operators to replace the entire running configuration for a device in one sequence. eAPI reduces the time to deploy a change and gives the operator a quick feedback loop. eAPI excels at integrating with third-party software.
For example, retrieving structured JSON data from Arista nodes allows developers and operators to easily incorporate EOS nodes into network automation workflows, monitoring, and data center infrastructure management tools. In addition, another use case is for network administrators who wish to configure many nodes programmatically. The robust ecosystem around eAPI has led to integrations with popular open-source toolings such as Arista’s own Arista Validated Designs (AVD) framework and Red Hat’s Ansible Automation Platform.
The Future Is Programmable
As networks evolve into software-defined infrastructure, tools like eAPI are no longer nice-to-have – they are the way forward. With guaranteed stability, universal language support, and complete CLI coverage, Arista eAPI empowers you to automate everything from day-to-day operations to massive greenfield deployments.
Ready to leave SSH scripts behind?
Dive into the full technical details in the official whitepaper
Arista hosts various events throughout the year for you! Members of our team organize these informative events to showcase Arista's ability to not only help improve your network, but to also assist by providing a set of tools to improve your operations! Click on the boxes below to be directed to Arista's website for lists of Webinars and Events.
Arista Network Webinars Series with Carahsoft
For Channel Partners Only
Date
Name
Description
November 18
Arista Campus Solutions
Discover how Arista is extending its reliable, scalable, and secure networking capabilities to campus environments that are perfect for federal agencies with distributed locations. For channel partners only.
We make is easy for you to view products that are of interest, all virtually! Technical memebers of the team showcase outstading explanation of the products. Click below to see our list of Webinars.
Join us in person to get a closer look in our list of produts and solution, as well as get the chance to meet members of the team. Click below to see our list of ipcoming Events.
Feel Free to Reach Out To Us For Your Network Needs¶
We thank you for taking the time to read out newsletter today. Feel free to reach out to your SE or ASE for more information or questions regardsing your network operations. Until next month, have a good one!
