Arista Cloud Engineer

Level 3 Outline

ACE:L3 Data Sheet



The 5-day ACE Level 3 course is designed around Arista’s data-driven Cloud network architectures. Attendees will master the core technologies found in most modern corporate networks today such as MultiProtocol Border Gateway Protocol (MP-BGP), Exterior BGP (eBGP) underlays, Ethernet Virtual Private Networks (EVPN), and Virtual Extensible LAN protocol (VXLAN). Additional topics include security, QoS, multicast, and Cognitive Campus.


CloudVision Portal (CVP) Overview and Architecture

  • Introduction to Automation and CloudVision
    • Network Automation
    • DIY, DevOps, Turnkey (CV, Studio)
    • State Streaming, SysDB,NetDB, NetDL
    • CloudVision Partner Integration
    • Overview of Installation
  • CloudVision Deployment
    • Cloud-based CVaaS, Appliance, Virtual (OVA, KVM)
    • Software, Authentication and Connectivity Requirements
    • CVP Setup
    • Enabling eAPI
  • Initial Switch Behavior
    • Zero Touch Provisioning (ZTP)
    • Process, Modes, Provisioning
    • DHCP Configuration
    • ZTP Bootstrap with CVP
    • Zero Touch Replacement
  • Automating Configuration with Configlets
    • Creating and Managing Configlet
    • Configlet and Container Plan
    • Creating Containers
    • Creating Configlet Builder
    • Using Ansible to Push Configlet via APIs
    • Python Library
  • Change Control
    • Compliance
    • Create Change Control
    • Add/Remove Metrics
  • Day 2 Network Operations
    • Real-Time Telemetry, Analytics
    • Client to Cloud Visibility
    • Troubleshooting with CLI and CVP
    • Image Management
    • Data Plane Visibility
    • Deployment with CloudVision Studios

Universal Cloud Networking (UCN)

  • L2LS Architecture
    • Review, Requirements
    • Design Considerations, Configuration
  • DC Architecture
    • Traditional DC Architecture
    • Arista Modern LS DC Architecture
  • Underlay and Overlay Design Options
    • Building the Underlay and Overlay
  • L2LS vs. L3LS
    • Routing, Redundancy, Configuration
  • OSPF Review and Configuration
  • ISIS Overview
  • BGP
    • Address Families, Communities
    • Route Reflectors/Distinguishers/Targets
    • Configuring Routes, Enabling BGP
    • BGP-Labeled Unicast (BGP-LU)
  • L3LS Design with BGP
    • BGP Routing Protocol of Choice
    • Fabric Resiliency with ECMP
    • Recommended and Best Practices

VXLAN - Virtual eXtensible LAN

  • Overview
  • Layer 3 Limitation
  • L-S Design with L3 Redundancy (ECMP)
  • VXLAN Control Plane
  • Broadcasts, Multicast, Head End Replication (HER)
  • VXLAN Routing, Operations
  • Recommended Practices

EVPN - Ethernet VPN

  • Design Options
  • Building the Underlay, L3LS
    • Routing Protocol, Data Plane, Control Plane
  • Network Overlay
    • VXLAN BGP EVPN Fabrics
    • Key Benefits of Fabrics
  • MP-BGP
    • Multitenant Control Plane
    • VRF and VPN
    • EVPN and MP-BGP
  • EVPN Failure Scenarios
  • Verifying EVPN Deployments


  • Applications. Protocols, Operation
  • PIM, IGMPv2 Snooping, MSDP
  • Multicast in the Underlay
  • EVPN L2 and L3 Multicast
  • Multicast in the Overlay with EVPN
  • EVPN Multicast - External Connectivity


  • Modes and Setting
    • Trusted, Untrusted, CoS, DSCP
  • Traffic Classes and ECN
    • CoS-TC Map, DSCP-TC Map
  • QoS Policing, Prioritization
  • Configuration


  • Macro Segmentation Service (MSS)
    • Use Cases and Prerequisites
    • MSS - Group. Firewall, Host
    • Design Consideration, Operation
  • Network Visibility
    • Arista EntityIQ
    • DMF, Observability and Monitoring
    • Third Party NAC
    • IoTvision
    • CloudVision Cognitive Unified Edge (CV-CUE)
  • Arista AI-Driven Network Detection and Response (NDR)
    • Threat Detection and Hunting
    • Unmanaged Device Security
    • Non-Malware and Encrypted Threats
    • Attack Surface Assessment (ASA)
    • AVA - Autonomous Virtual Assistant

Campus Architectures

  • Campus Networking Evolution
    • Traditional Campus Architectures
    • UCN Principles for Campus
    • Wireless, PoE
  • WiFi Solutions for Campus
    • Fundamentals
    • Centrally-managed
    • CloudVision Cognitive Unified Edge (CV-CUE)
    • Troubleshooting
  • Campus Security
    • Endpoint Security
    • Access Control - Device Inventory (IoT), Analytics, Third-Party NAC
    • Infrastructure Security - MSS, WiFi WIPS
    • AVA Sensors
    • Authentication, 802.1X, EAP
    • Secure Connectivity - MacSec, IPSec


The ACE Level 3 course Includes diverse practical labs built on current EOS and CloudVision platforms. Labs are accessible for three weeks, one week during the instructor-led course, and two additional weeks to work on labs independently. Each student is given their own dedicated environment. Students can connect to these cloud-based labs from anywhere at any time.

Lab Activities

  • Navigating CloudVision Portal
  • Configlet Management
  • Configlet Builder
  • Change Control
  • Dashboard and Alerts
  • Using Studios
  • Building the L3LS eBGP Network
  • Virtual eXtensible LAN (VXLAN)
  • EVPN L2
  • EVPN L3
  • Active - Active Multi Homing
  • Protocol Independent Multicast Sparse-mode
  • Quality of Service

Target Audience

The ACE Level 3 course is best suited for individuals with mid-to-senior level of experience in the networking field with advanced Layer 2 and 3 technologies and configurations. Mid-to-senior level network engineers and operations staff will find the skills covered in this course often sought after by modern-day, technology-oriented corporations.


ACE Level 3 certification requires a 4-hour live practical exam. Candidates must complete the ACE Level 3 course prior to attempting the exam. The candidates will log into a lab environment, similar to the one used for the course labs, and use both CLI and CloudVision to complete the exam.

Follow-on Courses / Certifications

ACE : L4

Product Specialties


Vertical Specialties