First Published: November 30, 2024

SONiC on Cisco 8000 Series Routers, Release 202405cz.1.1.0

Cisco 8000 series routers support disaggregating the hardware and software to provide a more robust, open ecosystem for service provider networks.

With the introduction of Open Compute Project (OCP), vendors collaborate on designs and specifications to enable a more efficient, scalable, and versatile consumption of hardware and software. This initiative broadens the spectrum for cloud and service provider transformations, hardware innovations, software evolutions, flexibility, lower costs, and better control of the network infrastructure.

As part of the disaggregation journey, Cisco supports installing Software for Open Networking in the Cloud (SONiC) on the following PIDs on the Cisco 8000 series routers:

Product ID (PID)

Description

8101-32FH-O

Cisco 8100 1 RU Chassis with 32x400G QSFP56-DD with Open Software and without HBM on Q200 Silicon

8102-64H-O

Cisco 8100 2 RU Chassis with 64x100G QSFP28 with Open Software and without HBM on Q200 Silicon

SONiC is an open source network operating system based on Linux that runs on switches from multiple vendors and ASICs. SONiC offers a full-suite of network functionality, like BGP and RDMA, that has been production-hardened in the data centers of some of the largest cloud-service providers. Cisco is part of this ecosystem harnessing the innovation in Cisco Silicon One to provide seamless infrastructure experience in data center deployments. Cisco Silicon One devices can assign ports to be generic Ethernet or a fully scheduled fabric. The Cisco Silicon One architecture enables optimized fixed form factor systems. Cisco leverages the SONiC capabilities from the community for a deployment-hardened network stack on the Cisco 8000 series routers.

SONiC uses Switch Abstraction Interface (SAI) API version 1.13.0 for release 202405cz.1.1.0. The SAI API defines the API to provide a mechanism to control forwarding elements, such as a switching ASIC, an NPU or a software switch in a uniform manner. For more information about SAI APIs, refer to the Github repository.

For more information about the benefits of integrated innovation, see Cisco 8000 series routers.

Component Version

This table outlines the versions of various components included in this release:

Component

Version

Linux kernel

6.1.0-22-2-amd64

SAI API

1.13.0

FRR

8.5.4-sonic-0

LLDPD

1.0.16-1+deb12u1

TeamD

1.31-1

SNMPD

5.9.3+dfsg-2

Python

3.11.2-1+b1

SYNCD

1.0.0

swss

1.0.0

Radvd

1:2.19-1+b1

Isc-dhcp

4.4.3-P1-2

sonic-gnmi version

0.1

redis-server

5:7.0.15-1~deb12u1

redis-tools version

5:7.0.15-1~deb12u1

eventd version

1.0.0-0

mgmt-framework version

1.0-01

Baseline Features

The following list provides common baseline features supported on SONiC:

  • TACACS+ authentication for IPv4 or IPv6 addresses

  • SSHv2 authentication for IPv4 or IPv6 addresses

  • AAA authentication

  • Syslog logging for IPv4 or IPv6 addresses

  • Network Time Protocol (NTP) for IPv4 or IPv6 addresses

  • Simple Network Management Protocol (SNMP) over IPv4 and IPv6 transport

  • TFTP file transfers over IPv4 or IPv6 addresses

  • Secure Copy (SCP) server support

  • Dynamic Host Configuration Protocol (DHCP) relay agent

  • Access Control Lists (ACLs) over IPv4 and IPv6 addresses

  • IPv4 or IPv6 ACL match on 7 tuple

  • ERSPAN and Everflow Support

    • Source interface to support IPv4 capture and IPv6 capture at the same time

    • Bit-wise match on DSCP

    • Capture IPv4 and IPv6 source packets and encapsulation with either IPv4 or IPv6 addresses

  • IPv4 or IPv6 decapsulation

  • IPv4 or IPv6 routing

  • Static route

  • iBGP over IPv4 or IPv6 addresses

  • eBGP over IPv4 or IPv6 addresses

  • Route policies

  • IP prefix lists

  • BGP

    • Multihop, AS-set, prefix-set, community-list

    • Max prefix limit

    • Bestpath as-path multipath-relax

    • Soft reconfiguration

    • Update source loopback

  • 32-way ECMP

  • LAG: IPv4 or IPv6 interfaces addresses

  • LACP Support

  • RDMA: QOS-RDMA and QOS-ECN

  • MTU: Jumbo MTU 9100 for Management, Switched Virtual Interface (SVI) and Native interfaces

  • SNMP: Trap source management interface in the management VRF

  • COPP/LPTS: For both management and inband interfaces (v4 or v6 UMPP)

  • NTP:

    • Support of IPv4 or IPv6 Servers

    • Access-group server ACL

  • Security ACL:

    • SSH IPv4 and IPv6 access

    • Physical interfaces—IPv4 and IPv6 ACL support

    • ACL permit, deny actions or counters

  • ACL

    Match conditions:

    • 5-tuple match for an ACL (source and destination IP, source and destination port and protocol type)

    • port range

  • QoS classification and scheduling over IPv4 or IPv6 addresses

  • Syslog support

  • gRPC: Dial-out support to stream telemetry data

  • Virtual local area network (VLAN)

  • Added Resolution Protocol (ARP)

  • FAN, PSU management

  • Virtual Extensible Local Area Network (VXLAN) is supported on Cisco 8101-32FH-O and Cisco 8102-64H-O routers

  • Bidirectional Forwarding Detection (BFD) is supported on Cisco 8101-32FH-O and Cisco 8102-64H-O routers

  • Dynamic Host Configuration Protocol (DHCP) relay is supported on Cisco 8101-32FH-O and Cisco 8102-64H-O routers

What's New in the Release

The following features are introduced or enhanced in this release:

202405cz.1.1.0

These features are supported in this release:

  • Support is available only for Zero Touch Provisioning (ZTP) image

  • Supports resilient hashing

  • Supports dynamic eBGP scaling up to 1500 for any IPv4 and IPv6 combination

  • Facilitates dynamic configuration for 50G on 8102 routers

  • Enables packet capture for transit traffic and saves it to a local file

  • Supports factory reset

  • Supports express boot for the Q200-based platform

  • Supports Message of the day (MOTD) through SONiC Command Line Interface

  • Supports SNMP PSU OPER status and SNMP fan OPER status

  • Enables BFD during ZTP and keeps it persistent

  • Supports resilient hashing with dynamic reachability

  • Supports all keys and secrets to be stored in the configuration as hashed values

Known Issues

This section outlines potential issues that users may encounter and provides possible workarounds for these challenges.

Caveats

  • Packet Capture:

    • The rate limiter is currently non-functional. Without it, high-rate data capture may disrupt router operations, causing packet drops and affecting in-transit captures.

    • In-line decode doesn't work when a large number of IPv6 routes are installed on the router, due to limitations.

  • Onboard Failure Logging (OBFL): The OBFL service requires initializing the storage device. Disabling the service with the systemctl disable cisco-obfl.service command prevents indefinite retries to enable it.

Expected behaviors

  • Storm Control: Storm Control requires NPP to activate Layer 2 and Layer 3 port counters. This is necessary to detect unknown unicast traffic and support the feature effectively.

  • Packet Capture:

    • Only IP packets can be captured for in-transit traffic based on ACL rules. At present, Layer 2 traffic cannot be captured.

    • All captured packets are stored in a single circular buffer with a limit of 1024 packets.

    • Supports one flow of either IPv4 or IPv6 at any given time, though both IPv4 and IPv6 can coexist on the network.

  • TACACS+:

    • A global passkey must be configured to use commands that perform rigorous checks, such as config override-config-table.

    • Only one master password can be used for all passkey encryption needs.

    • The /etc/cipher_pass file should not exist in an empty state.

  • Resilient Hash:

    • For each prefix, an FG_NHG must be created first, followed by the creation of an FG_NHG_PREFIX to associate the prefix with the group.

    • Users cannot bind multiple prefixes to the same FG_NHG. There must be a one-to-one mapping between FG_NHG and FG_NHG_PREFIX.