The latest SONiC 202311 release brings forth comprehensive improvements, particularly in security, configuration management, module handling, IPv6 functionality, and virtualization capabilities. Security within SONiC has been bolstered through the implementation of containers that operate with restricted visibility and limited access to host Linux resources. This strategic containment significantly mitigates the risk of a compromised container affecting the entire system.
Furthermore, we have upgraded the CMIS module management to accommodate diverse port signal integrity (SI) configurations tailored to the varying lane speeds of a module. This includes the provision for custom SI settings specific to CMIS modules, offering greater flexibility and precision.
Lastly, we have streamlined the creation of virtual SONiC instances, facilitating an easier setup within a controlled environment. These instances can be interconnected seamlessly, adhering to predefined network topologies, thus simplifying network simulations and testing.
The SONiC 202311 release heralds a suite of enhancements that elevate the platform’s functionality across several critical areas. This update underscores our commitment to continuous improvement and innovation. Release highlights include:
Security Enhancements:
- NSS Vulnerability Fix: We’ve addressed a critical vulnerability in the nss library by replacing popen with execle, effectively preventing shell escape exploits.
- Container Hardening: Our containers now boast increased security through limited visibility and capabilities, akin to the host Linux, significantly reducing the risk of a compromised container affecting the entire system.
Reliability Enhancements:
- Auto FEC Mode: SONiC now supports dynamic Forward Error Correction (FEC) settings for various port speeds and module types, optimizing error correction and latency. The new auto FEC mode intelligently selects the best FEC setting based on auto-negotiation results, ensuring reliable link quality.
- FRR 8.5.1 Integration: The integration with FRRouting (FRR) has been upgraded, bringing bug fixes and enhancements such as better BGP performance, EVPN support, and more stable IPv6 routing.
- gNMI Master Arbitration: A master arbitration mechanism for gNMI clients is now in place, ensuring that only one client can perform state-mutating operations at a time, thus preventing conflicts and inconsistencies.
Configuration Enhancements:
- Banner Messages: SONiC now supports banner messages for login, motd, and exec sessions, enabling administrators to convey critical information or warnings.
- CMIS Enhancements: We’ve improved support for the Common Management Interface Specification (CMIS), allowing for diverse signal integrity (SI) parameters and custom SI settings for CMIS modules.
- Factory Reset: A factory reset feature is now available, restoring the switch to its original manufacturer settings, which is invaluable in cases of corrupted configurations.
- UMF Enhancement: The Universal Management Framework (UMF) has been enhanced to support importing specific sonic yangs, handling singleton tables modeled as containers, and supporting gNMI subscriptions and wildcard paths.
- NTP Client Configuration: The Network Time Protocol (NTP) client configuration now includes support for NTP authentication, ensuring the synchronization of system clocks with verified NTP servers.
Other Enhancements:
- Wake on LAN with CLI: Wake-on-LAN (WoL) is now supported, complete with a CLI command for easy enablement or disablement.
- SNMP IPv6 Support: SNMP over IPv6 is now available for single ASIC platforms, facilitating network management and monitoring over IPv6 networks.
- Sflow 800G Support: sFlow sampling for 800G ports has been introduced, enabling high-speed network traffic analysis and monitoring.
- VSNet – Virtual SONiC Network Helper: The creation and connection of virtual SONiC instances within a controlled environment are now more streamlined, thanks to the new VSNet tool.
If you are interested in trying out SONiC 202311, you can download the latest image and check out the release notes.
What’s next?
The upcoming 202405 release is shaping up to be even more exciting, with 93 candidate features proposed by you, our vibrant community. These proposals reflect the collective ingenuity and forward-thinking that drive SONiC’s evolution.
To explore these features, visit our project page. Your expertise and contributions are the lifeblood of SONiC. If you’re passionate about shaping the future of networking, we invite you to join our ranks as a contributor. For more information on how to get involved, check out our contributor guide.
Thank you to SONiC release contributors!
A heartfelt round of applause to all the contributors, with a special thanks to the companies that have proposed innovative new features for the SONiC 202311 release. Our gratitude extends to:
- AMD
- Aviz Networks
- Broadcom
- Capgemini
- Centec
- Cisco
- Dell
- eBay
- Edgecore Networks
- InMon
- Inspur
- Marvell
- Micas Networks
- Microsoft
- NTT
- Nvidia
- Orange
- Ufispace
- xFlow Research Inc.
Your contributions are the driving force behind the continuous evolution and success of the SONiC platform. Thank you for your dedication and collaborative spirit. Together, we’re shaping the future of networking technology!