Installation

If you own a switch yourself or plan to buy one, then install SONiC on it, please read this section carefully; otherwise, feel free skip it. :D

交换机选择和SONiC安装

首先,请确认你的交换机是否支持SONiC,SONiC目前支持的交换机型号可以在这里找到,如果你的交换机型号不在列表中,那么就需要联系厂商,看看是否有支持SONiC的计划。有很多交换机是不支持SONiC的,比如:

  1. 普通针对家用的交换机,这些交换机的硬件配置都比较低(即便支持的带宽很高,比如MikroTik CRS504-4XQ-IN,虽然它支持100GbE网络,但是它只有16MB的Flash存储和64MB的RAM,所以基本只能跑它自己的RouterOS了)。
  2. 有些虽然是数据中心用的交换机,但是可能由于型号老旧,厂商并没有计划支持SONiC。

Regarding the installation process, because different switches from different manufacturers might have very different design, the installation process can also be different. These differences show up in two major areas:

  1. 每个厂商都会有自己的SONiC Build,还有的厂商会在SONiC的基础之上进行扩展开发,为自己的交换机支持更多的功能,比如:Dell Enterprise SONiCEdgeCore Enterprise SONiC,所以需要根据自己的交换机选择对应的版本。
  2. 每个厂商的交换机也会支持不同的安装方式,有一些是直接使用USB对ROM进行Flash,有一些是通过ONIE进行安装,这也需要根据自己的交换机来进行配置。

So, although the installation process may vary, in general, the installation steps are similar. Please contact your vendor for the detailed installation documentation, and then follow it through.

配置交换机

Once SONiC is installed, we need to do some basic settings, some of which are common, no matter which type of switch you are using, and we'll briefly summarize them here.

设置admin密码

The default SONiC account and password is admin:YourPaSsWoRd, using the default password is obviously not secure. So, please remember to change it:

sudo passwd admin

设置风扇转速

The switch fans in the data center are exceptionally loud! For example, the switch I use is Arista 7050QX-32S, which has 4 fans on it and can go up to 17,000 rpm. Although I put it in my garage, the high frequency whine can still be heard even on the second floor behind 3 walls, so if you are using it at home, it is recommended to change some settings to turn down the speed.

可惜,由于SONiC并没有cli对风扇转速的规则进行控制,所以我们需要通过手动修改pmon容器中的配置文件的方式来进行设置。

# Enter pmon container
sudo docker exec -it pmon bash

# Use pwmconfig to detect all pwm fans and create configuration file. The configuration file will be created at /etc/fancontrol.
pwmconfig

# Start fancontrol and make sure it works. If it doesn't work, you can run fancontrol directly to see what's wrong.
VERBOSE=1 /etc/init.d/fancontrol start
VERBOSE=1 /etc/init.d/fancontrol status

# Exit pmon container
exit

# Copy the configuration file from the container to the host, so that the configuration will not be lost after reboot.
# This command needs to know what is the model of your switch, for example, the command I need to run here is as follows. If your switch model is different, please modify it yourself.
sudo docker cp pmon:/etc/fancontrol /usr/share/sonic/device/x86_64-arista_7050_qx32s/fancontrol

设置交换机Management Port IP

The data center switches usually provides Serial Console connection, but its speed is too slow, so it is better for us to have the Management Port set up as soon as possible, then we can use SSH to manage it, which is way faster.

Generally, the device name of the management port is eth0, so we can set it by using the following SONiC command:

# sudo config interface ip add eth0 <ip-cidr> <gateway>
# IPv4
sudo config interface ip add eth0 192.168.1.2/24 192.168.1.1

# IPv6
sudo config interface ip add eth0 2001::8/64 2001::1

创建网络配置

The newly installed SONiC switch will have a default network configuration, which has many problems, such as for the use of the 10.0.0.0 IP, as follows:

admin@sonic:~$ show ip interfaces
Interface    Master    IPv4 address/mask    Admin/Oper    BGP Neighbor    Neighbor IP
-----------  --------  -------------------  ------------  --------------  -------------
Ethernet0              10.0.0.0/31          up/up         ARISTA01T2      10.0.0.1
Ethernet4              10.0.0.2/31          up/up         ARISTA02T2      10.0.0.3
Ethernet8              10.0.0.4/31          up/up         ARISTA03T2      10.0.0.5

So we need to update the network configuration of the ports we like to use. The easiest way is to create a VLAN, then put all the ports into the VLAN, so we can use VLAN Routing to route the packets:

# Create untagged vlan
sudo config vlan add 2

# Add IP to vlan
sudo config interface ip add Vlan2 10.2.0.0/24

# Remove all default IP settings
show ip interfaces | tail -n +3 | grep Ethernet | awk '{print "sudo config interface ip remove", $1, $2}' > oobe.sh; chmod +x oobe.sh; ./oobe.sh

# Add all ports to the new vlan
show interfaces status | tail -n +3 | grep Ethernet | awk '{print "sudo config vlan member add -u 2", $1}' > oobe.sh; chmod +x oobe.sh; ./oobe.sh

# Enable proxy arp, so switch can respond to arp requests from hosts
sudo config vlan proxy_arp 2 enabled

# Save config, so it will be persistent after reboot
sudo config save -y

That's it! Now, we can take a look at it by running show vlan brief:

admin@sonic:~$ show vlan brief
+-----------+--------------+-------------+----------------+-------------+-----------------------+
|   VLAN ID | IP Address   | Ports       | Port Tagging   | Proxy ARP   | DHCP Helper Address   |
+===========+==============+=============+================+=============+=======================+
|         2 | 10.2.0.0/24  | Ethernet0   | untagged       | enabled     |                       |
...
|           |              | Ethernet124 | untagged       |             |                       |
+-----------+--------------+-------------+----------------+-------------+-----------------------+

配置主机

If you only have one machine and try to connect a dual-port NIC to your switch for testing, then we will also need some changes on the machine to ensure that traffic will go through the NIC and switch, otherwise, feel free to skip this step.

There are many guidances on the internet here, such as using iptable DNAT and SNAT rules to create a virtual address, but the process is very tedious. After some experiments, I found that the easiest way is to simply move one of the nic into a new network namespace, even if you are using the IP of the same network segment.

For example, I uses Netronome Agilio CX 2x40GbE, which creates two interfaces: enp66s0np0 and enp66s0np1. With the following commands, we can move enp66s0np1 to a new network namespace and give it a ip address:

# Create a new network namespace
sudo ip netns add toy-ns-1

# Move the interface to the new namespace
sudo ip link set enp66s0np1 netns toy-ns-1

# Setting up IP and default routes
sudo ip netns exec toy-ns-1 ip addr add 10.2.0.11/24 dev enp66s0np1
sudo ip netns exec toy-ns-1 ip link set enp66s0np1 up
sudo ip netns exec toy-ns-1 ip route add default via 10.2.0.1

That's it! Now, we can now test our setup with iperf and confirm the traffic on switch:

# On the host (enp66s0np0 has ip 10.2.0.10 assigned)
$ iperf -s --bind 10.2.0.10

# Test within the new network namespace
$ sudo ip netns exec toy-ns-1 iperf -c 10.2.0.10 -i 1 -P 16
------------------------------------------------------------
Client connecting to 10.2.0.10, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
...
[SUM] 0.0000-10.0301 sec  30.7 GBytes  26.3 Gbits/sec
[ CT] final connect times (min/avg/max/stdev) = 0.288/0.465/0.647/0.095 ms (tot/err) = 16/0

# Confirm on switch
admin@sonic:~$ show interfaces counters
      IFACE    STATE       RX_OK        RX_BPS    RX_UTIL    RX_ERR    RX_DRP    RX_OVR       TX_OK        TX_BPS    TX_UTIL    TX_ERR    TX_DRP    TX_OVR
-----------  -------  ----------  ------------  ---------  --------  --------  --------  ----------  ------------  ---------  --------  --------  --------
  Ethernet4        U   2,580,140  6190.34 KB/s      0.12%         0     3,783         0  51,263,535  2086.64 MB/s     41.73%         0         0         0
 Ethernet12        U  51,261,888  2086.79 MB/s     41.74%         0         1         0   2,580,317  6191.00 KB/s      0.12%         0         0         0

参考资料

  1. SONiC Supported Devices and Platforms
  2. SONiC Thermal Control Design
  3. Dell Enterprise SONiC Distribution
  4. Edgecore Enterprise SONiC Distribution
  5. Mikrotik CRS504-4XQ-IN