Community SONiC Hardened for Production

Open Networking.
Production-Grade NOS.
Built for Scale.

A production-hardened distribution of community SONiC for enterprise data centers, AI fabrics, and telco infrastructure. Built on upstream SONiC with enterprise-grade CLI, advanced feature validation, and comprehensive testing-ready for production from day one.

Explore Features

SONiC '25

Based on Community 202505

IS-CLI

Industry Standard CLI

ODM Partners Supported

sonic# show version

sonic# show version SONiC Software Version: SONiC.enable_license.0-9a57bc7ee SONiC OS Version: 12 Distribution: Debian 12.13 Kernel: 6.1.0-29-2-amd64 Platform: x86_64-dlink_dxs_f3610_54s-r0 HwSKU: Dlink-DXS-F3610-54S ASIC: broadcom Uptime: 02:10:01 up 2:10 ────────────────────────────────────── sonic# configure terminal sonic(config)# interface Ethernet 0 sonic(config-if-Ethernet0)# description SPINE-LEAF-RACK1 sonic(config-if-Ethernet0)# speed 10000 sonic(config-if-Ethernet0)# no shutdown sonic(config-if-Ethernet0)# exit sonic(config)# mclag domain 10 sonic(config-mclag-domain-10)# source-ip 192.168.100.1 sonic(config-mclag-domain-10)# peer-ip 192.168.100.2 sonic(config-mclag-domain-10)# peer-link Ethernet10 sonic(config-mclag-domain-10)# exit sonic(config)# exit sonic# show running-configuration interface Ethernet 0 ! interface Ethernet0 description SPINE-LEAF-RACK1 mtu 9100 speed 10000

Engineering-Led · Production-Proven

Built by engineers.
Proven in production.

Community SONiC hardened for production by engineers with deep, hands-on experience across tier-1 hyperscalers, telcos, and enterprise data centers worldwide. Open source at its core. Production-grade in every release.

🔬

Deep SONiC Expertise

Decade of hands-on community SONiC experience across hyperscaler, telco, and enterprise deployments.

🌐

Global Standard

Certified on 5 ODM platforms: Edgecore, Celestica, UfiSpace, Aurcore, and D-Link.

🔓

Zero Vendor Lock-in

Full source availability, open APIs, and complete community SONiC alignment with no proprietary dependencies.

🤝

Global Support SLA

Multi-timezone engineering support, on-site professional services, and rapid patch turnaround.

IS-CLI · Industry Standard CLI

Familiar CLI.
Zero retraining.

SONiC NOS ships with full IS-CLI (Industry Standard CLI) — a Cisco/Juniper-like hierarchical command mode that network engineers already know. No Python scripts, no JSON files, no learning curve.

Hierarchical modal CLI

EXEC → Privileged EXEC → Global Config → Interface/Protocol sub-modes, exactly as operators expect

Context-sensitive help & completion

help at any point, Tab completion, and abbreviated command recognition throughout

[]

Full running-config & startup-config

show running-config, copy running startup, write memory — familiar config persistence model

RBAC-integrated privilege levels

Privilege level 1-15 with TACACS+ enforcement, per-command authorisation, and audit trail

! SONiC - VLAN Configuration sonic(config)# vlan 10 sonic(config-vlan-10)# name USER_SEGMENT sonic(config-vlan-10)# exit sonic(config)# interface Ethernet 0 sonic(config-if-Ethernet0)# switchport mode trunk sonic(config-if-Ethernet0)# switchport trunk allowed vlan add 10,20,30 sonic(config-if-Ethernet0)# exit sonic(config)# interface Vlan 10 sonic(config-if-Vlan10)# ip address 10.10.10.1/24 sonic(config-if-Vlan10)# no shutdown ! ? - context help available at any prompt

IS-CLI syntax identical to Cisco IOS/NX-OS - zero retraining required

! SONiC IS-CLI — eBGP Configuration sonic(config)# router bgp 65001 sonic(config-router-bgp)# bgp router-id 10.0.0.1 sonic(config-router-bgp)# neighbor 172.16.0.2 remote-as 65000 sonic(config-router-bgp)# neighbor 172.16.0.2 description UPSTREAM sonic(config-router-bgp)# address-family ipv4 unicast sonic(config-router-bgp-af)# neighbor 172.16.0.2 activate sonic(config-router-bgp-af)# network 10.10.10.0/24 sonic(config-router-bgp-af)# maximum-paths 8 sonic(config-router-bgp-af)# exit sonic# show bgp summary

BGP + EVPN all configurable via IS-CLI - no vtysh required

! SONiC IS-CLI — MLAG + Active-Active sonic(config)# mclag domain 1 sonic(config-mclag-domain-1)# source-ip 192.168.100.1 sonic(config-mclag-domain-1)# peer-ip 192.168.100.2 sonic(config-mclag-domain-1)# peer-link PortChannel 10 sonic(config-mclag-domain-1)# keepalive-interval 1 sonic# show mclag brief ! Domain: 1 | Role: active | Session: up | Keepalive: alive

MLAG active-active - replaces VRRP with zero standby bandwidth waste

! SONiC IS-CLI — SNMPv3 authPriv sonic(config)# snmp-server group NMS_GRP v3 priv sonic(config)# snmp-server host 192.168.1.200 traps version 3 priv nms_user sonic# show snmp-server user nms_user | NMS_GRP | v3 | SHA | AES | ✓

SNMPv3 authPriv configured in IS-CLI - no JSON editing

Platform Features

What Community SONiC Delivers

A comprehensive, production-hardened feature set spanning L2, L3, overlay, security, and management, with every release validated through IntelliSuite.

L2 Switching

Full 802.1Q VLAN switching with IS-CLI configuration, supporting enterprise campus and data center access designs from day one.

802.1Q VLAN create, delete, named VLANs, and bulk range support
Trunk and access port modes with dynamic VLAN add/remove
MAC address table
LACP (802.3ad) and min-links
PVSTP
LLDP neighbor discovery and topology verification

L2 Switching — show vlan brief

# IS-CLI — Real-time VLAN status
sonic# show vlan brief
VLAN ID  Name           Ports           Tagging
10        USER_SEGMENT   Po11,Po12,Eth8  Tagged
20        STORAGE        Po11,Po12       Tagged
30        MGMT_OOB       Eth56           Untagged
99        NATIVE_VLAN    —               Native

802.1QLACPMSTPLLDP

4094

Max VLANs

128K

MAC entries

8×

LACP members

L3 Routing & High Availability

Enterprise-grade routing stack with full IPv4 and IPv6 support, eBGP, iBGP, OSPF, ECMP, and inter-VLAN routing, combined with high availability features for active-active operations and resilient failover in production fabrics.

BGP-4, eBGP, iBGP with route reflector support
OSPFv2 and OSPFv3
ECMP up to 64 paths
Dual-stack IPv6
MLAG (MC-LAG) — active-active with ICCP over peer-link

BGP ECMP — show bgp summary

# IS-CLI BGP show commands
sonic# show bgp summary
Neighbor        AS     State    Pfx
172.16.0.2      65000  Established  128
172.16.1.2      65000  Established  128
sonic# show ip route 0.0.0.0/0
B> 0.0.0.0/0 [20/0] via 172.16.0.2
              via 172.16.1.2  ECMP

BGP-4OSPFv3ECMP 64MLAG

ECMP paths

Route scale

<50ms

BFD failover

Overlay / VXLAN

Full VXLAN data plane with BGP-EVPN control plane for modern multi-tenant data center fabrics.

VXLAN L2/L3 — symmetric IRB, asymmetric IRB
BGP-EVPN — Type 2, 3, 5 routes; VNI mapping
ARP/ND suppression — reduces broadcast domain flooding

VXLAN BGP-EVPN — VNI mapping

# IS-CLI VXLAN/EVPN configuration
sonic(config)# vxlan vtep VTEP1
sonic(conf-vtep-VTEP1)# source-ip 10.0.0.1
sonic(conf-vtep-VTEP1)# map vlan 10 vni 10010
sonic(conf-vtep-VTEP1)# exit
sonic# show vxlan vlanvnimap
Vlan10  ↔ VNI 10010  active
Vlan20  ↔ VNI 10020  active

VXLANBGP-EVPNIRBMulti-VRF

16K

VNIs

VRFs

Type2/3/5

EVPN routes

Security

Platform hardening, ACL support, SNMPv3, AAA, and operational security controls for enterprise and service-provider environments.

TACACS+ / RADIUS — authentication, authorisation, accounting
SNMPv3 authPriv (SHA-256 + AES-256)
ACL — L2/L3/L4 ingress/egress on all interfaces
Control-plane policing (CoPP) — protect CPU from DDoS
Management VRF — isolate control traffic from data plane

Security posture check

sonic# show aaa
Authentication : tacacs+ local
Authorization  : tacacs+ local
Accounting     : start-stop tacacs+
sonic# show tacacs-server host
192.168.1.100  Port:49  Status:Reachable
sonic# show snmp-server user
nms_user  NMS_GRP  v3  SHA  AES  ✓

TACACS+SNMPv3ACLCoPP

Management

IS-CLI, APIs, telemetry, diagnostics, configuration workflows, and operational tooling built for production operations.

IS-CLI — full hierarchical modal CLI (primary interface)
REST API — OpenAPI-documented northbound interface
gNMI / OpenConfig — streaming telemetry and config
YANG — structured config management
ZTP — zero-touch provisioning with DHCP/HTTP bootstrap
Syslog, SNMP traps, and gRPC event streaming
Ansible, Terraform, and Netbox integration
Management interfaces available

Management interfaces available

IS-CLI (Primary)REST APIgNMI/OpenConfig YANGZTP

# gNMI subscribe — streaming telemetry
gnmi_cli -address 192.168.1.1:8080 \
  -query "/openconfig-interfaces/interfaces" \
  -streaming_type SAMPLE -polling_interval 1s
Streaming: eth0/1 counters @ 1s interval...

Latest feature packs · RoCE

Quarterly releases & advanced capabilities

Community SONiC hardened for production ships quarterly releases aligned with upstream SONiC, with advanced features including full RoCEv2 lossless fabric support critical for AI and ML deployments.

Feature focus

RoCEv2 for AI and ML fabrics

Full RDMA over Converged Ethernet v2 for GPU-to-GPU and storage traffic in AI and ML clusters, with PFC, ECN, and DCQCN congestion control fully integrated.

Validation

Spine deployment validation

Validated SONiC for spine deployment on TH4/TH5 platforms for high-performance data center fabrics.

Upcoming

Enterprise platform support

Porting on D-Link new platforms focused on enterprise and data center features.

ODM Hardware Partners

Runs on the hardware you choose

Community SONiC certified across leading ODM platforms spanning Broadcom Trident, Tomahawk, and Tofino ASICs — from 1G access to 400G spine.

Edgecore

Open networking switches and data center platforms

10G100G

UfiSpace

Carrier-grade and data center switching

1G10G100G

Aurcore

Open networking solutions with SONiC-optimised hardware platforms

25G100G400G

D-Link

Enterprise switching hardware with open NOS compatibility

25G100G

IntelliSuite · SONiC Validation Platform

Validate before you deploy. Know before you break.

IntelliSuite is a comprehensive SONiC validation and testing platform, covering feature testing, deployment validation, regression, and live network verification.

IntelliSuite™ — Made in India

The only SONiC-native
validation platform built for production

From Day 0 pre-deployment simulation to Day N continuous regression, IntelliSuite covers the complete SONiC validation lifecycle with 700+ test cases, IS-CLI throughout, and full integration with community SONiC.

700+Test cases

14Feature domains

CI/CDPipeline ready

Feature Validation

60+ sub-tests per feature — Functional, Negative, Boundary, Traffic

Deployment Testing

Full system integration — event triggers, failover, 72h soak

Regression Engine

Auto-regression on every NOS build — catches regressions before release

Live Reporting

Per-device, per-feature test reports with go/no-go deployment decision

Phase 1 — Feature Testing

Each feature tested in full isolation before integration. Covers VLAN, MLAG, LACP, BGP, SNMP, AAA, MTU, LLDP, trunking, hash, and more.

FunctionalNegativeBoundaryTrafficInteraction

Phase 2 — Deployment Testing

All features integrated and tested together. Event-driven scenarios: node failure, peer-link loss, LACP member fail, split-brain, 100G line rate, and 72-hour soak.

Failover <200ms100G throughput72h soak

Continuous Regression

IntelliSuite integrates with GitLab/GitHub CI pipelines — every NOS build triggers automated regression across all platforms and feature domains automatically.

GitLab CIJenkinsGitHub Actions

SONiC Toolchain

Built-in tools. Day-one productivity.

SONiC NOS ships with a comprehensive set of operational and diagnostic tools — no third-party licenses needed.

Cable Verification Tool

Verify physical cable integrity, transceiver health, and fibre path before traffic testing. Detects bad optics, wrong wavelengths, and Rx power issues before they cause intermittent failures.

DOM monitoring · Rx/Tx power thresholds · FEC error rate · Transceiver type check · Pre-deployment cable audit report

$ palc-cable-verify --interface Ethernet0/1 --report

Delay Measurement Tool

Precise end-to-end and hop-by-hop latency measurement across the fabric. Hardware timestamping for microsecond accuracy — critical for RoCEv2 and AI training fabrics.

Hardware TX/RX timestamp · Per-hop RTT · Jitter histogram · TWAMP-compatible · Fabric-wide latency heatmap

$ palc-delay --src Leaf-01 --dst Leaf-08 --probe-count 10000

[]

SONiC Security Tools

Comprehensive security posture validation and hardening suite — audit your NOS against CIS SONiC benchmarks and detect config vulnerabilities before deployment.

AAA audit · ACL coverage check · Open port scan · CoPP policy validator · CVE advisory checker · NOS image signature verify

$ palc-secaudit --scope full --report html

Network Diagnostic Suite

One-command fabric-wide diagnostics: routing table consistency, ARP/MAC sync verification, MLAG health, BGP neighbour states, and STP topology check.

Fabric health score · Routing consistency · MLAG sync diff · BGP state timeline · STP loop detection

$ palc-diag --scope fabric --output json

Telemetry Collector Agent

Lightweight on-device gNMI collector with Grafana/InfluxDB push. Sub-second counters, event streaming, and alert hooks — no external collector needed for small fabrics.

gNMI subscribe · OpenConfig YANG · InfluxDB line protocol · Prometheus exporter · Grafana dashboard templates

$ palc-telemetry --interval 1s --target grafana:8086

Hitless Upgrade Manager

Orchestrate warm-reboot and hitless NOS upgrades across the fabric with dependency ordering, per-device health gates, and automated rollback on failure.

Warm reboot orchestration · Pre/post health checks · Blast-radius control · Auto-rollback · Upgrade audit trail

$ palc-upgrade --image palc-sonic-25.05.1.bin --warm

Live SSH Console

Try real IS-CLI access by
submitting details

This console connects directly to your staging SONiC vSwitch over SSH. Configure the switch IP after deployment and get a full interactive terminal in the browser.