Skip to content

Configuration convertor from PICOS to SONiC

This configuration converter is intended for network administrators with PICOS background. This guide will help network admins to migrate their current PICOS deployment for various Fabric architectures to SONiC. PICOS User guide https://docs.pica8.com/ can be used as a checklist to get started with the migration plan from PICOS to SONiC. Following document provides example configuration commands for comparison.

Switch Management

Operator has to login to PICOS and SONiC switch as super user using “sudo su”

PICOS SONiC
Management IP
# OOB Management IP
# Syntax
set system management-ethernet <mgmt-if> ip-address IPv4 <ip-address> run show system management-ethernet

#Example
set system management-ethernet eth0 ip-address IPv4 192.168.10.5/24

#Inband Management IP
#Syntax
set system inband vlan-interface <vlan-interface-name>
set system inband loopback <ip-address>
set system inband routed-interface <routed-interface-name>

#Example
set system inband vlan-interface VLAN400
set system inband loopback 192.168.10.1
set system inband routed-interface rif-ge3
# OOB Management IP
#Syntax
config interface ip add <mgmt-if> <Ipv4_address> / <Ipv4_subnet> <gateway_ipv4_address>

#Example
config interface ip add eth0 192.168.1.1/24 192.168.1.254

# OOB Management IP with VRF
#Syntax
config VRF add mgmt
config interface ip add mgmt <VRF-NAME> Ipv4_address>/ <Ipv4_subnet> <gateway_IPV4_address>

#Example
config VRF add mgmt
config interface ip add mgmt VRF-1 192.168.1.1/24 192.168.1.254

# Command to verify management ip address configured
show management_interface address
Management IP address = 192.168.1.1/24
Management Network Default Gateway = 192.168.1.254
Switch Reboot
#Command in PICOS to reboot system but it will cause traffic disruption
request system reboot

# Command sets the system log file to save to disk.
set system syslog local-file disk
tail -f /var/log/messages
#Command to perform system reboot which cause some disruption of data traffic -
reboot

#Command defines the cause of reboot of a sonic device
show reboot-cause
show reboot-cause history

#Command enables a switch to reboot up quickly with minimum disruption to the data plane.
fast-reboot

#Warm reboot commands perform in-service NOS upgrade without impacting the data plane traffic
warm-reboot -v
config warm_restart enable/disable
config warm_restart enable

# Command shows configuration of warm restart setting and show whether that service is enabled or disabled
show warm_restart config
show warm_restart state

# Command to view syslogs
tail -f /var/log/syslog
Upgrade NOS
#Command to check the version in PICOS
Version

#Command to upgrade the version in PICOS
upgrade
upgrade [image_name] [factory-default] [backup-file=(*.lst)]
image_name - Image with bin format file(*.bin)
factory-default - Recovery configuration to factory default
backup-file=(*.lst) - Specify a user defined backup list

upgrade backup-file=/admin/back_files.lst onie-installer-picos-4.0.1-x86.bin Sync

# Example
upgrade onie-installer-picos-4.0.1-x86.bin
#Syntax
#Command to check the version in SONiC
Show version

#Command to upgrade the version in SONiC
sonic-installer
sonic-installer install
sonic-installer install [OPTIONS] <image_file_path>
sonic-installer list

# Command to set which image will be used for default boot image after any system reboot
sonic-installer set-default
sonic-installer set-default <image_name>
sonic-installer set-next-boot

# Operator can use following command to remove a saved sonic image in device flash/disk -
sonic-installer remove
sonic-installer remove [y|-yes] <image_name>
Configuration Save
# Command to save the configuration on PICOS
save myconfig.conf

# CLI to delete and re-add a new save config -
load override myconfig.conf

# Merge a new config on top of existing running configuration –
load merge myconfig.conf
# Command to save the configuration on SONiC
config save -y

# Command to delete and re-add a new save config -
config reload <config_db.json/SONiCYang>

# Command to load the configuration from json.db
config load <config json file>

# Replace a new configuration on top of existing running configuration -
config replace <config_db.json/SONiCYang>
Platform Information
#Platform show commands
#syntax
run show system serial-number
run show system rpsu
run show system serial-number
run show system temperature
run show system uptime
run show system connections
run show system core-dumps
run show system cpu-usage
run show system rpsu
run show system date
run show system fan
run show system memory-usage
run show system name
run show system temperature
run show system users
#Command to verify platform details in SONiC
#Syntax
show system Status
show clock
show boot
show environment
show system status
show reboot-cause
show uptime
show logging
show users
show platform fan
show platform firmware status
show platform firmware version
show platform pcieinfo
show platform psustatus
show platform ssdhealth
show platform summary
show platform syseeprom
show platform temperature
show interfaces transceiver

Management Services

PICOS SONiC
SYSLOG
#Syslog commands in PICOS
#Syntax
set system log-level info
syslog monitor on
set protocols OSPF traceoptions packet all detail
set system log-level trace
commit
syslog monitor on
#Syslog commands in SONiC
#Syntax
config syslog add
config syslog delete

#Command to add or delete a specific syslog server IP
config syslog add <ipv4-address> --source <source_ipv4_address></config>
config syslog del <ipv4-address>

#View syslog for a particular protocol in SONIC -
show logging
show logging <any_protocol>

# Command to show syslog server IP and port configuration
show syslog

#Location of syslog configuration file -
Configuration file for syslog available at: /etc/rsyslog.conf

#Example Configuration
config syslog add 1.1.1.1 --source 192.168.8.231
config syslog del 1.1.1.1

# Command to view syslog file location
Path: /var/log/syslog*
ZTP
# Configuration to enable and disable Zero Touch Provisioning
# Syntax

ztp-config
Please configure the default PicOS ZTP options:
(Press other key if no change)
[1] PicOS ZTP enabled * default
[2] PicOS ZTP disabled
Enter your choice (1,2):2
PicOS ZTP is disabled.
admin@LEAF-A$

# Alternative Method is to edit the PICOS configuration file picos_start.conf and change the value of the ztp_disable variable.

admin@LEAF-A$more /etc/picos/picos_start.conf | grep ztp ztp_disable=true
# To enable ZTP, the user needs to set ztp_disable to false.
#Configuration
#Syntax

#Enable the ZTP services
admin@sonic:~$ config ztp enable

# Running the ZTP Services
admin@sonic:~$ config ztp run -y

#Check the ZTP Status admin@sonic:~$ show ztp status

#Check the /etc/sonic , user will be able to see config_db.json
admin@sonic:~$ ls /etc/sonic/ | grep config_db.json
Config_db.json

# Server where ZTP server is hosted , operator can edit in a customized way various parameters like URL , source path location , destination path location during ZTP automated discovery process.
#Using ZTP to download the config_db.json and the new SONiC version.
#Example
Example for ztp.json.

{
"ztp": {
 "01-configdb-json": {
    "url": {
      "source": "tftp://188.188.36.36/7326_56X_config_db.json",
        "destination": "/etc/sonic/config_db.json"
     }
    },
   "02-firmware": {
      "install": {
        "url": "http://188.188.36.36:8000/sonic-broadcom.bin",
         "skip-reboot": true
         }
      } 
   }
}
SNMP
# Add SNMP Community and Agent Address
ovs-vsctl set-snmp-enable true
ovs-vsctl show-snmp
snmp is enabled
ovs-vsctl set-snmp-community-name pica8
ovs-vsctl set-snmp-community-name

#Syntax
# Add SNMP traps and SNMP server target address -

ovs-vsctl show-snmp-trap-targets
ovs-vsctl set-snmp-trap-targets <Server_IP_Address>
ovs-vsctl set-snmp-trap-targets
# SONiC - Add SNMP Community and Agent Address
#syntax
config snmp community add <snmp_community_name> <Mode_Readonly or read Write>

#Example
config snmp community add testcomm ro

# Command to add SNMP Agent IP address
config snmpagent add <Agent_IPV4_Address> -v <VRF-NAME>

# Command to add SNMP user
#Syntax
config snmp user add <user> (noAuthNoPriv | AuthNoPriv | Priv) (RO | RW) [[(MD5 | SHA | MMAC-SHA-2) <auth_password>] [(DES |AES) <encrypt_password>]]

#Example
config snmp user add testuser3 priv rw md5 testuser3_auth_pass aes testuser3_encrypt_pass

# Add SNMP traps and SNMP server target address -
config snmptrap modify 2 <Server_IP_Address>
show snmptrap
show snmp agentaddress
show running configuration snmp
AAA/Radius
# Configure Radius Server IP and Port
set system aaa radius authorization disable <true | false>
set system aaa radius authorization server-ip <ipv4_address>
set system aaa radius authorization server-ip <:ipv4_address> port <integer>
set system aaa radius source-interface <interface-name>

# Show-
show system aaa radius

Enable RADIUS accounting -
set system aaa radius accounting disable <true | false>
set system aaa radius accounting server-ip
# SONiC - Configure Radius Server IP and Port
#Syntax
config aaa authentication login {radius | tacacs+ | local} [radius | tacacs+ | local].
config radius add <Radius_server_ip>

#Show Radius commands-
show aaa
show radius

#Command for aaa authentication options
#Syntax
aaa authentication login tacacs+

# If one AAA server fails , go to backup AAA server for authentication
aaa authentication failthrough <enable/disable/default>
aaa authentication fallback <enable/disable/default>

# AAA accounting enable commands in SONiC
#Syntax
config aaa accounting local
config aaa accounting tacacs+

# Command to add aaa accounting server IP and bind it to a data interface
config radius add <accounting_server_ip>
config radius add <accounting_server_ip> --s <source_interface>
sFlOW
#sflow commands
ovs-vsctl --id=@s create sFlow agent=eth0 target="10.10.50.207:9901" header=128 sampling=5000 polling=30 -- set Bridge br0 sflow=@s
ovs-vsctl list sflow
ovs-vsctl -- clear Bridge br0 sflow
# Command to add sflow collector
config sflow collector add <collector_name1> <sflow_collector_ipv4> <port_number>
config sflow collector add <collector_name2> <sflow_collector_ipv6> <port_number>

# Command to delete sflow collector
config sflow collector del <collector-name1>
config sflow collector del <collector-name2>

# Command to add and delete sflow agent
config sflow agent-id add
config sflow agent-id del

# Command to bind sflow agent to an interface
config sflow agent-id add <Ethernet_interface_number>
config sflow agent-id add <loop_interface_number>

# Command Enable / Disable sflow -
config sflow enable
config sflow disable
config sflow interface
config sflow interface <enable/disable>
config sflow interface enable <Ethernet_interface>

# Configure sflow sample rate , interval
config sflow interface sample-rate <interface_name> <sample_rate>
config sflow polling-interval

# Command to show sflow configuration -
show sflow
show sflow interface
NTP
# Configuring the NTP Server IP Address
set system ntp server-ip <NTP_SERVER_IP>

# Configuring NTP Source Interface set system ntp source-interface <VLAN-INTERFACE-NUMBER>

#Configuring Time Zone
set system timezone <TIME_ZONE>

#Configuring System Clock
set date YYYY:MM:DD -TT
# Command to configure NTP Server IP
#Syntax
config ntp add <NTP_SERVER_IP>

# Example
config ntp add 10.101.118.10

# Command to delete a configure NTP Server IP
config ntp del <ip_address>

#restart NTP-config daemon after applying NTP server config through config_db.json
systemctl restart ntp-config

# Command to list system timezone.
timedatectl list-timezones

#Command to modify the time zone
timedatectl set-timezone <TIME_ZONE>

#Command to show the NTP server information
show ntp

Port Mirroring

PICOS SONiC
#Configuring port as port mirroring
#Syntax

set interface ethernet-switching-options analyzer 111 output ge-<x/y/z>

# Configure Monitor the flows of ingress port
set interface ethernet-switching-options analyzer <number> input ingress ge-x/y/z

# Configure Monitor the Flows of Egress Port
set interface ethernet-switching-options analyzer <number> input egress ge-<x/yz>

#Configuring Mirroring on Egress or Ingress Port
set interface ethernet-switching-options analyzer <number> input ingress ge-<x/y/z>
set interface ethernet-switching-options analyzer input egress ge-
#Create a mirror session
#Syntax
config mirror_session add ts1_everflow <Source_Ip_address>
<destination_Ip_Address> <dscp_number> <queue_number>

# Command to create ACL table
config acl add table ACL_Mirror MIRROR --description 'mirror' --stage ingress --ports Ethernet0

# Command an ACL JSON file and load it to the configuration database for everflow.
cat acl.json
{
    "ACL_RULE": {
        "ACL_Mirror|ACE_Mirror": {
            "PRIORITY": "55",
            "IP_TYPE": "ipv4any",
            "MIRROR_ACTION": "ts1_everflow"
        }
    }
}
# Command to load the acl.json with new config related to ACL applied config load acl.json -y

#Command to verify the mirror status
show mirror_session

# Command to create a mirror session for SPAN
#Syntax
config mirror_session span add <session_name> <Destination_interface_Analyzer> <Source_intertface_switch>

# Command to create a mirror session for Remote SPAN
config mirror_session erspan add <session_name> <src_ip> <dst_ip> <dscp> <ttl> [gre_type] [queue] [src_port] [direction]

#Command to create a mirror session and ACL table
config mirror_session span add <session_name> <Destination_port> <Source_port> <Direction>

# Example
config acl add table Test MIRROR -p Ethernet8 -s ingress

#Command to verify the mirror table
show mirror_session

# Create ACL JSON file and load it to the configuration database for Mirror
cat acl.json
{
"ACL_RULE": {
        "Test|Forward": {
                "PRIORITY": "2",
                "MIRROR_ACTION": "test",
                "VLAN_ID": "20"
                }
        }
}
# Command to load the json file with ACL config applied
config load acl.json -y
config save -y

#Command to check the status of ACL table and mirror session
show mirror_session
show acl table

Layer 2 Switching

Interface and port VLAN

interface and port vlan

PICOS SONiC
Port, VLAN
#Configure Access and Trunk Mode over interfaces
set interface gigabit-ethernet <ethernet_interface> family ethernet-switching port-mode access
set interface gigabit-ethernet <ethernet_interface> family ethernet-switching port-mode trunk

# Create VLANs
set vlans vlan-id <vlan_value>
run show vlans

# Add VLAN members to ethernet ports for tagged packet
set interface gigabit-ethernet <ethernet_interface> family ethernet-switching vlan members <vlan_member1>

set interface gigabit-ethernet <ethernet_interface> family ethernet-switching vlan members <vlan_member2>

# Add VLAN members to ethernet ports for untagged packet
set interface gigabit-ethernet <ethernet_interface> family ethernet-switching vlan members <member1> untagged

set interface gigabit-ethernet <ethernet_interface> family ethernet-switching vlan members <member2> untagged
#Configure Access and Trunk Mode over interfaces
config interface speed Ethernet<interface> <speed>
config interface advertised-speeds Ethernet<interface> <speed>

#Command to set Auto Negotiation for an ethernet interface
config interface autoneg Ethernet<interface> enable

#Command to show status of Auto Negotiation for an ethernet interface
show interface autoneg status Ethernet0

#Command to show operational status of interface
show interface status

#Example command to configure 4x10GE breakout for a 40GE port
config interface breakout Ethernet1 '4x10G'

#Command to show interface breakout options
show interface breakout

#Command to configure FEC mode of an ethernet interface
config interface fec Etherne<interface> <FEC_MODE>

# Create VLANs
config vlan add <vlan_value1>
config vlan add <vlan_value2>

# show vlan configuration
show vlan config

#Add Interface to vlan in Tagged (Trunk) mode:
config vlan member add <vlan_value1> Ethernet<interface1>
config vlan member add <vlan_value2> Ethernet<interface2>

#Add Interface to vlan in untagged (access) mode:
config vlan member add -u <vlan_value1> Ethernet<interface1>
config vlan member add -u <vlan_value2> Ethernet<interface2>

#Command to show vlan information
show vlan brief
LAG
#Command to create static LAG in an aggregated interface ae1
#Syntax
ovs-vsctl add-port br0 ae1 vlan_mode=trunk tag=1 -- set Interface ae1 type=pica8_lag
ovs-vsctl -- set Interface ae1 options:lag_type=static
ovs-vsctl -- set Interface ae1 options:members=ge-x/x/x , ge-x/x/x

#Command to create dynamic LACP in an aggregated interface ae1
set interface aggregate-ethernet ae1 aggregated-ether-options lacp enable true
set interface aggregate-ethernet ae1 aggregated-ether-options min-selected-port <number_of_ports>
set interface gigabit-ethernet ge-x/x/x ether-options 802.3ad ae1
set interface gigabit-ethernet ge-x/x/x ether-options 802.3ad ae1
set interface gigabit-ethernet gge-x/x/x ether-options 802.3ad ae1
set interface gigabit-ethernet ge-x/x/x ether-options 802.3ad ae1
Commit

#Command to display LACP LAG information
run show interface aggregate-ethernet ae1

#Configure one LAG ae1 with three memberports.
set interface gigabit-ethernet ge-x/y/z ether-options 802.3ad ae1
set interface gigabit-ethernet ge-x/y/z ether-options 802.3ad ae1
set interface gigabit-ethernet ge-x/y/z ether-options 802.3ad ae1
#Create port channel
#syntax
config portchannel add PortChannel<Channel1>

#Add members to port channel
config portchannel add PortChannel<Channel1> Ethernet<interface>

# Command to verify port channel interface
show interface portchannel

# Command to show vlan status
show vlan brief

# Command to show ip interface status
show ip interfaces
show interfaces status
#Command to create a PortChannel interface and set the specific LACP key.
config portchannel add PortChannel<Channel1> --lacp-key <Key-number>
config portchannel member add PortChannel<Channel1>
Ethernet<interface>

#Command to create a PortChannel interface in fast rate mode
config portchannel add PortChannel<number> --fast-rate true

#Command to create a PortChannel interface in static mode
config portchannel add PortChannel<interface> --static true

#Command to add member ports to PortChannel interface
config portchannel member add PortChannel<number> Ethernet<interface1>
config portchannel member add PortChannel<number> Ethernet<interface2>

# Save the setting to config_db.json
config save -y

#Add member ports to PortChannel interface
config portchannel member add PortChannel<interface> Ethernet<interface1>
config portchannel member add PortChannel<interface> Etherne<interface2>

# Command to show interface portchannel
show interfaces portchannel
PICOS SONiC
FDB/MAC
# Command for MAC Learning Configurations-
set interface ethernet-switching-options mac-table-aging-time <timer>

#Command to show MAC entries learned
run show ethernet-switching table
#Display the MAC (FDB) entries
show mac

#Display the MACs learned on the particular VLAN ID
show mac -v <vlan_value>

#Display the MACs learned on the particular port
show mac -p Ethernet<interface>

#Clear the MAC (FBD) table
sonic-clear FDB all

#Check MAC aging time
show mac aging-time

This is a pair of links that terminates on two cooperating switches and appears as an ordinary link aggregation group (LAG).

Layer 2 Multi Chassis LAG

Layer 2

PICOS SONiC
PortChannel(LACP) and Member
# Enable LACP
set interface aggregate-ethernet <lag-if-name>
aggregated-ether-options lacp enable true

# Add members
set interface gigabit-ethernet <port-id> ether-options 802.3ad ae1
#Add Port Channel
config port channel add <PCH ID>

#Add Members
config port channel member add <PCH-ID> <member-port>
MC-LAG
#MCLAG Domain
set protocols mlag domain
set protocols mlag domain node <0 | 1>

#MCLAG PEER
set protocols mlag domain <domain-id> interface <lag-interface> link <link-id>
set protocols mlag domain <domain-id> peer-ip <peer-ipv4-address> peer-link <peer-interface-name>
set protocols mlag domain <domain-id> peer-ip <peer-ipv4-address> peer-vlan <vlan-id>

#MCLAG Members
set interface gigabit-ethernet ether-options 802.3ad

#MCLAG Show
run show mlag link {| summary}
#MCLAG Domain & Peer Configuration
config interface ip add <VLAN ID> <SVI-IP>
config mclag add <mclag-id> <local-ip> <remote-ip> <peer-pch>
config mclag unique-ip add <peer-vlan>

#MCLAG Members
config mclag member add <mclag-id> <member-pch>

#MCLAG Show
show mclag brief
Show mac
VLAN
#VLAN Configuration
set vlans vlan-id
set interface aggregate-ethernet <lag-if> family ethernet-switching port-mode trunk
set interface aggregate-ethernet <lag-if> family ethernet-switching vlan members <vid>
#VLAN Configuration
config vlan add <id>
config vlan member add <vid> <pch-id>

Creating port channel on the MCLAG pair switches running SONiC

config portchannel add PortChannel01
config portchannel add PortChannel02
config portchannel add PortChannel03
config portchannel member add PortChannel01 Ethernet0
config portchannel member add PortChannel02 Ethernet1
config portchannel member add PortChannel03 Ethernet56
config portchannel member add PortChannel03 Ethernet60

Creating VLAN interface on MC LAG pair switches running SONiC

config vlan add 10
config vlan add 100
config vlan member add 10 PortChannel03
config vlan member add -u 100 PortChannel01
config vlan member add 100 PortChannel02
config vlan member add 100 PortChannel03

Configure MCLAG pair switches with domain ID and child member links

config mclag add 1 192.168.10.1 192.168.10.2 PortChannel03
config mclag unique-ip add Vlan10
config mclag member add 1 PortChannel01
config mclag member add 1 PortChannel02

SONiC configuration for MC LAG peer health check

config interface ip add Vlan10 192.168.10.1/24
config interface ip add Vlan10 192.168.10.2/24

SONiC Command to Display MC LAG operationalstatus

show mclag brief

SONiC command to show MAC address learned for host traffic through member link interfaces

show mac
No.    Vlan  MacAddress         Port           Type
-----  ------  -----------------  -------------  -------
    1      10  68:21:5F:29:C0:D2  PortChannel03  Static
    2     100  B8:6A:97:19:BA:12  PortChannel01  Dynamic
    3     100  80:A2:35:5A:22:50  PortChannel02  Dynamic
Total number of entries 3

Layer 3 Multi Chassis LAG

Layre3

Command to create PortChannel on MC LAG Pair switches

config portchannel add PortChannel01
config portchannel add PortChannel02
config portchannel add PortChannel03
config portchannel member add PortChannel01 Ethernet0
config portchannel member add PortChannel02 Ethernet1
config portchannel member add PortChannel03 Ethernet56
config portchannel member add PortChannel03 Ethernet60


Commands to Create Port Channel IPs on MC LAG pair switches

config interface ip add PortChannel01 192.168.11.1/24
config interface ip add PortChannel02 192.168.12.1/24
config interface ip add PortChannel03 192.168.10.1/24

config interface ip add PortChannel01 192.168.11.1/24
config interface ip add PortChannel02 192.168.12.1/24
config interface ip add PortChannel03 192.168.10.2/24


Command to configure MCLAG on MC LAG pair switches (Domain ID, VLANs and MLAG members)

config mclag add 1 192.168.10.2 192.168.10.1
config mclag member add 1 PortChannel01
config mclag member add 1 PortChannel02

config mclag add 1 192.168.10.1 192.168.10.2
config mclag member add 1 PortChannel01
config mclag member add 1 PortChannel02


SONiC command to Configure IP for MCLAG Peer health check on MC LAG peers

config interface ip add Vlan10 192.168.10.1/24
config interface ip add Vlan10 192.168.10.2/24


Command to show MCLAG Status MC1 switch configuration -

show interfaces portchannel
Flags: A - active, I - inactive, Up - up, Dw - Down, N/A - not available,
       S - selected, D - deselected, * - not synced
  No.  Team Dev       Protocol     Ports                          Oper Key  Admin Key    Fast Rate
-----  -------------  -----------  ---------------------------  ----------  -----------  -----------
  01  PortChannel01  LACP(A)(Up)  Ethernet0(S)                       101  auto         false
  02  PortChannel02  LACP(A)(Up)  Ethernet1(S)                       102  auto         false
  03  PortChannel03  LACP(A)(Up)  Ethernet60(S) Ethernet56(S)        103  auto         false

show mclag brief  
       Domain ID                    : 1
        Role                         : Active
        Session Status               : Up
       Peer Link Status             :
        Source Address               : 192.168.10.1
        Peer Address                 : 192.168.10.2
        Peer Link                    :
       Keepalive Interval           : 1 secs
        Session Timeout              : 15 secs
        System MAC                   : 00:a0:c9:00:00:00
       Number of MCLAG Interfaces   : 2
        MCLAG Interface              Local/Remote Status
        PortChannel01                Up/Up
        PortChannel02                Up/Up

MC2 switch configuration -

admin@sonic:~$ show interfaces portchannel
Flags: A - active, I - inactive, Up - up, Dw - Down, N/A - not available,
       S - selected, D - deselected, * - not synced
  No.  Team Dev       Protocol     Ports                          Oper Key  Admin Key    Fast Rate
-----  -------------  -----------  ---------------------------  ----------  -----------  -----------
  01  PortChannel01  LACP(A)(Up)  Ethernet0(S)                       101  auto         false
  02  PortChannel02  LACP(A)(Up)  Ethernet1(S)                       102  auto         false
  03  PortChannel03  LACP(A)(Up)  Ethernet60(S) Ethernet56(S)        103  auto         false
admin@sonic:~$ show mclag brief  
       Domain ID                    : 1
        Role                         : Standby
        Session Status               : Up
        Peer Link Status             :
        Source Address               : 192.168.10.2
        Peer Address                 : 192.168.10.1
        Peer Link                    :
        Keepalive Interval           : 1 secs
        Session Timeout              : 15 secs
        System MAC                   : 00:a0:c9:00:00:00
        Number of MCLAG Interfaces   : 2
        MCLAG Interface              Local/Remote Status
        PortChannel01                Up/Up
        PortChannel02                Up/Up

SONiC Command to verify ARP synchronization

mclagdctl dump arp -i 1
No.   IP                  MAC                 DEV                 Flag
1     192.168.12.2        80:a2:35:5a:22:50   PortChannel02       R
2     192.168.11.2        b8:6a:97:19:ba:12   PortChannel01       L

LLDP is a standard link-layer discovery protocol which can broadcast its capability, IP address, ID, and interface name as TLVs (Type/Length/Value) in LLDP PDUs (Link Layer Discovery Protocol Data Units).

Link-Layer-Discovery-protocol


PICOS SONiC
#Command to validate the LLDP status
show protocols lldp

#Command to Enable LLDP service:
set protocols lldp enable true

#Command to Configure LLDP information
set protocols lldp interface <interface_name> working-mode tx_rx
set protocols lldp tlv-select mac-phy-cfg true
set protocols lldp tlv-select management-address true
set protocols lldp tlv-select port-description true
set protocols lldp tlv-select system-capabilities true
#Command to Enable / Disable LLDP globally
config feature state lldp enabled
config feature state lldp disabled
#Command to Configure LLDP information
config lldp global hello_timer <timer_value>
config lldp global management_ip <switch_mgmt_ip>
config lldp global system_description AS5835-Leaf1
config lldp global system_name<LEAF1>

#Command to validate the LLDP status
show feature status lldp
show lldp table
show lldp neighbors
show lldp global

#Command to enable/disable LLDP over local interfaces
docker exec -i lldp lldpcli
configure ports Ethernet<interface> lldp status disable
configure ports Ethernet<interface> lldp status enable

Layer 3 Routing

Routed Interface

PICOS SONiC
# Configuring Routed Interface
# Enable Ethernet port as a layer 3 routed interface.
set interface gigabit-ethernet <interface-name> routed-interface enable <true | false>
set interface gigabit-ethernet <interface-name> routed-interface name <string>

# Command to bring up the parent routed interface.
set l3-interface routed-interface <interface-name>

# Enable IP routing to perform layer 3 forwarding.
set ip routing enable true

# Configuring Sub-interface
set vlans vlan-id <vlan-id>
set interface gigabit-ethernet <interface-name> routed-interface sub-interface <sub-interface-name> vlan-id <vlan-id>
set l3-interface routed-interface <interface-name> address <ip-address> prefix-length <prefix-number>

# Checking the Configuration
run show interface routed-interface brief
run show l3-interface routed-interface <interface-name>
#Command to add a Layer3 Interface address on physical interface -
# Configure physical interface IP
config interface ip add Ethernet<Number1> <IP_ADDRESS>
config interface ip add <vlan_number> <IP_ADDRESS>

#Example
config interface ip add Loopback<Number> 10.0.2.1/32
config interface ip add Ethernet0 172.16.10.1/31
config interface ip add Vlan100 18.0.0.1/24

# Command to create a sub-interface config interface ip add Ethernet<interace_number>.<vlan-id> <IP_ADDRESS>

#Example
config interface ip add Ethernet0.10 192.168.10.2/24

# Validate sub-interface operational status
show subinterfaces status

SVI & DHCP Relay:

PICOS SONiC
SVI
# Create VLAN IDs
#Syntax
set vlans vlan-id <vlan1>
set vlans vlan-id <vlan2>

# Create an interface binded to Layer3 VLAN
set interface gigabit-ethernet ge-x/y/z family ethernet-switching native-vlan-id <vlan1>
set interface gigabit-ethernet ge-x/y/z family ethernet-switching native-vlan-id <vlan2>

# Create Layer 3 VLAN IDs
#Syntax
set vlans vlan-id<vlan1> l3-interface vlan-<number1>
set vlans vlan-id l3-interface vlan-<number2>
set vlan-interface interface vlan-<number1> vif vlan-<number1> address <ip_address1> prefix-length <subnet>
set vlan-interface interface vlan-<number1> vif vlan-<number1> address <ip_address2>1 prefix-length <subnet>

# Verify Layer3 interface
run show vlan-interface

#Verify Ip routes
run show ip routes
# Create VLANs
config vlan add <vlan_value1>
config vlan add <vlan_value2>

# show vlan configuration
show vlan config

#Add Interface to vlan in Tagged (Trunk) mode: config vlan member add <vlan_value1> Ethernet<interface1>
config vlan member add <vlan_value2> Ethernet<interface2>

# Inter-VLAN routing
# Configure IP addresses on VLAN1 and VLAN2 # Syntax
config interface ip add Vlan<number1> <IP_ADDRESS1>
config interface ip add Vlan<number2> <IP_ADDRESS2>

# Example
config interface ip add Vlan1 192.168.1.2/24
config interface ip add Vlan2 192.168.2.1/24

# Validate Ip Interface
show ip interface

# Verify the Subinterface and VLAN status
show vlan brief
DHCP Relay
# DHCP Relay Command
#Enable IP routing function when using DHCP relay.

set ip routing enable <true | false>

# Enable the DHCP relay function on the L3 VLAN interface connected to the client.
set protocols dhcp relay interface <vlan-interface-name> disable <true | false>

# Configure the IP address of the DHCP server.
set protocols dhcp relay interface<vlan-interface-name> dhcp-server-address <ipv4-address>

# Configure the IP address of the DHCP relay agent.
set protocols dhcp relay interface <vlan-interface-name> relay-agent-address <agent-ipv4-address>
# SONiC Command to enable DHCP relay
config feature state dhcp_relay enabled

# Enable DHCP relay on Vlan number
config vlan dhcp_relay add <vlan_number> <IP_ADDRESS>

#Enable DHCP relay on Loopback interface
config vlan dhcp_relay src_intf add <vlan_number> Loopback0

#Example
config vlan dhcp_relay add 10 192.168.20.100
config vlan dhcp_relay src_intf add 10 Loopback0

BGP Routing

BGP-Routing



PICOS SONiC
BGP Routing
#Command to configure BGP routing -
set protocols bgp router-id <System_loopback_IP>
set protocols bgp local-as <LOCAL_AS_NUMBER>
set protocols bgp local-as <LOCAL_AS_NUMBER>
set protocols bgp neighbor <Neighbor_IP> remote-as <REMOTE_AS_NUMBER>
set protocols bgp local-as <LOCAL_AS_NUMBER>
set protocols bgp neighbor <Neighbor_IP> remote-as <REMOTE_AS_NUMBER>
set protocols bgp peer-group <LEAF_NAME>
set protocols bgp neighbor <LEAF_NAME>
remote-as external
set protocols bgp neighbor <Neighbor_IP> peer-group <LEAF_NAME>
set protocols bgp neighbor <Neighbor_IP> peer-group <LEAF_NAME>
Commit

#Example BGP routing configuration
set protocols bgp router-id 1.1.1.1
set protocols bgp local-as 100
set protocols bgp local-as 100
set protocols bgp neighbor 192.168.49.1 remote-as 200
set protocols bgp local-as 100
set protocols bgp neighbor 192.168.49.1 remote-as 100
set protocols bgp peer-group Leaf1
set protocols bgp neighbor leaf1 remote-as external
set protocols bgp neighbor 10.10.0.1 peer-group Leaf1
set protocols bgp neighbor 10.10.0.12 peer-group Leaf1
commit

#Command to show BGP routes summary
run show bgp route <ip>
#vtysh sonic command to configure BGP routing -
router bgp <ASN_NUMBER>
bgp router-id <System_loopback_IP>
no bgp ebgp-requires-policy
bgp bestpath as-path multipath-relax
neighbor FABRIC peer-group
neighbor FABRIC capability extended-nexthop
neighbor <Neighbor_IP> remote-as <REMOTE_ASN_NUMBER>
neighbor <Neighbor_IP> peer-group FABRIC

#Example BGP routing configuration
router bgp 65001
bgp router-id 10.0.2.1
no bgp ebgp-requires-policy
bgp bestpath as-path multipath-relax
neighbor FABRIC peer-group
neighbor FABRIC capability extended-nexthop
neighbor 172.16.10.0 remote-as 2001
neighbor 172.16.10.0 peer-group FABRIC
neighbor 172.16.10.8 remote-as 2002
neighbor 172.16.10.8 peer-group FABRIC
neighbor 192.168.3.1 remote-as 2003
neighbor 192.168.3.1 peer-group FABRIC

#Command to show BGP routes summary
show ip bgp summary
show ip bgp neighbors
show ip bgp network

show ipv6 bgp summary
show ipv6 bgp neighbors
show ipv6 bgp network

OSPF Routing

OSPF Routing

PICOS SONiC
OSPF Routing
#Configure OSPF routing
set protocols ospf router-id <Router_ID>
set protocols ospf area <area-id> area-type
set protocols ospf area <Aread_ID>
set protocols ospf area <Aread_ID> area-type stub
set protocols ospf area <Aread_ID> area-type nssa
set protocol ospf interface <vlan-interface> area {<ipv4>|<0-4294967295>}
set vlans vlan-id <vlan-id> l3-interface "vlan-number"
set interface gigabit-ethernet ge-x/y/z family ethernet-switching native-vlan-id <vlan-id>
set interface gigabit-ethernet ge-x/y/z family ethernet-switching native-vlan-id <vlan-id>

set l3-interface vlan-interface vlan<number> address <IPV4_Address> prefix-length <Subnet>
set l3-interface vlan-interface vlan<number> address <IPV4_Address> prefix-length <Subnet>
set protocols ospf interface vlan-<number> area <aread_id>



# Example Configuration - OSPF Routing
set protocols ospf router-id 1.1.1.1
set protocols ospf area <area-id> area-type
set protocols ospf area 0.0.0.0
set protocols ospf area 1.1.1.1 area-type stub
set protocols ospf area 2.2.2.2 area-type nssa
set protocol ospf interface <vlan-interface> area {<ipv4>|<0-4294967295>}

set vlans vlan-id 20 l3-interface "vlan-20"
set vlans vlan-id 30 l3-interface "vlan-30"
set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 20

set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 30

set l3-interface vlan-interface vlan20 address 10.10.70.10 prefix-length 24
set l3-interface vlan-interface vlan30 address 10.10.71.10 prefix-length 24

set protocols ospf interface vlan-20 area 0.0.0.0
set protocols ospf interface vlan-30 area 0.0.0.0
#Configure OSPF routing
#Syntax
router ospf
ospf router-id <router-id>
network <Network_address> area <Area_number>
network <Network_address1> area <Area_number1>
network <Network_address2> area <Area_number2>

#Command to set OSPF time intervals
interface Ethernet<interface>
ip ospf hello-interval <hello-interval-time-secs>
ip ospf dead-interval <dead-interval-time-secs>
router ospf
area <aread_number> authentication
# Command to set OSPF authentication key
interface Ethernet<interface>
ip ospf authentication
ip ospf authentication-key <key>

# Command to set OSPF MD5 Authentication
router ospf
area 0 authentication message-digest
interface Ethernet<interface>
ip ospf message-digest-key <key> md5 <key>

# Command to configure OSPF Virtual links
router ospf
area <area_number> virtual-link <System_loopback>

# Command to verify OSPF ip routes learned
show ip route

# Configuration OSPF Routing
# Example
router ospf
ospf router-id 1.1.1.1
network 10.0.0.0/31 area 0
network 192.168.10.0/24 area 0
network 192.168.20.0/24 area 0
network 192.168.30.0/24 area 0

#Enable OSPF hello timers under interface
#Example
interface Ethernet56
ip ospf hello-interval 20
ip ospf dead-interval 20

# Enable OSPF Authentication globally
#Example
router ospf
area 0 authentication

# Enable OSPF Authentication over interface
#Example
interface Ethernet56
ip ospf authentication
ip ospf authentication-key 123

#Enable OSPF MD5 Key
#Example
router ospf
area 0 authentication message-digest
interface Ethernet56
ip ospf message-digest-key 1 md5 123

#Verify Ip routing Table
#Example
show ip route

#Configure OSPF virtual links
#Example

router ospf
area 1 virtual-link 3.3.3.3
router ospf
area 1 virtual-link 2.2.2.2

OSPF



AS7326-56X-OS1 Configuration VLAN and IP Configuration

config interface ip add Loopback0 1.1.1.1/32
config vlan member add 10 Ethernet0
config vlan member add 20 Ethernet0
config vlan member add 30 Ethernet0
config interface ip add Ethernet0.10 192.168.10.1/24
config interface ip add Ethernet0.20 192.168.20.1/24
config interface ip add Ethernet0.30 192.168.30.1/24
config interface ip add Ethernet56 10.0.0.0/31

OSPF Configuration

admin@sonic:~$ vtysh
sonic(config)# router ospf
sonic(config-router)# network 10.0.0.0/31 area 0
sonic(config-router)# network 192.168.10.0/24 area 0
sonic(config-router)# network 192.168.20.0/24 area 0
sonic(config-router)# network 192.168.30.0/24 area 0

OSPF Routing Verification Command

sonic# show ip ospf neighbor
Neighbor ID     Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
192.168.25.1      1 Full/DR           31.440s 10.0.0.1        Ethernet56:10.0.0.0      0     0     0

sonic# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route
K>* 0.0.0.0/0 [0/202] via 188.188.1.1, eth0, 00:07:45
C>* 1.1.1.1/32 is directly connected, Loopback0, 00:07:25
O   10.0.0.0/31 [110/10] is directly connected, Ethernet56, 00:06:42
C>* 10.0.0.0/31 is directly connected, Ethernet56, 00:07:25
C>* 188.188.0.0/16 is directly connected, eth0, 00:07:46
O>* 192.168.5.0/24 [110/20] via 10.0.0.1, Ethernet56, 00:06:32
O   192.168.10.0/24 [110/10] is directly connected, Vlan10, 00:04:54
C>* 192.168.10.0/24 is directly connected, Vlan10, 00:07:24
O>* 192.168.15.0/24 [110/20] via 10.0.0.1, Ethernet56, 00:06:32
O   192.168.20.0/24 [110/10] is directly connected, Vlan20, 00:04:50
C>* 192.168.20.0/24 is directly connected, Vlan20, 00:07:24
O>* 192.168.25.0/24 [110/20] via 10.0.0.1, Ethernet56, 00:06:32
O   192.168.30.0/24 [110/10] is directly connected, Vlan30, 00:04:47
C>* 192.168.30.0/24 is directly connected, Vlan30, 00:07:24

AS7326-56X-OS2 Configuration VLAN and IP Configuration

config interface ip add Loopback0 2.2.2.2/32
config vlan member add 5 Ethernet0
config vlan member add 15 Ethernet0
config vlan member add 25 Ethernet0
config interface ip add Ethernet0.5 192.168.51/24
config interface ip add Ethernet0.15 192.168.15.1/24
config interface ip add Ethernet0.25 192.168.25.1/24
config interface ip add Ethernet56 10.0.0.1/31

OSPF Configuration

admin@sonic:~$ vtysh
sonic(config)# router ospf
sonic(config-router)# network 10.0.0.0/31 area 0
sonic(config-router)# network 192.168.5.0/24 area 0
sonic(config-router)# network 192.168.15.0/24 area 0
sonic(config-router)# network 192.168.25.0/24 area 0

OSPF Routing Verification Command OS2:

sonic# show ip ospf neighbor
Neighbor ID     Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
188.188.98.39     1 Full/Backup       33.721s 10.0.0.0        Ethernet56:10.0.0.1      0     0     0

sonic# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route
K>* 0.0.0.0/0 [0/202] via 188.188.1.1, eth0, 02:15:38
C>* 2.2.2.2/32 is directly connected, Loopback0, 02:15:18
O   10.0.0.0/31 [110/10] is directly connected, Ethernet56, 00:08:47
C>* 10.0.0.0/31 is directly connected, Ethernet56, 00:08:47
C>* 188.188.0.0/16 is directly connected, eth0, 02:15:39
O   192.168.5.0/24 [110/10] is directly connected, Vlan5, 00:35:34
C>* 192.168.5.0/24 is directly connected, Vlan5, 00:35:34
O>* 192.168.10.0/24 [110/20] via 10.0.0.0, Ethernet56, 00:06:14
O   192.168.15.0/24 [110/10] is directly connected, Vlan15, 00:35:34
C>* 192.168.15.0/24 is directly connected, Vlan15, 00:35:34
O>* 192.168.20.0/24 [110/20] via 10.0.0.0, Ethernet56, 00:06:10
O   192.168.25.0/24 [110/10] is directly connected, Vlan25, 00:35:34
C>* 192.168.25.0/24 is directly connected, Vlan25, 00:35:34
O>* 192.168.30.0/24 [110/20] via 10.0.0.0, Ethernet56, 00:06:07

VRF Routing

PICOS SONiC
# Command to configure VRRP
set ip routing enable true
set ip vrf vrf1 description east
set ip vrf vrf2 description east


# Command to bind the Layer 3 VLAN interface to the VRF.
set vlan-interface interface vlan<vlan-id> vrf <VRF-ID>

# Command to add static route entry into the VRF.
set protocols static vrf <VRF-ID> route <IPV4_address> next-hop <IPV4_address>
set protocols static vrf <VRF-ID> route <IPV6_address> next-hop <IPV6_address

# Command to validate show VRF instance created
run show vrf
# SONiC command to create a VRF-
#Syntax
config vrf add
config vrf add <vrf-name>
config vrf del <vrf-name>
config vrf add_vrf_vni_map <vrf-name>

# Command to bind Layer 3 VLAN interface to the VRF.
config vrf add <VRF-ID>
config vxlan add vtep <VTEP_ENDPOINT_IP>
config vxlan evpn_nvo add evpnnvo vtep
config vrf add_vrf_vni_map <VRF-ID> <VNI_VALUE>

# Command to unbind the Layer 3 VLAN interface to the VRF
# Syntax
config vrf del_vrf_vni_map <vrf-name>

# Command to configure a static route entry into the VRF
# Example
ip route <A.B.C.D/M> <A.B.C.D> nexthop-vrf <vrf-name>

# Command to import VRF table into default routing table
import vrf default

#Command to add bgp routing entry with VRF and import route leaking policy into VRF routing table
router bgp <AS_NUMBER> vrf
address-family ipv4 unicast
router bgp <AS_NUMBER> vrf
address-family ipv4 unicast

Create VRF instance

admin@sonic:~$ config vrf add Vrf_01
Binding the Ethernet0 to VRF instance.
admin@sonic:~$ config interface vrf bind Ethernet0 Vrf_01

Checking the VRF

admin@sonic:~$ show vrf
VRF     Interfaces
------  ------------
Vrf_01  Ethernet0
admin@sonic:~$ show ip interfaces
Interface   Master  IPv4 address/mask   Admin/Oper  BGP Neighbor    Neighbor IP
-----------  --------  -------------------  ------------  --------------  -------------
Ethernet0   Vrf_01  192.168.1.1/24      up/up       N/A             N/A
Loopback0           10.1.0.1/32         up/up       N/A             N/A
docker0                240.127.1.1/24       up/down     N/A             N/A
eth0                188.188.97.31/16    up/up       N/A             N/A
lo                  127.0.0.1/8         up/up       N/A             N/A

Checking the routing table.

admin@sonic:~$ show ip route vrf Vrf_01
Codes: K - kernel route, C - connected, S - static, R - RIP,
    O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
    T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
    F - PBR, f - OpenFabric,
    > - selected route, * - FIB route, q - queued route, r - rejected route
VRF Vrf_01:
C>* 192.168.1.0/24 is directly connected, Ethernet0, 00:02:37
admin@sonic:~$ show ip route vrf all
Codes: K - kernel route, C - connected, S - static, R - RIP,
    O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
    T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
    F - PBR, f - OpenFabric,
    > - selected route, * - FIB route, q - queued route, r - rejected route
VRF Vrf_01:
C>* 192.168.1.0/24 is directly connected, Ethernet0, 00:00:31
Codes: K - kernel route, C - connected, S - static, R - RIP,
    O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
    T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
    F - PBR, f - OpenFabric,
    > - selected route, * - FIB route, q - queued route, r - rejected route
K>* 0.0.0.0/0 [0/202] via 188.188.1.1, eth0, 00:15:16
C>* 10.1.0.1/32 is directly connected, Loopback0, 00:15:16
C>* 188.188.0.0/16 is directly connected, eth0, 00:15:16

Management VRF Create Management VRF

admin@sonic:~$ config vrf add mgmt

Checking the Management VRF

admin@sonic:~$ show mgmt-vrf
ManagementVRF : Enabled
Management VRF interfaces in Linux:
128: mgmt: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 52:2f:cc:b8:28:b5 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 1500
    vrf table 5000 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master mgmt state UP mode DEFAULT group default qlen 1000
    link/ether 80:a2:35:4f:4f:40 brd ff:ff:ff:ff:ff:ff
129: lo-m: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master mgmt state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 0a:25:2e:1f:32:90 brd ff:ff:ff:ff:ff:ff
admin@sonic:~$ show ip interfaces
Interface   Master  IPv4 address/mask   Admin/Oper  BGP Neighbor    Neighbor IP
-----------  --------  -------------------  ------------  --------------  -------------
Ethernet0   Vrf_01  192.168.1.1/24      up/up       N/A             N/A
Loopback0           10.1.0.1/32         up/up       N/A             N/A
docker0             240.127.1.1/24      up/down     N/A             N/A
eth0        mgmt    188.188.97.31/16    up/up       N/A             N/A
lo                  127.0.0.1/8         up/up       N/A             N/A
lo-m        mgmt    127.0.0.1/8         up/up       N/A             N/A
Checking the routing table.
admin@sonic:~$ show ip route vrf mgmt
Codes: K - kernel route, C - connected, S - static, R - RIP,
    O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
    T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
    F - PBR, f - OpenFabric,
    > - selected route, * - FIB route, q - queued route, r - rejected route
VRF mgmt:
K>* 0.0.0.0/0 [0/0] via 188.188.1.1, eth0, 00:12:12
C>* 188.188.0.0/16 is directly connected, eth0, 00:12:12
admin@sonic:~$ show ip route vrf all
Codes: K - kernel route, C - connected, S - static, R - RIP,
    O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
    T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
    F - PBR, f - OpenFabric,
    > - selected route, * - FIB route, q - queued route, r - rejected route
VRF Vrf_01:
C>* 192.168.1.0/24 is directly connected, Ethernet0, 00:01:04
Codes: K - kernel route, C - connected, S - static, R - RIP,
    O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
    T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
    F - PBR, f - OpenFabric,
    > - selected route, * - FIB route, q - queued route, r - rejected route
C>* 10.1.0.1/32 is directly connected, Loopback0, 00:01:05
Codes: K - kernel route, C - connected, S - static, R - RIP,
    O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
    T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
    F - PBR, f - OpenFabric,
    > - selected route, * - FIB route, q - queued route, r - rejected route
VRF mgmt:
K>* 0.0.0.0/0 [0/0] via 188.188.1.1, eth0, 00:01:21
C>* 188.188.0.0/16 is directly connected, eth0, 00:01:21

L2-VXLAN Asymmetric IRB Configuration

L2-VXLAN



PICOS SONiC
# Configure VLAN ID, L3 VLAN interfaces loopback interfaces and IP addressing.
#Syntax
set vlans vlan-id <VLAN-ID>
set ip routing enable true
set ip vrf <VRF_NAME>

set interface gigabit-ethernet ge-x/y/z family ethernet-switching native-vlan-id <vlan-id1>
set interface gigabit-ethernet ge-a/b/c family ethernet-switching native-vlan-id <vlan-id2>

set l3-interface loopback lo address <System_loopback_1> prefix-length 32

set l3-interface loopback <VRF_NAME> address <System_loopback_2> prefix-length 32

set l3-interface vlan-interface vlan<vlan_number> address <IP_address> prefix-length <subnet_length>

# Configure VXLAN VNI and map VNI IDs to VLAN IDs.
set vlans vlan-id <VLAN-ID> l3-interface "vlan<VLAN_NUMBER>"
set vxlans source-interface lo address <SYSTEM_LOOPBACK>
set vxlans vni <VNI_VALUE> vlan <VLAN-ID>

# Configure BGP related configuration
set protocols bgp local-as <LOCAL_AS_NUMBER>
set protocols bgp router-id <SYSTEM_LOOPBACK>
set protocols bgp neighbor <BGP_NEIGHBOR_IP> remote-as "internal"
set protocols bgp neighbor <BGP_NEIGHBOR_IP> update-source "<SYSTEM_LOOPBACK>"
set protocols bgp neighbor <BGP_NEIGHBOR_IP> evpn activate true
set protocols bgp evpn advertise-all-vni
set protocols bgp evpn advertise ipv4-unicast
set protocols bgp local-as <LOCAL_AS_NUMBER>
set protocols bgp router-id <SYSTEM_LOOPBACK>
set protocols bgp evpn advertise ipv4-unicast

#Verify Configuration- routes and VXLAN tunnels
run show route
run show bgp route
run show vxlan evpn route
run show vxlan tunnel

#Advertise BGP EVPN Routes
set protocols bgp evpn advertise-all-vni
set vxlans source-interface loopback address <SYSTEM_LOOPBACK>
set vxlans vni <VNI_VALUE> encapsulation vlan <VLAN-ID>

#Command to show VXLAN traffic stats
run show vxlan statistics
# Configure LoopBack, VLAN IDs , Ip addressing
# Syntax
config vlan add <VLAN-ID>
config vlan member add <VLAN-ID> Ethernet<interface1>
config interface ip add Loopback0 <SYSTEM_LOOPBACK>



# Configure BGP routing
router bgp <LOCAL_AS_NUMBER>
bgp router-id <SYSTEM_LOOPBACK>
neighbor <ebgp_neighbor_ip> remote-as <REMOTE_AS_NUMBER>
address-family ipv4
network <Network_prefix_advertised>

#Configure VXLAN VNI and map VNI IDs to VLAN IDs
config vxlan add vtep <SOURCE_VTEP_IP>
config vxlan evpn_nvo add nvo vtep
config vxlan map add vtep <VLAN-ID> <VNI_VALUE>

config vxlan add vtep <DEST_VTEP_IP>
config vxlan evpn_nvo add nvo vtep
config vxlan map add vtep <VLAN-ID> <VNI_VALUE>



#Advertise L2 EVPN Routes
router bgp <LOCAL_AS_NUMBER>
address-family l2vpn evpn
neighbor <ebgp_neighbor_ip> activate
Advertise-all-vni



#Show VXLAN tunnels , interfaces
show ip route
show vxlan interface
show vxlan vlanvnimap
show vxlan tunnel
show vxlan remotevtep
show evpn vni detail

L2-VXLAN-EVPN-topology

Step 1: Configure IP address to Loopback0 of both switches. AS7326-56X

admin@AS7326-56X:~$ config interface ip remove Loopback0 10.1.0.1/32   
admin@AS7326-56X:~$ config interface ip add Loopback0 1.1.1.1/32

AS5835-54X:

admin@AS5835-54X:~$ config interface ip remove Loopback0 10.1.0.1/32   
admin@AS5835-54X:~$ config interface ip add Loopback0 2.2.2.2/32

Step 2: Establish BGP Session between Ethernet52 and announce the network. AS7326-56X:

admin@AS7326-56X:~$ vtysh
Hello, this is FRRouting (version 7.2.1-sonic).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
AS7326-56X# configure terminal
AS7326-56X(config)# router bgp 65100
AS7326-56X(config-router)# bgp router-id 1.1.1.1
AS7326-56X(config-router)# neighbor 10.0.0.1 remote-as 65100
AS7326-56X(config-router)# address-family ipv4
AS7326-56X(config-router-af)# network 1.1.1.1/32
AS7326-56X(config-router-af)# end
AS7326-56X# exit

AS5835-54X:

admin@AS5835-54X:~$ vtysh
Hello, this is FRRouting (version 7.2.1-sonic).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
AS5835-54X# configure terminal
AS5835-54X(config)# router bgp 65100
AS5835-54X(config-router)# bgp router-id 2.2.2.2
AS5835-54X(config-router)# neighbor 10.0.0.0 remote-as 65100
AS5835-54X(config-router)# address-family ipv4
AS5835-54X(config-router-af)# network 2.2.2.2/32
AS5835-54X(config-router-af)# end
AS5835-54X# exit

Step 3. Create Vxlan AS7326-56X:

admin@AS7326-56X:~$ config vxlan add vtep 1.1.1.1
admin@AS7326-56X:~$ config vxlan evpn_nvo add nvo vtep
admin@AS7326-56X:~$ config vxlan map add vtep 30 3000
AS5835-54X:
admin@AS5835-54X:~$ config vxlan add vtep 2.2.2.2
admin@AS5835-54X:~$ config vxlan evpn_nvo add nvo vtep
admin@AS5835-54X:~$ config vxlan map add vtep 30 3000
Note :
VNI (VxLAN Network Identifier) : virtual extension of VLAN over IP network.
VTEP (VXLAN Tunnel End Point) : an entity that originates and/or terminates VXLAN tunnels which is specified by a source IP address.
Only one VTEP is allowed on one device. Please use loopback IP address for VTEP's IP address.
NVO (Network Virtualization Overlay)
Only one NVO is allowed on one device.
VNI (VxLAN Network Identifier) : virtual extension of VLAN over IP network.

Step 4: Advertise L2VPN EVPN routes. AS7326-56X:

admin@AS7326-56X:~$ vtysh
Hello, this is FRRouting (version 7.2.1-sonic).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
AS7326-56X#
AS7326-56X# configure terminal
AS7326-56X(config)# router bgp 65100
AS7326-56X(config-router)# address-family l2vpn evpn
AS7326-56X(config-router-af)# neighbor 10.0.0.1 activate
AS7326-56X(config-router-af)# advertise-all-vni
AS5835-54X:
admin@AS5835-54X:~$ vtysh
Hello, this is FRRouting (version 7.2.1-sonic).
AS5835-54X# 
AS5835-54X# configure terminal
AS5835-54X(config)# router bgp 65100
AS5835-54X(config-router)# address-family l2vpn evpn
AS5835-54X(config-router-af)# neighbor 10.0.0.0 activate
AS5835-54X(config-router-af)# advertise-all-vni

Check VxLAN interface configuration.AS7326-56X:

admin@AS7326-56X:~$ show vxlan interface 
VTEP Information:
VTEP Name : vtep, SIP : 1.1.1.1
Source interface : Loopback0
AS5835-54X:
admin@AS5835-54X:~$ show vxlan interface 
VTEP Information:
VTEP Name : vtep, SIP : 2.2.2.2
Source interface : Loopback0

Check vxlan and VLAN mapping.AS7326-56X:

admin@AS7326-56X:~$ show vxlan vlanvnimap
+--------+-------+
| VLAN   |   VNI |
+========+=======+
| Vlan30 |  3000 |
+--------+-------+
Total count : 1
AS5835-54X:
admin@AS5835-54X:~$ show vxlan vlanvnimap
+--------+-------+
| VLAN   |   VNI |
+========+=======+
| Vlan30 |  3000 |
+--------+-------+
Total count : 1

Check the status for Vxlan tunneling. AS7326-56X:(202111.3)

admin@AS7326-56X:~$ show vxlan tunnel
vxlan tunnel name    source ip    destination ip    tunnel map name    tunnel map mapping(vni -> vlan)
-------------------  -----------  ----------------  -----------------  ---------------------------------
vtep                 1.1.1.1                       map_3000_Vlan30    3000 -> Vlan30
Total count : 1

AS7326-56X:(202111.3)

admin@AS7326-56X:~$ show vxlan remotevtep
+---------+---------+-------------------+--------------+
| SIP   | DIP   | Creation Source   | OperStatus   |
+=========+=========+===================+==============+
| 1.1.1.1 | 2.2.2.2 | EVPN              | oper_up   |
+---------+---------+-------------------+--------------+
Total count : 1

AS5835-54X:(202111.3)

admin@AS5835-54X:~$ show vxlan tunnel
vxlan tunnel name    source ip    destination ip    tunnel map name    tunnel map mapping(vni -> vlan)
-------------------  -----------  ----------------  -----------------  ---------------------------------
vtep                 2.2.2.2                      map_3000_Vlan30    3000 -> Vlan30
Total count : 1

AS5835-54X:(202111.3)

admin@AS5835-54X:~$ show vxlan remotevtep
| SIP   | DIP   | Creation Source   | OperStatus   |
+=========+=========+===================+==============+
| 2.2.2.2 | 1.1.1.1 | EVPN              | oper_up   |
+---------+---------+-------------------+--------------+
Total count : 1

Check the Mac learning. AS7326-56X:(202111.3)

admin@AS7326-56X:~$ show mac
  No.   Vlan  MacAddress        Port                Type
-----  ------  -----------------  ------------------  -------
    1   30  8C:EA:1B:30:DA:50  VxLAN DIP: 2.2.2.2  Static
    2   30  8C:EA:1B:30:DA:4F  Ethernet0        Dynamic
Total number of entries 2

AS7326-56X(202111.3)

admin@AS7326-56X:~$ show mac
  No.   Vlan  MacAddress        Port    Type
-----  ------  -----------------  ---------  -------
    1   30  8C:EA:1B:30:DA:4F  Ethernet0  Dynamic
Total number of entries 1
admin@AS7326-56X:~$ show vxlan remotemac all
+--------+-------------------+--------------+-------+-------+---------+
| VLAN   | MAC              | RemoteVTEP   | ESI   |   VNI | Type   |
+========+===================+==============+=======+=======+=========+
| Vlan30 | 8c:ea:1b:30:da:50 | 2.2.2.2      |       |  3000 | dynamic |
+--------+-------------------+--------------+-------+-------+---------+
Total count : 1
Note.
"8C:EA:1B:30:DA:50" is synced from remote vtep(2.2.2.2).
"8C:EA:1B:30:DA:4F" is learned locally.

AS5835-54X:(202111.3)

admin@AS5835-54X:~$ show mac
  No.   Vlan  MacAddress        Port                Type
-----  ------  -----------------  ------------------  -------
    1   30  8C:EA:1B:30:DA:50  Ethernet0        Dynamic
    2   30  8C:EA:1B:30:DA:4F  VxLAN DIP: 1.1.1.1  Static
Total number of entries 2

AS5835-54X:(202111.3)

admin@AS5835-54X:~$ show mac
  No.   Vlan  MacAddress        Port    Type
-----  ------  -----------------  ---------  -------
    1   30  8C:EA:1B:30:DA:50  Ethernet0  Dynamic
Total number of entries 1
admin@AS5835-54X:~$ show vxlan remotemac all
+--------+-------------------+--------------+-------+-------+---------+
| VLAN   | MAC              | RemoteVTEP   | ESI   |   VNI | Type   |
+========+===================+==============+=======+=======+=========+
| Vlan30 | 8c:ea:1b:30:da:4f | 1.1.1.1      |       |  3000 | dynamic |
+--------+-------------------+--------------+-------+-------+---------+
Total count : 1

Check IPv4 BGP session AS7326-56X:

AS7326-56X# show bgp ipv4 summary
IPv4 Unicast Summary:
BGP router identifier 1.1.1.1, local AS number 65100 vrf-id 0
BGP table version 6
RIB entries 3, using 552 bytes of memory
Peers 1, using 20 KiB of memory
Neighbor        V       AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
10.0.0.1        4   65100   80      85      0   0   0 01:01:28          1
Total number of neighbors 1

AS5835-54X:

AS5835-54X# show bgp ipv4 summary
IPv4 Unicast Summary:
BGP router identifier 2.2.2.2, local AS number 65100 vrf-id 0
BGP table version 6
RIB entries 3, using 552 bytes of memory
Peers 1, using 20 KiB of memory
Neighbor        V       AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
10.0.0.0        4   65100   79      79      0   0   0 01:01:28          1
Total number of neighbors 1

Check L2EVPN BGP session AS7326-56X:

AS7326-56X# show bgp l2vpn evpn summary
BGP router identifier 1.1.1.1, local AS number 65100 vrf-id 0
BGP table version 0
RIB entries 3, using 552 bytes of memory
Peers 1, using 20 KiB of memory
Neighbor        V       AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
10.0.0.1        4   65100   82      87      0   0   0 01:03:43          3
Total number of neighbors 1
AS5835-54X:
AS5835-54X# show bgp l2vpn evpn summary
BGP router identifier 2.2.2.2, local AS number 65100 vrf-id 0
BGP table version 0
RIB entries 3, using 552 bytes of memory
Peers 1, using 20 KiB of memory
Neighbor        V       AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
10.0.0.0        4   65100   81      81      0   0   0 01:03:43          3
Total number of neighbors 1

Check underlay routing AS7326-56X:

AS7326-56X# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
K>* 0.0.0.0/0 [0/202] via 188.188.1.1, eth0, 00:49:45
C>* 1.1.1.1/32 is directly connected, Loopback0, 00:49:14
B>* 2.2.2.2/32 [200/0] via 10.0.0.1, Ethernet52, 00:42:04
C>* 10.0.0.0/31 is directly connected, Ethernet52, 00:49:13
C>* 188.188.0.0/16 is directly connected, eth0, 00:49:45

AS5835-54X:

AS5835-54X# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
K>* 0.0.0.0/0 [0/0] via 188.188.1.1, eth0, 00:49:57
B>* 1.1.1.1/32 [200/0] via 10.0.0.0, Ethernet52, 00:42:25
C>* 2.2.2.2/32 is directly connected, Loopback0, 00:46:34
C>* 10.0.0.0/31 is directly connected, Ethernet52, 00:46:33
C>* 188.188.0.0/16 is directly connected, eth0, 00:49:57

Check Vxlan VNI status AS7326-56X:

AS7326-56X# show evpn vni detail 
VNI: 3000
Type: L2
Tenant VRF: default
VxLAN interface: vtep-30
VxLAN ifIndex: 68
Local VTEP IP: 1.1.1.1
Mcast group: 0.0.0.0
Remote VTEPs for this VNI:
2.2.2.2 flood: HER
Number of MACs (local and remote) known for this VNI: 3
Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 3
Advertise-gw-macip: No

AS5835-54X:

AS5835-54X# show evpn vni detail 
VNI: 3000
Type: L2
Tenant VRF: default
VxLAN interface: vtep-30
VxLAN ifIndex: 66
Local VTEP IP: 2.2.2.2
Mcast group: 0.0.0.0
Remote VTEPs for this VNI:
1.1.1.1 flood: HER
Number of MACs (local and remote) known for this VNI: 3
Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 3
Advertise-gw-macip: No

Check the evpn mac learning AS7326-56X:

AS7326-56X# show evpn mac vni all
VNI 3000 #MACs (local and remote) 3
MAC             Type   Intf/Remote VTEP     VLAN  Seq #'s
8c:ea:1b:30:da:50 remote 2.2.2.2                    1/0
8c:ea:1b:30:da:4f local  Ethernet0          30  0/0

AS5835-54X:

AS5835-54X# show evpn mac vni all
VNI 3000 #MACs (local and remote) 3MAC              Type   Intf/Remote VTEP     VLAN  Seq #'s
8c:ea:1b:30:da:50 local  Ethernet0          30  0/0
8c:ea:1b:30:da:4f remote 1.1.1.1                    1/0

Check the type 2 EVPN route AS7326-56X:

AS7326-56X# show bgp l2vpn evpn route type macip 
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[EthTag]:[ESI]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]
                   Network          Next Hop            Metric LocPrf Weight Path
            Extended Community
Route Distinguisher: 1.1.1.1:2
*> [2]:[0]:[48]:[8c:ea:1b:cc:10:a4]
                    1.1.1.1                            32768 i
                    ET:8 RT:65100:3000
Route Distinguisher: 2.2.2.2:2
*>i[2]:[0]:[48]:[80:a2:35:5a:22:50]
                    2.2.2.2                       100      0 i
                    RT:65100:3000 ET:8
Displayed 2 prefixes (2 paths) (of requested type)

AS5835-54X:

AS5835-54X# show bgp l2vpn evpn route type macip 
BGP table version is 2, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[EthTag]:[ESI]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]
   Network          Next Hop            Metric LocPrf Weight Path
                    Extended Community
Route Distinguisher: 1.1.1.1:2
*>i[2]:[0]:[48]:[8c:ea:1b:cc:10:a4]
                    1.1.1.1                       100      0 i
                    RT:65100:3000 ET:8
Route Distinguisher: 2.2.2.2:2
*> [2]:[0]:[48]:[80:a2:35:5a:22:50]
                    2.2.2.2                            32768 i
                    ET:8 RT:65100:3000
Displayed 2 prefixes (2 paths) (of requested type)

Check the type 3 EVPN route AS7326-56X:

AS7326-56X# show bgp l2vpn evpn route type multicast 
BGP table version is 3, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]
Network Next Hop Metric LocPrf Weight Path
Extended Community
Route Distinguisher: 1.1.1.1:2
*> [3]:[0]:[32]:[1.1.1.1]
1.1.1.1 32768 i
ET:8 RT:65100:3000
Route Distinguisher: 2.2.2.2:2
*>i[3]:[0]:[32]:[2.2.2.2]
2.2.2.2 100 0 i
RT:65100:3000 ET:8
Displayed 2 prefixes (2 paths) (of requested type)

AS5835-54X:

AS5835-54X# show bgp l2vpn evpn route type multicast 
BGP table version is 3, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]
Network Next Hop Metric LocPrf Weight Path
Extended Community
Route Distinguisher: 1.1.1.1:2
*>i[3]:[0]:[32]:[1.1.1.1]
1.1.1.1 100 0 i
RT:65100:3000 ET:8
Route Distinguisher: 2.2.2.2:2
*> [3]:[0]:[32]:[2.2.2.2]
2.2.2.2 32768 i
ET:8 RT:65100:3000

L3-VXLAN Symmetric IRB Configuration

L3-VXLAN

PICOS SONiC
# Configure physical interfaces, VLAN interfaces and assign VLAN IDs and IP addresses.
set interface gigabit-ethernet ge-x/y/z family ethernet-switching native-vlan-id <vlan-id1>
set interface gigabit-ethernet ge-x/y/z family ethernet-switching native-vlan-id <vlan-id2>

set interface gigabit-ethernet ge-x/y/z family ethernet-switching port-mode "trunk"
set interface gigabit-ethernet ge-x/y/z family ethernet-switching vlan members <vlan-id1>
set interface gigabit-ethernet ge-x/y/z family ethernet-switching vlan members <vlan-id2>

set l3-interface loopback lo address <SYSTEM_LOOPBACK1> prefix-length 32
set l3-interface loopback lo address <SYSTEM_LOOPBACK2> prefix-length 32
set l3-interface loopback lo address <SYSTEM_LOOPBACK_IPV6> prefix-length 128

set l3-interface vlan-interface vlan<VLAN_NUMBER> vrf "VRF_NAME"
set l3-interface vlan-interface vlan<VLAN_NUMBER> address <IP_ADDRESS> prefix-length <SUBNET_LENGTH>

set l3-interface vlan-interface vlan<VLAN_NUMBER> vrf "VRF_NAME"

#Enable IP routing and configure VRF and hostname
set ip routing enable true
set ip vrf <VRF_NAME>
set vxlans vrf <VRF_NAME> l3-vni <VNI_VALUE> prefix-routes-only
delete vxlans vrf <VRF_NAME> l3-vni <VNI_VALUE> prefix-routes-only
set vxlans vrf vrf1 l3-vni <VNI_VALUE> prefix-routes-only


# Enable IP Routing and Configure VRF
set ip routing enable true
set ip vrf vrf1

#Create an L3 VNI in vrf1.
set vxlans source-interface lo address <SYSTEM_LOOPBACK>
set vxlans vrf <VRF-NAME> l3-vni <VNI_VALUE>

#Advertise all VNI through BGP routing
set protocol bgp evpn advertise-all-vni

#Enable EVPN Between BGP Peers
set protocols bgp local-as <LOCAL_AS_NUMBER>
set protocols bgp router-id <SYSTEM_LOOPBACK>
set protocols bgp neighbor <ebgp_neighbor_ip> remote-as <REMOTE_AS_NUMBER>
set protocols bgp ebgp-requires-policy false
set protocols bgp local-as <LOCAL_ASN_NUMBER>
set protocols bgp router-id <SYSTEM_LOOPBACK>
set protocols bgp neighbor <ebgp_neighbor_ip> remote-as "external"
set protocols bgp neighbor <ebgp_neighbor_ip> update-source "<SYSTEM_LOOPBACK>”
set protocols bgp neighbor <ebgp_neighbor_ip> evpn activate true
set protocols bgp ipv4-unicast network <Prefix_subnet_advertised>

# Configure BGP routing and advertise EVPN routes
set protocols bgp evpn advertise-all-vni
set protocols bgp evpn advertise ipv4-unicast
set protocols bgp vrf <VRF_NAME> local-as <LOCAL_AS_NUMBER>
set protocols bgp vrf <VRF_NAME> router-id <SYSTEM_LOOPBACK>
set protocols bgp vrf <VRF_NAME> ipv4-unicast network <PREFIX_SUBNET_ADVERTISED>
set protocols bgp vrf <VRF_NAME> evpn advertise ipv4-unicast
# Configure physical interfaces, VLAN interfaces and assign VLAN IDs and IP addresses config interface ip add Loopback0 <SYSTEM_LOOPBACK>

#Configure VRF Setting
config vrf add <VRF-NAME>
config interface vrf bind VLAN<VLAN_NUMBER> <VRF-NAME>
config interface ip add VLAN<VLAN_NUMBER> <IP_ADDRESS>

#Create VxLAN,map VNI to VLAN
config vxlan add vtep <SOURCE_VTEP_IP>
config vxlan evpn_nvo add nvo vtep
config vxlan map add vtep <VLAN-ID> <VNI_VALUE>
config save -y

#Configure layer3 VNI and map it to VRF value
config vrf add_vrf_vni_map <VRF-NAME> <VNI_VALUE>
config save -y

#Establish a BGP environment for EVPN
# vtysh command
router bgp <LOCAL_AS_NUMBER>
neighbor <ebgp_neighbor_ip> remote-as <REMOTE_AS_NUMBER>
address-family ipv4 unicast
network %lt;PREFIX_ADVERTISED>
exit
address-family l2vpn evpn
neighbor <ebgp_neighbor_ip> activate
= advertise-all-vni
end

# Configure VRF and VNI values
configure terminal
vrf <VRF-NAME>
vni <VNI_VALUE>
end

# Configure BGP routing and advertise EVPN routes
router bgp <LOCAL_AS_NUMBER> vrf <VRF-NAME>
address-family ipv4 unicast
redistribute connected
address-family l2vpn evpn
advertise ipv4 unicast
write

# Commands to verify VXLAN tunnels
show vxlan interface
show vxlan vlanvnimap
show vxlan tunnel
show vxlan remotevtep

#Commands to verify EVPN routes and BGP routes
show evpn vni detail
show bgp summary
show ip route vrf all


L3-VXLAN EVPN


Configure IP address and Loopback IPs of both switches. AS5835-54X

admin@SONIC01:~$ config interface ip add Loopback0 1.1.1.1/32
admin@SONIC01:~$ config interface ip add Ethernet48 10.0.0.4/31

A4630-54PE

admin@SONIC02:~$ config interface ip add Loopback0 2.2.2.2/32
admin@SONIC02:~$ config interface ip add Ethernet52 10.0.0.5/31

Configure VRF Setting AS5835-54X

admin@SONIC01:~$ config vrf add Vrf01                                                           
admin@SONIC01:~$ config interface vrf bind Vlan30 Vrf01                                          
admin@SONIC01:~$ config interface vrf bind Vlan10 Vrf01                                          
admin@SONIC01:~$ config interface ip add Vlan10 192.168.1.254/24     

A4630-54PE

admin@SONIC02:~$ config vrf add Vrf01                                                             
admin@SONIC02:~$ config interface vrf bind Vlan30 Vrf01                                         
admin@SONIC02:~$ config interface vrf bind Vlan20 Vrf01                                           
admin@SONIC02:~$ config interface ip add Vlan20 192.168.2.254/24  

Establish BGP Session between Ethernet48 and Ethernet52 AS5835-54X

admin@SONIC01:~$ vtysh                                                                                 
sonic# configure terminal
sonic(config)# router bgp 65100                                                                        
sonic(config-router)# neighbor 10.0.0.5 remote-as 65100                                      
sonic(config-router)# address-family ipv4 unicast                                       
sonic(config-router-af)# network 1.1.1.1/32                                                 
sonic(config-router-af)# exit
sonic(config-router)# address-family l2vpn evpn                                          
sonic(config-router-af)# neighbor 10.0.0.5 activate                                      
sonic(config-router-af)# advertise-all-vni                                                      
sonic(config-router-af)# end
sonic# configure terminal                                                                              
sonic(config)# vrf Vrf01                                                                                 
sonic(config-vrf)# vni 3000                                                                            
sonic(config-vrf)# end
sonic# configure terminal 
sonic(config)# router bgp 65100 vrf Vrf01                                                      
sonic(config-router)# address-family ipv4 unicast                                        
sonic(config-router-af)# redistribute connected                                           
sonic(config-router-af)# exit
sonic(config-router)# address-family l2vpn evpn                                          
sonic(config-router-af)# advertise ipv4 unicast                                              
sonic(config-router-af)# end
sonic# write

A4630-54PE

admin@SONIC02:~$ vtysh                                                                                 
sonic# configure terminal
sonic(config)# router bgp 65100                                                                   
sonic(config-router)# neighbor 10.0.0.4 remote-as 65100             
sonic(config-router)# address-family ipv4 unicast                                       
sonic(config-router-af)# network 2.2.2.2/32                                                 
sonic(config-router-af)# exit
sonic(config-router)# address-family l2vpn evpn                                          
sonic(config-router-af)# neighbor 10.0.0.4 activate                                      
sonic(config-router-af)# advertise-all-vni                                                      
sonic(config-router-af)# end
sonic# configure terminal                                                                              
sonic(config)# vrf Vrf01                                                                                 
sonic(config-vrf)# vni 3000                                                                            
sonic(config-vrf)# end
sonic# configure terminal 
sonic(config)# router bgp 65100 vrf Vrf01                                                     
sonic(config-router)# address-family ipv4 unicast                                        
sonic(config-router-af)# redistribute connected                                           
sonic(config-router-af)# exit
sonic(config-router)# address-family l2vpn evpn                                          
sonic(config-router-af)# advertise ipv4 unicast                                              
sonic(config-router-af)# end
sonic# write

Create Vxlan AS5835-54X configuring VTEP_name (vtep) and its IP address

admin@SONIC01:~$ config vxlan add vtep 1.1.1.1  

create nvo_name (nvo) and bind it to VTEP_name (vtep)

admin@SONIC01:~$ config vxlan evpn_nvo add nvo vtep    

Command to map VXLAN VNI to VLAN

admin@SONIC01:~$ config vxlan map add vtep 10 1000                                                
admin@SONIC01:~$ config vxlan map add vtep 30 3000                                               
admin@SONIC01:~$ config save -y

A4630-54PE configuring VTEP_name (vtep) and its IP address

admin@SONIC02:~$ config vxlan add vtep 2.2.2.2   

create nvo_name (nvo) and bind it to VTEP_name (vtep)

admin@SONIC02:~$ config vxlan evpn_nvo add nvo vtep 

Command to map VXLAN VNI to VLAN

admin@SONIC02:~$ config vxlan map add vtep 20 2000                                                
admin@SONIC02:~$ config vxlan map add vtep 30 3000                                               
admin@SONIC02:~$ config save -y    

Configure the layer3 VNI on both switches. AS5835-54X

admin@SONIC01:~$ config vrf add_vrf_vni_map Vrf01 3000 

A4630-54PE

admin@SONIC01:~$ config vrf add_vrf_vni_map Vrf01 3000 

Verify EVPN-VNI Route Status AS5835-54X

sonic# show evpn vni detail
VNI: 1000
 Type: L2
 Tenant VRF: Vrf01
 VxLAN interface: vtep-10
 VxLAN ifIndex: 67
 SVI interface: Vlan10
 SVI ifIndex: 9
 Local VTEP IP: 1.1.1.1
 Mcast group: 0.0.0.0
 No remote VTEPs known for this VNI
 Number of MACs (local and remote) known for this VNI: 1
 Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 1
 Advertise-gw-macip: No
 Advertise-svi-macip: No
VNI: 3000
  Type: L3
  Tenant VRF: Vrf01
  Local Vtep Ip: 1.1.1.1
  Vxlan-Intf: vtep-30
  SVI-If: Vlan30
  State: Up
  VNI Filter: none
  System MAC: 00:a0:c9:00:00:00
  Router MAC: 00:a0:c9:00:00:00
  L2 VNIs: 1000

A4630-54PE

sonic# show evpn vni detail
VNI: 2000
 Type: L2
 Tenant VRF: Vrf01
 VxLAN interface: vtep-20
 VxLAN ifIndex: 78
 SVI interface: Vlan20
 SVI ifIndex: 76
 Local VTEP IP: 2.2.2.2
 Mcast group: 0.0.0.0
 No remote VTEPs known for this VNI
 Number of MACs (local and remote) known for this VNI: 1
 Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 1
 Advertise-gw-macip: No
 Advertise-svi-macip: No
VNI: 3000
  Type: L3
  Tenant VRF: Vrf01
  Local Vtep Ip: 2.2.2.2
  Vxlan-Intf: vtep-30
  SVI-If: Vlan30
  State: Up
  VNI Filter: none
  System MAC: 68:21:5f:29:c0:d2
  Router MAC: 68:21:5f:29:c0:d2
  L2 VNIs: 2000

Verify BGP Route Summary AS5835-54X

sonic# show bgp summary
IPv4 Unicast Summary (VRF default):
BGP router identifier 188.188.9.14, local AS number 65100 vrf-id 0
BGP table version 17
RIB entries 3, using 552 bytes of memory
Peers 1, using 723 KiB of memory
Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.0.0.5        4      65100      1436      1449        0    0    0 03:02:18            1        1 N/A
Total number of neighbors 1
L2VPN EVPN Summary (VRF default):
BGP router identifier 188.188.9.14, local AS number 65100 vrf-id 0
BGP table version 0
RIB entries 27, using 4968 bytes of memory
Peers 1, using 723 KiB of memory
Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.0.0.5        4      65100      1436      1449        0    0    0 03:02:18            4        4 N/A
Total number of neighbors 1

A4630-54PE

sonic# show bgp summary
IPv4 Unicast Summary (VRF default):
BGP router identifier 188.188.9.6, local AS number 65100 vrf-id 0
BGP table version 8
RIB entries 3, using 552 bytes of memory
Peers 1, using 723 KiB of memory
Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.0.0.4        4      65100       220       221        0    0    0 03:02:18            1        1 N/A
Total number of neighbors 1
L2VPN EVPN Summary (VRF default):
BGP router identifier 188.188.9.6, local AS number 65100 vrf-id 0
BGP table version 0
RIB entries 11, using 2024 bytes of memory
Peers 1, using 723 KiB of memory
Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.0.0.4        4      65100       220       221        0    0    0 03:02:18            4        4 N/A
Total number of neighbors 1

Validate EVPN route learning AS5835-54X

sonic# show ip route vrf all
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure
VRF Vrf01:
C>* 192.168.1.0/24 is directly connected, Vlan10, 03:18:41
K>* 192.168.1.254/32 [0/0] is directly connected, Vlan10, 03:18:41
B>* 192.168.2.0/24 [200/0] via 2.2.2.2, Vlan30 onlink, weight 1, 03:04:24
B>* 192.168.2.2/32 [200/0] via 2.2.2.2, Vlan30 onlink, weight 1, 02:21:18
VRF default:
K>* 0.0.0.0/0 [0/202] via 188.188.1.1, eth0, 22:59:15
K * 1.1.1.1/32 [0/0] is directly connected, Loopback0, 22:54:06
C>* 1.1.1.1/32 is directly connected, Loopback0, 22:54:06
B>* 2.2.2.2/32 [200/0] via 10.0.0.5, Ethernet48, weight 1, 03:04:24
C>* 10.0.0.4/31 is directly connected, Ethernet48, 03:07:18
K>* 10.0.0.4/32 [0/0] is directly connected, Ethernet48, 22:45:24
C>* 188.188.0.0/16 is directly connected, eth0, 22:59:15

sonic# show bgp l2vpn evpn
BGP table version is 14, local router ID is 188.188.9.14
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[EthTag]:[ESI]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 188.188.9.6:2
*>i[2]:[0]:[48]:[80:a2:35:5a:22:50]
                    2.2.2.2                       100      0 i
                    RT:65100:2000 ET:8
*>i[2]:[0]:[48]:[80:a2:35:5a:22:50]:[32]:[192.168.2.2]
                    2.2.2.2                       100      0 i
                    RT:65100:2000 RT:65100:3000 ET:8 Rmac:68:21:5f:29:c0:d2
*>i[3]:[0]:[32]:[2.2.2.2]
                    2.2.2.2                       100      0 i
                    RT:65100:2000 ET:8
Route Distinguisher: 188.188.9.14:2
*> [2]:[0]:[48]:[b8:6a:97:19:ba:12]
                    1.1.1.1                            32768 i
                    ET:8 RT:65100:1000
*> [2]:[0]:[48]:[b8:6a:97:19:ba:12]:[32]:[192.168.1.1]
                    1.1.1.1                            32768 i
                    ET:8 RT:65100:1000 RT:65100:3000 Rmac:00:a0:c9:00:00:00
*> [3]:[0]:[32]:[1.1.1.1]
                    1.1.1.1                            32768 i
                    ET:8 RT:65100:1000
Route Distinguisher: 192.168.1.254:3
*> [5]:[0]:[24]:[192.168.1.0]
                    1.1.1.1                  0         32768 ?
                    ET:8 RT:65100:3000 Rmac:00:a0:c9:00:00:00
Route Distinguisher: 192.168.2.254:3
*>i[5]:[0]:[24]:[192.168.2.0]
                    2.2.2.2                  0    100      0 ?
                    RT:65100:3000 ET:8 Rmac:68:21:5f:29:c0:d2
Displayed 8 out of 8 total prefixes

#A4630-54PE
sonic# show ip route vrf all
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure
VRF Vrf01:
B>* 192.168.1.0/24 [200/0] via 1.1.1.1, Vlan30 onlink, weight 1, 03:04:23
B>* 192.168.1.1/32 [200/0] via 1.1.1.1, Vlan30 onlink, weight 1, 02:20:51
C>* 192.168.2.0/24 is directly connected, Vlan20, 03:07:28
K>* 192.168.2.254/32 [0/0] is directly connected, Vlan20, 03:07:28
VRF default:
K>* 0.0.0.0/0 [0/202] via 188.188.1.1, eth0, 03:17:24
B>* 1.1.1.1/32 [200/0] via 10.0.0.4, Ethernet52, weight 1, 03:04:23
K * 2.2.2.2/32 [0/0] is directly connected, Loopback0, 03:07:29
C>* 2.2.2.2/32 is directly connected, Loopback0, 03:07:29
C>* 10.0.0.4/31 is directly connected, Ethernet52, 03:07:17
K>* 10.0.0.5/32 [0/0] is directly connected, Ethernet52, 03:07:18
C>* 188.188.0.0/16 is directly connected, eth0, 03:17:24

sonic# show bgp l2vpn evpn
BGP table version is 12, local router ID is 188.188.9.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[EthTag]:[ESI]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 188.188.9.6:2
*> [2]:[0]:[48]:[80:a2:35:5a:22:50]
                    2.2.2.2                            32768 i
                    ET:8 RT:65100:2000
*> [2]:[0]:[48]:[80:a2:35:5a:22:50]:[32]:[192.168.2.2]
                    2.2.2.2                            32768 i
                    ET:8 RT:65100:2000 RT:65100:3000 Rmac:68:21:5f:29:c0:d2
*> [3]:[0]:[32]:[2.2.2.2]
                    2.2.2.2                            32768 i
                    ET:8 RT:65100:2000
Route Distinguisher: 188.188.9.14:2
*>i[2]:[0]:[48]:[b8:6a:97:19:ba:12]
                    1.1.1.1                       100      0 i
                    RT:65100:1000 ET:8
*>i[2]:[0]:[48]:[b8:6a:97:19:ba:12]:[32]:[192.168.1.1]
                    1.1.1.1                       100      0 i
                    RT:65100:1000 RT:65100:3000 ET:8 Rmac:00:a0:c9:00:00:00
*>i[3]:[0]:[32]:[1.1.1.1]
                    1.1.1.1                       100      0 i
                    RT:65100:1000 ET:8
Route Distinguisher: 192.168.1.254:3
*>i[5]:[0]:[24]:[192.168.1.0]
                    1.1.1.1                  0    100      0 ?
                    RT:65100:3000 ET:8 Rmac:00:a0:c9:00:00:00
Route Distinguisher: 192.168.2.254:3
*> [5]:[0]:[24]:[192.168.2.0]
                    2.2.2.2                  0         32768 ?
                    ET:8 RT:65100:3000 Rmac:68:21:5f:29:c0:d2
Displayed 8 out of 8 total prefixes

QoS Configuration

PICOS SONiC
# Commands to create QoS classifiers
#syntax
set class-of–service classifier <classifier-name>
delete class-of–service classifier c1

#Example
creates a classifier c1 with forwarding-class f1 and code-point 3
set class-of-service classifier c1 forwarding-class f1 code-point 3


# Commands to create QoS schedulers
#syntax
# Configure scheduling algorithm for queue scheduling.
set class-of-service scheduler <scheduler-name> mode <SP | WRR | WFQ>
# Configure guaranteed rate and the maximum rate for the interface queue
set class-of-service scheduler <scheduler-name> guaranteed-rate <value> set class-of-service scheduler <scheduler-name> max-rate <value>

# Configure scheduler profile associated with the configured scheduler and forwarding class.
set class-of-service scheduler-profile <scheduler-profile-name> forwarding-class <forwarding-class-name> scheduler <scheduler-name>

# Configure mapping between forwarding class and local priority.
set class-of-service forwarding-class <forwarding-class-name> local-priority <int>

# Apply the scheduler profile to an egress interface.
set class-of-service interface <interface-name> scheduler-profile <scheduler-profile-name>
# Commands to create QoS classifiers ( Edge core SONiC Platform - AS9716-32D)
#Syntax
Create a profile for DOT1P/DSCP mapped to TC(Traffic Class).

#Example for DSCP

config qos dscp-tc add DSCP_TC --dscp 7 --tc 1

#Modify the existing Dot1p/DSCP to TC profile.
#Example for DOT1P:
config qos dot1p-tc update 1p_tc --dot1p 1 --tc 2

#Validate the profile for DOT1P/DSCP to Traffic class.
# DOT1P to TC:
show qos dot1p-tc

#Validate Queue mapping from DSCP queue to Traffic class
show qos dscp-tc

# Create a profile for traffic class and map it to Queue
config qos tc-queue add TC_Q --tc 1 --queue 2

# Validate the profile of Traffic class to Queue.
show qos tc-queue

#Binding the mapping table to the specified interface.
config interface qos dscp-tc bind Ethernet0 DSCP_TC

#Validate the binding table.
show interfaces qos

# Clear the queue counter
sonic-clear queue counters

#Check Specific ethernet port (egress port) queue counters
show queue counters Ethernet8

# Marking configuration
#Create a profile for DOT1P remarking.
#Example for Dot1P:
config qos remark dot1p add remark_dot1p --tc 0 --dot1p 1

# Validate the remark profile.
show qos remark dot1p

# Bind the remark table to the egress interface.
config interface qos remark dot1p bind Ethernet8 remark_dot1p

#Validate the binding table.
show interfaces qos


# Scheduler Configuration(Edge Core SONiC platform - AS7326-56X)
# Set the scheduler mode.
config scheduler add strict_mode --sched_type STRICT

# Validate scheduler status.
show scheduler

# Bind the scheduler to ethernet sub- interface.
>#Example
config interface scheduler bind queue Ethernet 5.3 strict_mode

#Command to unbind the scheduler from ethernet interface
config interface scheduler unbind queue Ethernet 5.3

#Validate scheduler status.
show interfaces scheduler

#Validate Scheduler queues
show queue counters Ethernet5

# Set the scheduler mode
#Example
config scheduler add wrr_7 --sched_type WRR --weight 7
config scheduler add wrr_3 --sched_type WRR --weight 3

#validate scheduler status.
show scheduler

# Bind the scheduler to ethernet interface.
#Example
config interface scheduler bind queue Ethernet5 3 wrr_7
config interface scheduler bind queue Ethernet5 4 wrr_3

# validate scheduler status.
show interfaces scheduler

ACL Configuration

PICOS SONiC
# Command to create ACL rules
#syntax
set firewall filter MyFilter sequence from destination-mac-address <mac_address>
set firewall filter <filter-name> sequence <number> then action discard
set firewall filter <filter-name> sequence <number> from destination-address-ipv6 <ipv6_address>
set firewall filter <filter-name> sequence <number> then action forward

set firewall filter<filter-name1> sequence <number1> from source-address-ipv4 <source_ip_address>
set firewall filter bad-net sequence <number1> then action discard
# Command to create ACL Tables
# Syntax
config acl add table <ACL_table_name> L3 --description 'ACL_Test1' --stage 'ingress' --ports 'Ethernet<number>’'


# Example
config acl add table ACL_Test1 L3V6 --description 'ACL_Test1' --stage 'egress' --ports 'Ethernet16'

#Command to delete ACL tables
config acl remove table <ACL_Table_Name>

#Command to create ACL Rule with source_ip_address
#Example
config acl add rule --src-ip4 100.0.0.1 --priority 3 ACL_Test1 deny

# Commands to verify ACL table and rule created -
show acl table
show acl rule

References