SONiC hardening is carried out as a comprehensive process that unites Q&A practices with robust security measures. This approach strengthens the resilience, integrity, and stability of the SONiC network operating system by combining testing and validation with identification of issues.
Through rigorous Q&A cycles, we ensure performance, reliability, and compliance with industry standards, while security reinforcement addresses vulnerabilities and safeguards the system. At the same time, stability improvements guarantee predictable and uninterrupted operation, allowing Larch Networks to deliver hardened SONiC solutions ready for enterprise, telecom, industrial, and mission-critical environments.
High Availability
Ensures uninterrupted service with features like Fast Reboot, warm upgrades, and process restarts without disrupting traffic.
Modular Architecture
Highly customizable architecture that allows components such as Border Gateway Protocol (BGP), VLAN, and Quality of Service (QoS) to be added or removed based on specific requirements.
Advanced Telemetry and Monitoring
Provides real-time network performance insights and integrates with popular monitoring frameworks.
Container-Based Applications
Each network function runs in its own container, allowing for independent updates and upgrades without affecting other components.
Cloud-Scale Networking
Scales to support the largest data center operations.
Comprehensive Protocol Support
Supports major Layer 2 and Layer 3 networking protocols, including BGP, OSPF, MPLS, VXLAN, and more.
uCentral Cloud Management
Supports access point and LAN switch management using the uCentral protocol, enabling zero-touch provisioning (ZTP) and open-source development.
SONiC NOS Functions
Switching
- VLAN access port creation
- VLAN Trunk port creation
- Default VLAN setting on a port
- port description setting
- port duplex setting
- port auto-negotiation setting
- port loopback mode setting
- port speed setting
- Dynamic LAG (LACP based load share)
- Static LAG (Active-Standby & Load Share)
- RPVST
- Inventory Information
- Environmental Information
- Cooling Unit Information
- Active alarms
- Flow Control
- Auto MDI/MDIX
Routing
- IPv4 / IPv6 Dual Stack
- Static Routing
- OSPFv2, v3
- BGPv4, v6
- ECMP
- Routing stack gracefull restart
Data Center Switching
- BGP-EVPN support
- VRF
- Network Virtualization using Generic
Routing Encapsulation (NVGRE) - VXLAN
Security
- Storm Control (Unknown Unicast, Multicast
and Broadcast) - L2/L3/L4 ACLs
- Idle Session Timeout
- TACACS/RADIUS AAA
QoS
- QoS Packet Classifiers
- Traffic Marking
- Traffic Scheduling (SP, WFQ and CIR/EIR)
- Ingress Policing / Rate Limiting
- Congestion Avoidance
- Queue scheduling: SP, WRR, SP+WRR
- Class of Service
- DSCP
Management
- SSH/Telnet
- HTTPS for XMP / REST APIs
- gRPC, Management & Console port
- ICMP, ping, traceroute
- DNS resolver / Client
- DHCPv4/ DHCPv6 client
- sFlow
- Port/VLAN Mirroring
- DHCP v4/v6 Relay Agent
- LLDP / LLDP-MED
- Jumbo MTU and MTU setting
- SONiC to SONiC upgrade
- ONIE install
Power Over Ethernet
- PoE 802.3af 802.3at 60W PoE
- PoE Budget with LLDP negotiation
- Time Based PoE
- PoE Consumption monitor
Industrial Features (Optional)
- G.8032, ERPS Ring Protection
- High accuracy one-step and two-step
PTP compliant with IEEE 1588v1/v2
and ITU-T G.8273.2 Class C
and IEEE 802.1AS-2020 support - SyncE compliant
- IEC 62439-3 – HSR/PRP High available seamless redundancy (Parallel Redundancy Protocol)
TSN (Optional)
- EEE 802.1CM-2018 Profile B
- IEEE 802.1AS-2020 – Timing and Synchronization 4 time domains plus 1 free running clock
- IEEE 802.1Qav, IEEE 802.1Qbv, IEEE 802.1Qbu
and 802.3br, IEEE 802.1Qci, IEEE 802.1CB
Synchronization and Precision Time Protocol
- High accuracy one-step and two-step PTP
compliant with - IEEE 1588v1/v2 and ITU-T G.8273.2 Class C
- SyncE compliant
- IEEE 802.1AS-2020 support
Let’s Discuss Your Project!
Tell Us More About You