Edgecore Networks Corporation

END USER LICENSE AGREEMENT

LEASE READ THIS END USER LICENSE AGREEMENT (THE “AGREEMENT”) CAREFULLY BEFORE USING SOFTWARE FROM EDGECORE. BY USING EDGECORE SOFTWARE (THE “SOFTWARE”), YOU SIGNIFY YOUR ASSENT TO AND ACCEPTANCE OF THIS END USER LICENSE AGREEMENT AND ACKNOWLEDGE YOU HAVE READ AND UNDERSTAND THE TERMS. AN INDIVIDUAL ACTING ON BEHALF OF AN ENTITY REPRESENTS THAT HE OR SHE HAS THE AUTHORITY TO ENTER INTO THIS END USER LICENSE AGREEMENT ON BEHALF OF THAT ENTITY. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, THEN YOU MUST NOT USE THE SOFTWARE. THIS END USER LICENSE AGREEMENT DOES NOT PROVIDE ANY RIGHTS TO EDGECORE SERVICES SUCH AS SOFTWARE MAINTENANCE, UPGRADES OR SUPPORT. PLEASE REVIEW YOUR SERVICE OR SUBSCRIPTION AGREEMENT(S) THAT YOU MAY HAVE WITH EDGECORE OR OTHER AUTHORIZED EDGECORE SERVICE PROVIDERS REGARDING SERVICES AND ASSOCIATED PAYMENTS.

1) Trademarks:

Edgecore, regardless of capital or lower case, is a registered trademark of Edgecore Networks Corporation. All other brand and product names are trademarks or registered trademarks of their respective owners. Protected trademarks are not marked as such herein. This does not mean, however that they may be used freely.

2) License grant:

"SOFTWARE” means the software contained in this package and any subsequent versions or upgrades received as a result of having down loaded this package. Edgecore grants YOU a license to use one copy of the version of this SOFTWARE only on a single Edgecore hardware. "YOU" or “BUYER” means a company, an entity or an individual taken as the original purchaser of the SOFTWARE. "USE" means storing, loading, installing, executing or displaying the SOFTWARE. YOU may not modify the SOFTWARE or disable any licensing or control features of the SOFTWARE except as an intended part of the SOFTWARE's programming features. This license is not transferable to any other company, entity or individual. YOU may not publish any registration information (serial numbers, registration keys, etc.) or pass it to any other company, entity or individual. BUYER may not electronically transfer the program from one Edgecore hardware to the other devices over any type of network. BUYER may not distribute copies of the SOFTWARE or the accompanying documentation to others either for a fee or without charge. BUYER may not modify or translate the SOFTWARE or documentation. BUYER may not disassemble the SOFTWARE or allow it to be disassembled into its constituent source code. BUYER's use of the SOFTWARE indicates his/her acceptance of these terms and conditions. If BUYER does not agree to these conditions, return the distribution media, documentation, and associated materials to the vendor from whom the SOFTWARE was obtained, and erase the SOFTWARE from any and all storage devices upon which it may have been installed.

3) Open Source Software:

Certain components of the SOFTWARE may incorporate “open source” software. To the extent required by an Open Source License that applies to Open Source Software included in or provided with the Software: (a) the terms of such Open Source License will apply to such Open Source Software instead of the terms of the license grant in this Agreement; and (b) any restrictions prohibited by such Open Source License that are contained in this Agreement will not apply to such Open Source Software. Notwithstanding the foregoing, SONiC is an open source Network Operating System (NOS) project and all the open source components and links to associated source code are available on the github at https://github.com/Azure/SONiC. The github will continuously get updated as the community adds new open source components to SONiC. Details are available on the Edgecore Networks Corporation, website (www.edge-core.com).

4) Ownership and Copyright:

The SOFTWARE is owned and copyrighted by Edgecore or Edgecore’s licensors. Your license confers no title or ownership of the SOFTWARE and should not be construed as a sale of any rights for the SOFTWARE. YOU acknowledge that the title and full ownership rights to the SOFTWARE will remain the exclusive property of Edgecore or Edgecore’s licensors and YOU will not acquire any rights to the SOFTWARE except as expressly set forth in this license. YOU agree that any copies of the SOFTWARE will contain the same proprietary notices which appear on and in the SOFTWARE.

5) Unauthorized Use:

YOU affirm that YOU will not attempt to reverse compile, modify, translate, or disassemble the SOFTWARE in whole or in part. It is strictly prohibited for YOU to use copy, rent, lease, sell, modify, decompile, disassemble, otherwise reverse engineer, or transfer the SOFTWARE except as provided in this Agreement. Any such unauthorized use shall result in immediate and automatic termination of this Agreement.

6) No Warranties:

This SOFTWARE is provided on an "AS IS" basis. Edgecore disclaims all warranties relating to this SOFTWARE, whether expressed or implied, including but not limited to any implied warranties of merchantability, non-infringement or fitness for a particular purpose. Neither Edgecore nor anyone else who has been involved in the creation, production, or delivery of this SOFTWARE shall be liable for any indirect, consequential, or incidental damages arising out of the use or inability to use such SOFTWARE, even if Edgecore has been advised of the possibility of such damages or claims. The person using the SOFTWARE bears all risk as to the quality and performance of the SOFTWARE. Some jurisdictions may not allow the exclusion of implied warranties or limitations on how long an implied warranty may last, or the exclusion or limitation of incidental or consequential damages, so that the above given limitations or exclusions may not apply to YOU.

7) Limited Liability:

BUYER acknowledges that the SOFTWARE may not be free from defects and may not satisfy all of BUYER's needs. Edgecore warrants all media on which the SOFTWARE is distributed for 90 days to be free from defects in materials and workmanship under normal use. The SOFTWARE and any accompanying written materials are licensed "AS IS". BUYER's exclusive remedy during the warranty period shall consist of replacement of distribution media if determined to be faulty. In no event will Edgecore be liable for direct, indirect, incidental or consequential damage or damages resulting from loss of use, or loss of anticipated profits resulting from any defect in the program, even if it has been advised of the possibility of such damage. In no event will Edgecore's liability for any claim, whether in contract, tort or any other theory of liability, exceed the aggregate amount paid by YOU for the SOFTWARE.

8) Compliance with laws:

Each party agrees to comply with all applicable laws, rules and regulations in connection with its activities under this Agreement. Without limiting the foregoing, YOU acknowledge and agrees that the Software, including technical data, is subject to United States export control laws, including the United States Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. End User agrees to comply strictly with all such regulations and acknowledges that End User has the responsibility to obtain licenses to export, re-export, or import the SOFTWARE.

9) Termination:

Without prejudice to any other rights, Edgecore may immediately terminate this license without notice if YOU fail to comply with any terms and conditions of this Agreement. In such event, YOU must: 1. Cease all use of the SOFTWARE; 2. Destroy or return to Edgecore the original and all copies of the SOFTWARE; and 3. Delete the SOFTWARE from all Edgecore hardware on which it was resident. All disclaimers of warranties and limitation of liability set forth in this Agreement shall survive termination of this Agreement.

10) Governing Law and Jurisdiction:

This Agreement shall be governed by the laws of California, USA, excluding its conflict of law provisions. To the extent permitted by law, any Dispute any dispute arising out of or relating to this Agreement shall be subject to the exclusive jurisdiction of the state and federal courts located in Orange County, California, USA.

11) General:

This Agreement represents the complete agreement between YOU and Edgecore relating to this license for the SOFTWARE and supersedes all prior agreements, communications, proposals and representations between the parties and prevails over any conflicting or additional terms of any quote, order, acknowledgement or similar communication. This Agreement may only be modified by a written document signed by both parties. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law that provision will be enforced to the maximum extent permissible and the remaining provisions of this Agreement will remain in full force and effect. All rights not expressly granted herein are reserved to Edgecore Networks Corporation.

[Enterprise SONiC] VRF(Virtual routing and forwarding) Follow

shark_huang 黃昭穎

February 27, 2025 05:58
Updated

Basic VRF
Management VRF
Leaking VRF Routes

Tested model & firmware version:

Switch model name:

DCS203 (AS7362-56X)

DCS204 (AS7726-32X)

DCS201,202 (AS5835-54X(T))

Edgecore SONiC version:

202006.4

202012.2

202111.3 ~ 202111.9

Restriction:

The naming rule of VRF begin with "Vrf". The name of the management VRF is "mgmt".
If you assign IP to the interface without VRF instance binding, it will use the default VRF for this routing entry.
When the MGMT VRF is enabled, if you want to use out-of-band management network, you need to assign MGMT VRF to run the command.
In certain case, the VRF configuration will let the breakout command return failed, detail please refer the "[Enterprise SONiC] Dynamic Port Breakout" section.
The directly connected routes that leaked from other VRFs will be forwarded to CPU, instead of ASIC, so it causes low performance.(This has been resolved in version 202111.10 and later.)
Known issues:
- SONIC-8208: If there is a VRF configuration with a name that includes '-' or '_' and a user assigns the IP address to the VRF's member using FRR, the FRR configurations will be missing after saving and rebooting. Workaround: Please use SONIC command to configure the IP and VRF binding. (It is resolved in 202111.9)
- SONIC-7795: An issue where routes cannot be written to switch ASIC when the management VRF is enabled and a configuration reload is executed.(It is resolved in 202111.8)
- SONIC-6408: The issue of container crashing when adding an interface to a VLAN while the interface is bound to a VRF.(It is resolved in 202111.5)

Basic VRF

Step 1. Create VRF instance

admin@sonic:~$ sudo config vrf add Vrf_01

Caution: When you create VRF instance, it has naming rule. The head of the naming string must be "Vrf".

Step 2. Binding the Ethernet0/VLAN10 to VRF instance.

admin@sonic:~$ sudo config interface vrf bind Ethernet0 Vrf_01
admin@sonic:~$ sudo config interface vrf bind Vlan10 Vrf_01

Caution: If there's an IP address on Ethernet0 after binding the VRF, the IP address will be removed.

Step 3: Adding IP address on Ethernet0 (refer to this article)

Step 4. Checking the VRF

admin@sonic:~$ show vrf
VRF     Interfaces
------  ------------
Vrf_01  Ethernet0
        Vlan10

admin@sonic:~$ show ip interfaces
Interface    Master    IPv4 address/mask    Admin/Oper    BGP Neighbor    Neighbor IP
-----------  --------  -------------------  ------------  --------------  -------------
Ethernet0    Vrf_01    192.168.1.1/24       up/up         N/A             N/A
Vlan10       Vrf_01    192.168.10.1/24      up/up       N/A             N/A
docker0                240.127.1.1/24       up/down       N/A             N/A
eth0                   188.188.97.31/16     up/up         N/A             N/A
lo                     127.0.0.1/8          up/up         N/A             N/A

Step 5: Checking the routing table.

You may check the routing table for the VRF instance or check all of the routing tables.

admin@sonic:~$ show ip route vrf Vrf_01
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

C>*192.168.1.0/24 is directly connected, Ethernet0, 00:04:25
K>*192.168.1.1/32 [0/0] is directly connected, Ethernet0, 00:04:25
C>*192.168.10.0/24 is directly connected, Vlan10, 00:04:11
K>*192.168.10.1/32 [0/0] is directly connected, Vlan10, 00:04:11

admin@sonic:~$ show ip route vrf all
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

VRF Vrf_01:
C>*192.168.1.0/24 is directly connected, Ethernet0, 00:05:26
K>*192.168.1.1/32 [0/0] is directly connected, Ethernet0, 00:05:26
C>*192.168.10.0/24 is directly connected, Vlan10, 00:05:12
K>*192.168.10.1/32 [0/0] is directly connected, Vlan10, 00:05:12

VRF default:
C>*188.188.0.0/16 is directly connected, eth0, 17:43:26

Management VRF

Step 1. Create Management VRF

admin@sonic:~$ sudo config vrf add mgmt

Step 2. Checking the Management VRF

admin@sonic:~$ show mgmt-vrf

ManagementVRF : Enabled

Management VRF interfaces in Linux:
128: mgmt: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 52:2f:cc:b8:28:b5 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 1500
    vrf table 5000 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master mgmt state UP mode DEFAULT group default qlen 1000
    link/ether 80:a2:35:4f:4f:40 brd ff:ff:ff:ff:ff:ff
129: lo-m: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master mgmt state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 0a:25:2e:1f:32:90 brd ff:ff:ff:ff:ff:ff

admin@sonic:~$ show ip interfaces
Interface    Master    IPv4 address/mask    Admin/Oper    BGP Neighbor    Neighbor IP
-----------  --------  -------------------  ------------  --------------  -------------
Ethernet0    Vrf_01    192.168.1.1/24       up/up         N/A             N/A
Loopback0              10.1.0.1/32          up/up         N/A             N/A
docker0                240.127.1.1/24       up/down       N/A             N/A
eth0         mgmt      188.188.97.31/16     up/up         N/A             N/A
lo                     127.0.0.1/8          up/up         N/A             N/A
lo-m         mgmt      127.0.0.1/8          up/up         N/A             N/A

Step 3: Checking the routing table.

admin@sonic:~$ show ip route vrf mgmt
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

VRF mgmt:
K>* 0.0.0.0/0 [0/0] via 188.188.1.1, eth0, 00:12:12
C>* 188.188.0.0/16 is directly connected, eth0, 00:12:12


admin@sonic:~$ show ip route vrf all
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

VRF Vrf_01:
C>* 192.168.1.0/24 is directly connected, Ethernet0, 00:01:04

Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

C>* 10.1.0.1/32 is directly connected, Loopback0, 00:01:05

Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route
VRF mgmt:
K>* 0.0.0.0/0 [0/0] via 188.188.1.1, eth0, 00:01:21
C>* 188.188.0.0/16 is directly connected, eth0, 00:01:21

Caution: About the Restriction 2, you need to assign MGMT VRF to run the command.

For example:

admin@sonic:~$ ping 8.8.8.8
connect: Network is unreachable     ---> If you didn't assign the MGMT VRF to run the command, it will use in-band data plane network (default VRF).

admin@sonic:~$ sudo ip vrf exec mgmt ping 8.8.8.8 -c 5
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=2.86 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=2.64 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=2.70 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=57 time=2.88 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=57 time=2.83 ms

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 10ms
rtt min/avg/max/mdev = 2.637/2.782/2.877/0.095 ms

Leaking VRF Routes

Restriction:

The directly connected routes that leaked from other VRFs will be forwarded to CPU, instead of ASIC, so it causes low performance.(This has been resolved in version 202111.10 and later.)

Topology:

Setting:

Step 1: Enter Vty shell.

admin@sonic:~$ vtysh

Hello, this is FRRouting (version 8.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

sonic#

Step 2: Set the routing leaking.

sonic# configure terminal
sonic(config)# vrf Vrf200
sonic(config-vrf)# ip route 192.168.10.0/24 Vlan100 nexthop-vrf Vrf100
sonic(config-vrf)# exit
sonic(config)# vrf Vrf100
sonic(config-vrf)# ip route 192.168.20.0/24 Vlan200 nexthop-vrf Vrf200

Step 3: Check the routing table.

sonic# show ip route vrf all
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure

VRF Vrf100:
C>* 192.168.10.0/24 is directly connected, Vlan100, 00:11:44
K>* 192.168.10.254/32 [0/0] is directly connected, Vlan100, 00:11:44
S>* 192.168.20.0/24 [1/0] is directly connected, Vlan200 (vrf Vrf200), weight 1, 00:00:07

VRF Vrf200:
S>* 192.168.10.0/24 [1/0] is directly connected, Vlan100 (vrf Vrf100), weight 1, 00:00:26
C>* 192.168.20.0/24 is directly connected, Vlan200, 00:11:34
K>* 192.168.20.254/32 [0/0] is directly connected, Vlan200, 00:11:34

VRF default:
C>* 188.188.0.0/16 is directly connected, eth0, 00:19:03

Ping from Host1 to Host2

root@ts:~# ping 192.168.20.1 -c 5
PING 192.168.20.1 (192.168.20.1) 56(84) bytes of data.
64 bytes from 192.168.20.1: icmp_seq=1 ttl=63 time=1.19 ms
64 bytes from 192.168.20.1: icmp_seq=2 ttl=63 time=1.47 ms
64 bytes from 192.168.20.1: icmp_seq=3 ttl=63 time=1.46 ms
64 bytes from 192.168.20.1: icmp_seq=4 ttl=63 time=1.34 ms
64 bytes from 192.168.20.1: icmp_seq=5 ttl=63 time=1.33 ms

--- 192.168.20.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4008ms
rtt min/avg/max/mdev = 1.186/1.359/1.472/0.104 ms

Comments

2 comments

Johnny Wong

March 28, 2024 20:13

Edited
In SONiC is it possible to bind a VRF to a VLAN/SVI? Instead of a physical port?

I ask because would it be possible to bind mgmt-vrf to a management VLAN (ie 100) instead of binding it to a port for in-band management
0

Comment actions Permalink
shark_huang 黃昭穎

March 29, 2024 01:30
Hello, Johnny

It could bind the VRF to VLAN, and we also support the in-band management.
Here's the way to bind the VRF to VLAN.

sudo config vrf add Vrf1
sudo config interface vrf bind Vlan10 Vrf1

And here's the way to enable the in-band management.

sudo config in-band-mgmt enable

sudo config interface vrf bind Vlan10 mgmt

If you want to know the details, you may submit the ticket to our system.
Here's the link.
https://support.edge-core.com/hc/en-us/requests/new

Thank you
0

Comment actions Permalink

Please sign in to leave a comment.

Category

[Enterprise SONiC] VRF(Virtual routing and forwarding) Follow

Tested model & firmware version:

Restriction:

Basic VRF

Management VRF

Leaking VRF Routes

Restriction:

Topology:

Setting:

Comments

Articles in this section

Edgecore Networks Corporation

END USER LICENSE AGREEMENT

1) Trademarks:

2) License grant:

3) Open Source Software:

4) Ownership and Copyright:

5) Unauthorized Use:

6) No Warranties:

7) Limited Liability:

8) Compliance with laws:

9) Termination:

10) Governing Law and Jurisdiction:

11) General:

Category

Tested model & firmware version:

Restriction:

Basic VRF

Management VRF

Leaking VRF Routes

Restriction:

Topology:

Setting:

Related articles

Articles in this section