Device Maintenance

version image copy version image copy the device supports multiple methods to copy version images onto the target device for upgrading the device copies the image as a tftp client the device copies the image as a tftp client in this scenario, the device and a file server establish communication the device functions as a tftp client, while the file server operates as a tftp server the objective is to download the version image stored on the server to the device, thereby accomplishing the software version upgrade configure the ip address of the file server, ensuring that the file server and the device are routable start the tftp server on the device to initiate the download of the version image admin\@sonic $ tftp tftp> help tftp> connect (to) 150 1 0 1 tftp> get asternos v5 2r001 bin received 17437 bytes in 0 0 seconds tftp> quit admin\@sonic $ ls asternos v5 2r001 bin copying images using scp copying images using scp configure the ip address of the file server to ensure that the file server and the device are reachable via routing on the device, use the scp command to complete the download of the version image admin\@sonic $ sudo scp server\@192 168 0 100 /share/ asternos v5 2r001 bin admin\@sonic $ ls asternos v5 2r001 bin copying images using a usb drive copying images using a usb drive this method is suitable when there is no network environment available, and you need to copy the version image to the device typically, the usb port of the device is located on the front panel insert the usb drive containing the system image into the device's usb port execute a command to view the disk name corresponding to the usb drive admin\@sonic $ sudo /sbin/fdisk l create a directory for mounting the usb drive admin\@sonic $ sudo mkdir /mnt/usb/ mount the usb drive take the example of /dev/sdb4 as the path for the usb drive, but please adjust according to the actual situation admin\@sonic $ sudo mount /dev/sdb4 /mnt/usb navigate to the directory of the mounted disk and copy files from the disk to the device admin\@sonic $ cd /mnt/usb admin\@sonic /mnt/usb/$ sudo cp asternos v5 2r001 bin /home/admin admin\@sonic $ ls asternos v5 2r001 bin executing the upgrade command executing the upgrade command operation command description execute the upgrade command image update image name if a configuration upgrade is required, please execute the "write" command to save the configuration before proceeding with the upgrade once the upgrade is completed without any errors, you'll need to manually restart the device to switch to the new version display the version show version version rollback version rollback when there are multiple available image versions in the current system, the device supports version rollback first, use the sonic installer list command to check the currently available versions on the device sonic# system bash use 'exit' to return sonic cli admin\@sonic $ sudo sonic installer list current sonic os v5 2r015 20251230 203457 # current version next sonic os v5 2r015 20251230 203457 # the version to be used at the next startup available sonic os v5 2r015 20251230 203457 # available versions sonic os v5 2r015t06 20251226 151841 # available versions according to the output of "sonic installer list", there are two available image versions on the device the default startup item is the currently running version (v5 2r015 20251230 203457) it is possible to roll back to the other version (v5 2r015t06 20251226 151841) users can roll back the version using the set default command, setting the version for the next startup to v5 2r015t06 20251226 151841 admin\@sonic $ sudo sonic installer set default sonic os v5 2r015t06 20251226 151841 verification admin\@sonic $ sudo sonic installer list current sonic os v5 2r015 20251230 203457 # current version next sonic os v5 2r015t06 20251226 151841 # the version to be used at the next startup available sonic os v5 2r015 20251230 203457 # available versions sonic os v5 2r015t06 20251226 151841 # available versions restart to apply changes admin\@sonic $ sudo reboot in this way, the rolled back version will be started one click collection of operation and maintenance information one click collection of operation and maintenance information when operation and maintenance personnel remotely troubleshoot on site faults, they often need to communicate multiple times to check the configuration status of on site switches to facilitate collecting more information at one time, a quick operation and maintenance command is added to collect switch information after executing this command, the compressed file is saved to the fixed directory /var/dump/, which can be copied admin\@sonic $ show techsupport the switch allows users to collect logs and core files from a specified date onwards using "since", or to specify the number of logs to collect using "count" for example admin\@sonic $ show techsupport since 2026 01 16 count 2 system memory monitor system memory monitor this operation is used to enable the system memory protection mechanism of the switch this mechanism monitors the system memory and the status of processes within the container in real time when an abnormality is detected, it automatically triggers hierarchical recovery operations (such as alarms, termination of non critical processes) it aims to prevent the system from getting stuck due to memory exhaustion or process abnormalities and reduce the need for manual intervention after this function is enabled, the system will perform a memory status check every five minutes note this function is disabled by default and needs to be enabled manually processing method when memory exceeds the threshold processing method when memory exceeds the threshold if a single process exceeds 30%, the system outputs an alarm log 。 if a single process exceeds 50%, the system outputs an alarm log if the process is a non critical process, the system automatically terminates it; if it is a critical process, only an alarm is issued without termination 。 when the total memory exceeds 80%, the system outputs an alarm log when the total memory exceeds 95%, the system outputs an alarm log it automatically terminates the current non critical process with the highest memory usage (top 1) if the process is a critical process, it will not be terminated configuration method configuration method enable global memory monitoring and automatic processing functions sonic# configure sonic(config)# system memory monitor kill process enable turn off the global memory monitoring and automatic processing functions sonic# configure sonic(config)# no system memory monitor kill process enable bandwidth utilization exceeds threshold alarm bandwidth utilization exceeds threshold alarm this operation is used to set bandwidth alarms for specified interfaces when the utilization rate exceeds the set threshold, the system will generate an alarm log; when the utilization rate drops below the recovery threshold, the alarm will be cleared 1\ enter the configuration view of the specified interface you need to first enter the interface view you want to configure (for example, ethernet2) sonic# configure sonic(config)# interface ethernet 2 sonic(config if 2)# 2\ configure alarm thresholds in the interface view, use the log threshold command for configuration you can set both incoming and outgoing directions (both) at the same time, or set the outgoing direction (tx) or incoming direction (rx) separately command format\ log threshold direction alert threshold resume threshold sonic(config if 2)#log threshold both 70 60 after the configuration is completed, you can use the show command to check the global default values and the custom alarm configurations on all interfaces run the following command directly in the privileged exec mode (sonic#) sonic# show interface log threshold interface default bandwidth utilization rx/tx alert threshold 80%, resume threshold 75% customer defined interface rx alert threshold rx resume threshold tx alert threshold tx resume threshold \ ethernet2 70 60 70 60 license explanation license explanation switches come with a default license in their factory settings if you need to apply for a license, please visit the asterfusion help website ( https //help cloudswit ch/portal/en/newticket ) for support users can check the device's license status using "show license status" sonic# show license status license name all 19710101 license md5 fab126157378dd632cc607d0c00488cd valid true build time 1970 12 31 16 07 24 valid to 2026 07 19 09 39 08 feature status \ igmp true tunnel true router protocol true cli true vailid to：the valid time of the device's license if the switch's license expires, users are allowed to enter the system configuration view but cannot configure igmp, tunnel, route protocol, etc (existing relevant configurations will still take effect but cannot be modified ) feature：features controlled by license igmp：valid value true/false, indicating whether the multicast function (igmp snooping) is enabled tunnel：valid value true/false, indicating whether the tunnel function (gre, vxlan) is enabled route protocol：valid values are true/false, indicating whether the routing policy functions (bgp, ospf) are enabled cli：the valid values are true/false, indicating whether the command line is enabled if it is not enabled, you cannot enter the system configuration view license usage license usage when a device needs to apply a newly obtained license file, the file should be placed in the /etc/sonic/lic directory of the switch admin\@sonic $ sudo cp path/ sn time license /etc/sonic/lic verification sonic# system bash use 'exit' to return sonic cli admin\@sonic $ cd /etc/sonic/lic admin\@sonic /etc/sonic/lic$ ls sn time license license update sonic# license update network connectivity check network connectivity check explanation of this section the functions and standard operation methods of the two basic network diagnostic tools, ping and traceroute the standard troubleshooting approach is first use ping to confirm connectivity and basic quality, and if a problem is found, then use traceroute to locate the specific network node where the fault occurs 。 ping ping the ping command is used to test the network layer connectivity, round trip delay, and stability between a local device and a target ip address or domain name it is the first tool used in network troubleshooting in the device's command line interface, executing the ping command requires specifying the target address and supports users to append optional parameters as needed sonic# ping 192 168 0 1 source source ip address (ip) or interface (ip and arp) or vrf repeat requests to send count, default is 5 resolve resolve names broadcast ping broadcast address size packet size interval the time interval between packets, default is 1 flood flood ping interpretation of execution results interpretation of execution results output/phenomenon possible causes and key points for troubleshooting destination host unreachable icmp destination unreachable, replied by intermediate routing devices (usually gateways) it indicates that the gateway knows how to reply, but the route to the destination does not exist or arp fails check the switch's default route and gateway arp table (show arp) request timeout 1 one way traffic failure the outgoing or incoming path is blocked 2\ the peer or intermediate device drops icmp common in security policies 3\ severe routing black hole action immediately execute traceroute or use the i option to change the source address for testing to identify the interruption point unknown host dns resolution failed check sonic's dns configuration cat /etc/resolv conf, and try pinging the ip address directly to distinguish whether it is a network issue or a dns issue large avg/max or large mdev network congestion, poor link quality, or circuitous paths it is necessary to check the delay of each hop using traceroute intermittent packet loss it may be caused by link fluctuations, unstable arp tables, or queue congestion use ping c 100 for continuous testing check the error packet counts and logs of relevant interfaces on sonic (show logging) traceroute traceroute the traceroute command is used to discover and display the complete path (each hop router) that data packets take from the source device to the target host, and to measure the delay to each hop when the network is unavailable or the delay is too high, it can accurately locate the network node where the fault occurs in the device command line, enter traceroute followed by the target address sonic# traceroute 192 168 15 81 resolve resolve names source source ip address interpretation of execution results interpretation of execution results output/phenomenon possible causes and key points for troubleshooting timeout try switching the t or i protocol !h / !n the host/network is unreachable the router clearly indicates that there is no route check the hop device !x / !a management policy prohibits/communication rejected explicitly blocked by security devices (acl, firewall) sudden increase in delay the current hop or the previous hop has network congestion or a poor path further analysis is needed in combination with the topology the end of the path is reachable, but the application is not accessible the path is normal; the problem may be at the application layer (service not listening, higher level firewall)