Management Configuration
The management configuration is the network setup configuration that
- defines protocols and interfaces for effective network management,
- ensures secure and reliable access for administrators, and
- facilitates monitoring and control of network devices.
This section describes various aspects of the Out-Of-Band (OOB) management network in SONiC, including:
- SSH access to the router
- In-Band management using loopback interfaces
- Out-of-Band management using Out-of-Band management ports
- Management interface configuration (IPv4 address and vrf configuration)
SSH
SONiC uses Debian Linux's SSH daemon to provide users with SSH access to the router. This daemon is packaged with the SONiC image and starts automatically upon boot-up
Verify if the SSH daemon is loaded and running:
admin@sonic:~$ sudo systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/ssh.service.d
└─override.conf
Active: active (running) since Wed 2024-09-18 18:08:18 UTC; 6 days ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 887 (sshd)
Tasks: 7 (limit: 37468)
Memory: 15.9M
CGroup: /system.slice/ssh.service
├─ 887 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
├─4171620 sshd: admin [priv]
├─4171629 sshd: admin@pts/0
├─4171630 -bash
In-band management using Loopback interface
Loopback interfaces can be added in SONiC and they can be used to manage the router using the in-band network.
Create a Loopback interface using the config interface ip add command:
admin@sonic:~$ sudo config interface ip add Loopback0 10.1.1.1/32
admin@sonic:~$ sudo config save -y
Running command: /usr/local/bin/sonic-cfggen -d --print-data > /etc/sonic/config_db.json
Verify that the IP address was configured using the show ip interfaces command:
admin@sonic:~$ show ip interfaces
Interface Master IPv4 address/mask Admin/Oper BGP Neighbor Neighbor IP
----------- -------- ------------------- ------------ -------------- -------------
Ethernet0 192.1.2.2/30 up/down N/A N/A
Ethernet8 192.1.2.6/30 up/down N/A N/A
Ethernet16 192.1.2.10/30 up/down N/A N/A
Ethernet24 192.1.2.14/30 up/down N/A N/A
Loopback0 10.1.1.1/32 up/up N/A N/A
docker0 240.127.1.1/24 up/down N/A N/A
eth0 192.168.1.2/16 up/up N/A N/A
lo 127.0.0.1/16 up/up N/A N/A
You can add loopback interfaces to VRFs using the 'config interface vrf bind Loopback' command:
admin@sonic:~$ sudo config interface vrf bind Loopback0 Vrf-blue
Interface Loopback0 IP disabled and address(es) removed due to binding VRF Vrf-blue.
admin@sonic:~$ sudo config interface ip add Loopback0 10.1.1.1/32
admin@sonic:~$ sudo config save -y
Verify if the interface was added to Vrf-blue using the show vrf command:
admin@sonic:~$ show vrf Vrf-blue
VRF Interfaces
-------- ------------
Vrf-blue Loopback0
Verify if the interface was added to Vrf-blue using the show ip interfaces command:
admin@sonic:~$ show ip interfaces
Interface Master IPv4 address/mask Admin/Oper BGP Neighbor Neighbor IP
----------- -------- ------------------- ------------ -------------- -------------
Ethernet0 192.1.2.2/30 up/down N/A N/A
Ethernet8 192.1.2.6/30 up/down N/A N/A
Ethernet16 192.1.2.10/30 up/down N/A N/A
Ethernet24 192.1.2.14/30 up/down N/A N/A
Loopback0 Vrf-blue 10.1.1.1/32 up/up N/A N/A
docker0 240.127.1.1/24 up/down N/A N/A
eth0 192.168.1.2/16 up/up N/A N/A
lo 127.0.0.1/16 up/up N/A N/A
Out-of-Band management using Out-of-Band management ports
The management port of a Cisco 8000 router running SONiC is named eth0. By default, this interface is configured to obtain IP configuration using DHCP. SONiC CLI can be used to statically assign IP addresses, default routes, and VRF assignments for this interface.
Assign IP to the management interface:
sudo config interface ip add eth0 <interface-IP> <default-gateway>
Here <default-gateway> is an optional field for the default route to the management network
For example:
sudo config interface ip add eth0 192.168.1.2/16 192.168.0.1
Verify if the management interface has the correct IP configured:
cisco@R0:~$ show ip interfaces
Interface Master IPv4 address/mask Admin/Oper BGP Neighbor Neighbor IP
----------- -------- ------------------- ------------ -------------- -------------
docker0 240.127.1.1/24 up/down N/A N/A
eth0 192.168.1.2/16 up/up N/A N/A
lo 127.0.0.1/16 up/up N/A N/A
cisco@R0:~$
Verify the default route for management network using the show ip route:
cisco@R0:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
K>*0.0.0.0/0 [0/0] via 192.168.123.1, eth4, 00:01:21
C>*192.168.0.0/16 is directly connected, eth0, 00:01:24
Create a management VRF and add eth0 to the management VRF:
sudo config vrf add mgmt
This creates a Linux VRF called Vrf-mgmt and adds eth0 to VRF-mgmt
To remove the mgmt VRF and remove eth0:
sudo config vrf del mgmt
Save our changes to /etc/sonic/config_db.json using the config save -y comamnd:
config save -y
Verify if the vrf has been created and the management interface has been added to Vrf-mgmt
cisco@R0:~$ show mgmt-vrf
ManagementVRF : Enabled
Management VRF interfaces in Linux:
45: mgmt: <NOARP,MASTER,UP,LOWER_UP> mtu 65575 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 86:9a:75:43:65:b0 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 1280 maxmtu 65575
vrf table 5000 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master mgmt state UP mode DEFAULT group default qlen 1000
link/ether 02:98:d7:bd:d0:d6 brd ff:ff:ff:ff:ff:ff
46: lo-m: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master mgmt state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 9e:93:b0:fe:d3:50 brd ff:ff:ff:ff:ff:ff
cisco@R0:~$