BE Networks
Book Demo

Enterprise SONiC Features to Get Excited About in 2026

BE Networks Blog

SONiC in 2026:
What I’m Excited About

I’ve spent enough years building fabrics, automating changes, and staying close to the open source networking community to know the difference between a demo feature and a production feature. The things that matter most are the ones that reduce operational friction, improve recovery, and make the network easier to automate with confidence.

That is why the Enterprise SONiC distributions are so interesting in 2026. Across recent SONiC release notes, current high-level design work, and active roadmap items, vendors are moving forward on the fundamentals serious operators care about most: simpler underlays, better scale, stronger security, faster failure detection, and cleaner auditability.

Based on my information I’ve gathered, this is what we can look forward to as we progress through the year.

Auto-BGP

When I say Auto-BGP, I mean the operational model built around BGP unnumbered. SONiC’s IPv6 link-local enhancements support auto-generated link-local addresses on interfaces, neighbor discovery of remote link-local peers, and BGP peering on unnumbered interfaces where the remote peer is dynamically discovered. The configuration model is interface-based instead of address-based, which is exactly what you want in a fabric you plan to automate at scale. Less IP bookkeeping and fewer opportunities for simple human error (because even I’m not perfect!) is a big win.

Debian 12 rebase

Debian 12 rebase Base OS rebases are never glamorous, but they change your day-to-day life fast. SONiC’s Debian upgrade cadence explicitly says the goal is to keep both the base image and containers aligned with the most recent Debian for features, bug fixes, and security updates. The release notes show the move to Bookworm in 202405, with 202411 and 202505 continuing on Debian 12. That matters because it lifts the entire operational foundation underneath the NOS, from the kernel to Python, FRR, and Redis. Now the Enterprise SONiC distributions are converging on release 12. For teams that treat networking like software, that is a real feature, not housekeeping.

VXLAN/EVPN Scale enhancements

A few years ago, the conversation was mostly about whether SONiC could do EVPN and VXLAN cleanly enough for production. In 2026, the better question is how well it scales and how gracefully it behaves under load and failure. SONiC’s EVPN VXLAN design calls out remote VTEP auto-discovery, auto-provisioning of tunnels and VLANs, L2 and L3 VPN services, dual-homing support, control-plane MAC learning, and ARP suppression to reduce flooding. On top of that, the overlay ECMP with BFD design sets explicit scale targets such as 512 ECMP groups, 128 members per group, 16,000 overlay routes, 4,000 tunnel endpoints, and 4,000 BFD monitors. That is the kind of detail that tells me that ASIC designers are thinking about real customer environments, not just feature checklists. 

MACsec

MACsec

MACsec is moving from a security checkbox to a real operational tool. SONiC’s MACsec design includes per-port enablement, coexistence with port channels, AES-128 and AES-256 ciphers, hitless SAK replacement, XPN support, proactive key refresh, and show commands for session and statistics visibility. It also addresses PFC interaction, which tells you this is being treated as something people will actually run and monitor in production. For anyone who needs link-level encryption without giving up operational clarity, that is a feature worth paying attention to. I know personally a few customers that were previously unable to deploy SONiC because this feature wasn’t available from their chosen vendor, that limitation is removed in a near term release.

Private VLANs

Private VLANs are not flashy, but they solve a very practical problem that has never gone away: how to isolate hosts that share the same segment without overcomplicating the design. For shared services, protected edge ports, and certain multi-tenant designs, that is exactly the kind of simple capability that we need.  This provides a great way to offer microsegmentation for various hypervisors.

BFD for static routing

I have nothing against static routes when they are the right tool. What I can’t stand is static routing with ambiguous failure detection. SONiC’s static route BFD design addresses that directly by creating a BFD session for each static route next hop and then installing, updating, or removing the route based on BFD session state. OMG where have you been all my life?

EVPN-MH

EVPN multihoming is the right kind of modernization because it solves an old problem in a cleaner, more standards-based way. SONiC’s EVPN MH design targets EVPN-based all-active access redundancy, support for the traffic flows people historically expected from older multi-chassis designs, static anycast gateway, multihomed Ethernet segments, ARP and ND suppression, and both Type-0 and Type-3 Ethernet Segment IDs. In plain English, that means a more elegant path to active-active edge connectivity, with less architectural baggage and a better fit for modern EVPN fabrics. 

Adaptive Routing & Switching

Adaptive Routing & Switching

This is one of the most interesting things on the horizon. The Local ARS high-level design describes dynamic path selection based on real-time network conditions, with local decisions driven by egress port utilization and the ability to identify microflows inside larger macro flows. If this matures the way I hope, it could become one of the most important forwarding intelligence improvements in the SONiC ecosystem.

ACL logging

ACL logging is the kind of day-two feature operators love because it turns policy into evidence. SONiC already has a solid ACL foundation with permit and deny actions, mirror actions, and per-rule packet and byte counters. Its syslog stack also supports configurable source IP, server port, VRF, protocol, severity, and filtering. My view is that this foundation makes ACL logging one of the most useful practical capabilities to care about in 2026, because it helps close the gap between what the policy says should happen and what the network is actually doing.

TACACS Accounting

Authentication without accounting is only half the story. SONiC’s TACACS improvement work explicitly adds user command accounting to the TACACS server, records command start and finish events, supports local accounting to syslog, masks secrets in recorded events, and exposes configuration knobs for authorization and accounting modes. Anyone who has ever had to answer the question “who changed what, and when?” already knows why this matters. No more “I didn’t do it!” finger pointing amongst the team.

Looking forward…

What excites me most about Enterprise SONiC in 2026 is not a single shiny feature, it’s the pattern. The underlay is getting simpler. The base operating system is getting stronger. EVPN and VXLAN are getting deeper scale and resiliency improvements. Security and auditability are becoming first-class concerns instead of afterthoughts, and the roadmap is still pushing toward smarter forwarding behavior.

That is the point where an open NOS stops being merely functional and starts becoming operationally compelling.

Picture of Josh Saul

Josh Saul

Senior Vice President – Product

Josh Saul has pioneered open source network solutions for more than 25 years. As an architect, he built core networks for GE, Pfizer and NBC Universal. As an engineer at Cisco, Josh advised customers in the Fortune 100 financial sector and evangelized new technologies to customers. More recently, Josh led marketing and product teams at VMware (acquired by Broadcom), Cumulus Networks (acquired by NVIDIA), and Apstra (acquired by Juniper).

en_US
ja ko_KR de_DE es_ES fr_FR nl_NL ar he_IL en_US
Contact Us
We really like talking about networks!