BE Networks Blog

Upgrading SONiC NOS:
A CCIE’s Practical Guide to a Seamless Process

TL/DR: NOS upgrades can be a little challenging, if you want an easy way to automatically upgrade SONiC devices, Verity upgrades devices for you according to your specific needs with just a few clicks.

As a network engineer with a CCIE and years of hands-on experience with both proprietary and open-source network operating systems, I’ve seen firsthand how SONiC (Software for Open Networking in the Cloud) has changed the world of network infrastructure. Built on Linux and designed for hyperscale data centers, SONiC delivers flexibility and control at levels unmatched by traditional vendors. But with that power comes a learning curve—especially when it comes to something as critical as upgrading the NOS.

Here’s a step-by-step breakdown of how to safely and efficiently upgrade the SONiC NOS.

1. Understand Your Environment

Before upgrading, make a clear inventory of your current environment:

  • What version of SONiC are you running?
  • What hardware platform are you using (Broadcom, Nvidia/Mellanox, Marvell, etc.)?
  • Are you using a dual ToR (active-standby) or single ToR architecture?
  • What’s the upgrade path from your current version? (SONiC doesn’t always support direct upgrades between all versions.) Use the show version and show platform summary commands to document your baseline.

2. Pre-Upgrade Preparation

Preparation is the most critical phase. Backup your configurations using:

sudo config save -y

Export the configuration for external storage:

sudo config save /host/config_db.json

Next, validate your configuration syntax with:

sudo config validate /host/config_db.json

Finally, copy the target SONiC image to your device:

sudo wget <URL-to-SONiC-image>

For official releases, use the SONiC GitHub or your vendor’s portal.

3. Install the New Image

To install the new SONiC image, use the sonic-installer utility. It supports rollback and preserves your existing configuration (unless explicitly told not to).

sudo sonic-installer install <image-name> --skip-mount

To keep the current configuration across the upgrade:

sudo sonic-installer install <image-name> --skip-mount --preserve

If you’re testing, you can also set it as the next boot image without installing it immediately:

sudo sonic-installer set-next-boot <image-name>

4. Reboot and Verify

After installation:

sudo reboot

Post-reboot, verify the system state:

show version
show services
docker ps -a

You should also check that BGP neighbors come up, interfaces are active, and any custom services are running.

5. Rollback Plan

Even the best upgrade can fail. If needed, revert using:

sudo sonic-installer list
sudo sonic-installer install <previous-image-name> --skip-mount --preserve

Always maintain at least one known-good image on your switch to support rollback.

Final Thoughts

SONiC offers powerful capabilities, but unlike traditional vendor solutions, you own the entire upgrade lifecycle. The modular nature of SONiC, using containers for critical services like BGP, LLDP, and DHCP, means upgrades can sometimes impact isolated services without taking down the whole stack. Test thoroughly in a lab, automate where possible, and don’t underestimate the power of a pre-upgrade snapshot.

If you want an easy way to do SONiC upgrades, Verity has a NOS upgrade function that can be automated, scheduled, and even handles upgrading devices in bulk according to your needs.

Picture of Josh Saul

Josh Saul

VP Product Marketing

Josh Saul has pioneered open source network solutions for more than 25 years. As an architect, he built core networks for GE, Pfizer and NBC Universal. As an engineer at Cisco, Josh advised customers in the Fortune 100 financial sector and evangelized new technologies to customers. More recently, Josh led marketing and product teams at VMware (acquired by Broadcom), Cumulus Networks (acquired by Nvidia), and Apstra (acquired by Juniper).

en_US
Contact Us
We really like talking about networks!