Upgrading SONiC NOS: A CCIE’s Practical Guide to a Seamless Process
TL/DR: NOS upgrades can be a little challenging, if you want an easy way to automatically upgrade SONiC devices, Verity upgrades devices for you according to your specific needs with just a few clicks.
As a network engineer with a CCIE and years of hands-on experience with both proprietary and open-source network operating systems, I’ve seen firsthand how SONiC (Software for Open Networking in the Cloud) has changed the world of network infrastructure. Built on Linux and designed for hyperscale data centers, SONiC delivers flexibility and control at levels unmatched by traditional vendors. But with that power comes a learning curve—especially when it comes to something as critical as upgrading the NOS.
Here’s a step-by-step breakdown of how to safely and efficiently upgrade the SONiC NOS.
1. Understand Your Environment
Before upgrading, make a clear inventory of your current environment:
- What version of SONiC are you running?
- What hardware platform are you using (Broadcom, Nvidia/Mellanox, Marvell, etc.)?
- Are you using a dual ToR (active-standby) or single ToR architecture?
- What’s the upgrade path from your current version? (SONiC doesn’t always support direct upgrades between all versions.) Use the
show versionandshow platform summarycommands to document your baseline.
2. Pre-Upgrade Preparation
Preparation is the most critical phase. Backup your configurations using:
sudo config save -yExport the configuration for external storage:
sudo config save /host/config_db.jsonNext, validate your configuration syntax with:
sudo config validate /host/config_db.jsonFinally, copy the target SONiC image to your device:
sudo wget <URL-to-SONiC-image>For official releases, use the SONiC GitHub or your vendor’s portal.
3. Install the New Image
To install the new SONiC image, use the sonic-installer utility. It supports rollback and preserves your existing configuration (unless explicitly told not to).
sudo sonic-installer install <image-name> --skip-mountTo keep the current configuration across the upgrade:
sudo sonic-installer install <image-name> --skip-mount --preserveIf you’re testing, you can also set it as the next boot image without installing it immediately:
sudo sonic-installer set-next-boot <image-name>4. Reboot and Verify
After installation:
sudo rebootPost-reboot, verify the system state:
show version
show services
docker ps -aYou should also check that BGP neighbors come up, interfaces are active, and any custom services are running.
5. Rollback Plan
Even the best upgrade can fail. If needed, revert using:
sudo sonic-installer list
sudo sonic-installer install <previous-image-name> --skip-mount --preserveAlways maintain at least one known-good image on your switch to support rollback.
Final Thoughts
SONiC offers powerful capabilities, but unlike traditional vendor solutions, you own the entire upgrade lifecycle. The modular nature of SONiC, using containers for critical services like BGP, LLDP, and DHCP, means upgrades can sometimes impact isolated services without taking down the whole stack. Test thoroughly in a lab, automate where possible, and don’t underestimate the power of a pre-upgrade snapshot.
If you want an easy way to do SONiC upgrades, Verity has a NOS upgrade function that can be automated, scheduled, and even handles upgrading devices in bulk according to your needs.
Josh Saul
VP Product Marketing
Josh Saul has pioneered open source network solutions for more than 25 years. As an architect, he built core networks for GE, Pfizer and NBC Universal. As an engineer at Cisco, Josh advised customers in the Fortune 100 financial sector and evangelized new technologies to customers. More recently, Josh led marketing and product teams at VMware (acquired by Broadcom), Cumulus Networks (acquired by Nvidia), and Apstra (acquired by Juniper).
