PicOS Configuration Guide V4.5

This document provides a comprehensive guide to configuring PicOS version 4.5, detailing features, hardware compatibility, and operational procedures for a wide range of network switches.

Release Notes for PICOS 4.5

These release notes summarize new features, hardware support, known bugs, and bug fixes for PICOS 4.5. It is recommended to read all content before upgrading. PICOS 4.5.0E is an Early Sales Support (ESS) stable version for specific customer deployments. PICOS 4.5.1E is an evaluation release for the N8550-24CD8D platform. PICOS 4.5.2E is an ESS version for the N9600-64OD. PICOS 4.5.0M2 is a General Availability (GA) release with enhanced stability and performance, supporting most platforms except S3410, S3270, N5860-48S6 Q, N8550-24CD8D, and N9600-64OD switches.

New Features in 4.5.0E include:

Layer 2 and Layer 3: IPv6 ND Inspection, IPv6 ND Snooping, MPLS, PIM BSR, Ingress Buffer management, PFC Watchdog Manual Control, PFC Deadlock Prevention, Easy ECN, DLB (Dynamic Load Balance), Standby IP Address, Perpetual PoE, and gRPC monitoring for PFC/ECN.
Feature Enhancements: DHCP Server Enhancement (resolving relay scenario issues), DHCP ZTP, 400G Port Splitting (N9550-32D/AS9716-32D), and PBR ECMP.
L2L3 WEB: Access Control for Layer 2 and Layer 3 WEB access is supported and enabled by default on some switches, while disabled by default on others.

Fixed Issues: Several issues related to MLAG, port LEDs, 802.1X reauthentication, SNMP LLDP retrieval, DHCP server address assignment, CLI output, system crashes, CPU usage, ACL VRRP MAC installation, VLAN removal, serial number reading, and MAC address learning have been fixed in various versions.

Known Limitations: Specific limitations exist for platforms like N9600-64OD (e.g., sub-interface issues, port light behavior, undersized packet counting, BMC light status, unsupported front panel ports, packet size limitations, software-based MAC learning), N9550-32D (e.g., LAG hash modes, QoS egress queues, firewall filter policer configuration), and S3410 series (e.g., unsupported OVS, CrossFlow, USB installation, specific upgrade methods, limited SSH connections).

Hardware Guides

This section details hardware compatibility, use precautions, and outlines the machine characteristics, front and rear panel schematics, and port configurations for various switch models.

Hardware Compatibility

The document lists supported hardware platforms and their ASIC types by vendor, including FS Switches, EdgeCore/Accton Switches, and Delta/Agema Switches. Detailed tables provide platform names, ASIC vendors, chips, port configurations, CPU types, license types, and release installation information.

FS Switches: Includes models like S5810 Series, S5860 Series, S3410 Series, N5850 Series, N8550 Series, N8560 Series, N9550 Series, and N9600 Series, detailing their ASIC types (Broadcom BCM563, BCM561, BCM568, BCM567, BCM569) and installation methods (rboot, uboot, ONIE).

EdgeCore/Accton Switches: Covers 100G, 40G, 25G, 10G, Multi-Gig, and 1G switch portfolios with models such as AS7816-64X, AS9716-32D, AS4610 Series, AS4625 Series, AS4630 Series, AS5712 Series, AS5812 Series, AS5835 Series, AS6812 Series, AS7312 Series, AS7326 Series, AS7712 Series, and AS7726 Series, specifying their ASIC types (Trident 3, Tomahawk, Trident II, Trident II+, Trident 3X7, Trident 3X2, Trident 3X3, Trident 3X5, Tomahawk 2, Tomahawk 3) and CPU architectures (Intel x86, Power PC, ARM Cortex A9).

Delta/Agema Switches: Lists AG9032v1, AG5648V1, and AG7648 models.

Hardware Use Precautions

Precautions are provided for specific switch models, including:

AG5648/AS7312_54X/AS7312_54XS: Details port grouping and speed configuration rules, noting that 25G cannot coexist with other rates within the same group.
Dell N22xx Series Switches: IPv6 and GRE are not supported.
Limitation of Port Breakout: Certain platforms have limitations on splitting 100GE interfaces into smaller ports, with specific ports noted as disallowed for splitting.
Speed Setting on SFP28 Ports in a Quad-SerDes Core: For groups of four SFP28 ports, all must be set to the same speed (25G or 10G/1G). 25G cannot coexist with other rates.
AS9716-32D Unsupported Features and Limitations: Lists unsupported features like MAC-based VLAN, QinQ, PVLAN, Mirror output port as LAG, various Hashing modes, Storm Control, Egress meter, Routed interface with VRF, VxLAN/L2-GRE/L2-MPLS/PBB, STM share mode, OVS ICAP MAC modification, OVS NAT flow, OVS UDF v2, and OVS L2/L3 buffer mode. Limitations include LAG hash modes (advance and symmetric only) and QoS egress queue support (0-3).
N8560-32C Unsupported Features: Lists unsupported OVS and L2/L3 features such as UDFv1, Egress meter, match-vlan-type, VN-Tag, Rate limit, and Push VLAN for QinQ.
FS S5810 Series and S5860 Series Switch Unsupported Features: Lists unsupported OVS features (Vxlan, MPLS/L2MPLS, PBB, Flexible mode, NAT, GTP Hash, Resilient hash, Match-vlan-type, udfv2, Match vxlan vni, Xlate table of TTP) and L2/L3 features (GRE, VxLAN, IPFIX). DHCP snooping binding file command is also noted as not working. GRE is supported on S5810 but not S5860 series.
S5860-48XMG-U/S5860-48XMG/S5860-48MG-U Limitation: Dual-chip switches may experience broadcast storms and inter-chip congestion with high volumes of broadcast, multicast, or unknown unicast traffic.
N9550-32D Unsupported Features and Limitations: Similar unsupported features to AS9716-32D are listed, along with limitations on LAG hash modes and QoS egress queues.
FS S3410 Series Switch Unsupported Features and Limitations: A comprehensive list of unsupported L2/L3 features (IS-IS, OSPFv2/v3 GR, IPv6 Source Guard, IPv6 DHCP Guard, IPv6 DHCP Snooping, PFC Watchdog, ECMP Hash Modes, L3 GRE, VXLAN, IGMP, PIM, buffer dynamic shared for egress multicast queue, symmetric/resilient/advance hash, PFC, ECMP, NETCONF, VRF, CoPP bandwidth configuration) is provided. OVS and CrossFlow are not supported. Installation via USB is not supported, and only the upgrade2 method is supported. Eth0 management port is absent; an in-band management port is used. BGP neighbors cannot be established via loopback ports. Only two concurrent SSH connections are supported with a fixed idle timeout of 3600s. File storage guidelines recommend specific directories for small and large files.
N8560-64C Unsupported Features: Lists unsupported OVS and L2/L3 features including VXLAN routing, OVS MPLSv1, OVS VLANv1, Resilient hashing for LAGs.
N8550-24CD8D Feature Support: Version 4.5.1E provides foundational features with limitations. Supported features include FDB, FlexLink, VRRPv2/v3, ARP/IPv6 ND, LACP, IEEE 802.1Q, SNMPv2/v3, MSTP/PVST/RSTP, Mirror, ERSPAN, VLAN Range, NETCONF, LAG hash, Resilient LAG hash, Static Route IPv4/IPv6, AAA/RADIUS, SFlow, VRF, OSPF/OSPF VRF, RIP, DHCP Snooping, CoPP, and Routed Interface. Unsupported features include LAG symmetric hash, DHCP Relay, ARP Inspection, IGMPv2/v3, IGMP Snooping, Voice VLAN, LLDP, Buffer Management, ECMP hash/symmetric hash, BPDU, Tunnel GRE, Sub-interface, Port-Security, QinQ, RA Guard, STM, PIM, Storm Control, Flow Control, Counter, PTP, VXLAN, MAC-based VLAN, and MLAG. Version 4.5.1.1 adds MLAG + VRRP, PFC, ECMP hash/symmetric hash, LAG symmetric hash, LLDP, and Buffer Management.
N9600-64OD Unsupported Features: Lists unsupported features such as MAC-based VLAN, QinQ, Voice VLAN, IPv6 ND Inspection, EFM OAM, PTP-TC, sFlow, IGMP snooping, Private VLAN, VXLAN, RA Guard, EVPN, MPLS, IPv6SG, and PIM.

Switch Machine Outline and System Characteristics

Detailed schematics and system characteristics are provided for numerous Dell, EdgeCore/Accton, Delta/Agema, and FS switch models, including front and rear panel layouts, LED definitions, port types, and physical dimensions.

Dell Switches: Covers models like Z9100-ON, S4128F-ON/S4128T-ON, N3208PX-ON, N3224 Series, N3248 Series, S4048, S4148T-ON/S4148F-ON, S5212F-ON, S5224F-ON, S5248F, S5296F-ON, Z9264F-ON, S5232F-ON, N2224X-ON/N2224PX-ON, and N2248X-ON/N2248PX-ON. Each section details system LEDs (System, Power, FAN, Beacon, Stacking, 7-DIGIT Stack), port LEDs (for RJ45, SFP28, QSFP28, QSFP-DD ports), and specific features like UPoE support.

EdgeCore/Accton Switches: Includes AS4610 Series, AS4625 Series, AS4630 Series, AS7816-64X, AS5835 Series, AS5712 Series, AS9716-32D, AS7312 Series, AS5812 Series, AS5835 Series, AS6812 Series, AS7326 Series, AS7712 Series, and AS7726 Series, with detailed system and port LED definitions.

Delta/Agema Switches: Covers AG9032v1, AG5648V1, and AG7648 models.

FS Switches: Details models such as N8550-48B8C, S5810 Series, S5860 Series, N8560 Series, N9550 Series, N5850 Series, S5870 Series, S3410 Series, N8550-32C, N5850-48S6Q, N8550-24CD8D, and N9600-64OD, providing comprehensive system and port LED information.

Indicator Light on Switch Panel

This section describes the indicator lights on the switch panels, categorized by platform due to variations. It includes definitions for System LEDs (Status, Power, FAN, Beacon, Stacking, 7-Digit Stack), Port LEDs (for RJ45, SFP+, QSFP28, QSFP+ ports), and Management Ethernet Port LEDs.

Dell Switches: Detailed LED definitions are provided for Z9100-ON, S4128F-ON/S4128T-ON, N3208PX-ON, N3224 Series, N3248 Series, S4048, S4148T-ON/S4148F-ON, S5212F-ON, S5224F-ON, S5248F, S5296F-ON, Z9264F-ON, S5232F-ON, N2224X-ON/N2224PX-ON, and N2248X-ON/N2248PX-ON switches.

EdgeCore/Accton Switches: LED definitions are provided for AS4610 Series, AS4625 Series, AS4630 Series, AS7816-64X, AS5835 Series, AS5712 Series, AS9716-32D, AS7312 Series, AS5812 Series, AS5835 Series, AS6812 Series, AS7326 Series, AS7712 Series, and AS7726 Series switches.

Delta/Agema Switches: LED definitions are provided for AG9032v1, AG5648V1, and AG7648 switches.

FS Switches: LED definitions are provided for N5850-48S6C, N8550-32C, N5850-48S6Q, S5810 Series, S5860 Series, N8560 Series, S5870 Series, S3410 Series, N8550-48B8C, N8550-24CD8D, and N9600-64OD switches.

Port Index Description

This section provides port name descriptions for various switch series from Dell, EdgeCore/Accton, Delta/Agema, and FS, detailing the naming conventions for their ports.

Switch Installation

Guidance on switch installation includes procedures for installing and removing FRUs (Field Replaceable Units) and RPSUs (Redundant Power Supply Units). It covers the installation process, including attaching hangers, slide rails, and grounding cables, and mounting the switch in an equipment cabinet. A flowchart illustrates the switch installation process.

Flow Scalability per Broadcom Chipset

Information on flow scalability is provided based on Broadcom chipsets.

Switch Hardware Architecture

Details on the hardware architecture of the switches are presented.

PICOS System Configuration Guide

This guide covers the initial setup and configuration of PICOS, including:

Getting Started: Boot Process and U-Boot Environment, Configuring Password for Linux Shell, Initial Switch Access, and Default Login.
Quick Configuration Guide: Initial Setup, Basic Configuration, Network Configuration (Interface Configuration, Routed Interface, VLAN Interface), Routing Configuration (Static and Dynamic Routing), and Security Configuration (ACL, SSH Access). A typical configuration example is also provided.
Installing or Upgrading PICOS: Information on ONIE versions, BIOS/U-Boot, installing PICOS on bare metal, upgrading using commands (upgrade, upgrade2), installing Debian packages (GCC, Puppet, Salt), and specific guides for FS series switches.
Zero Touch Provisioning (ZTP): Overview, fundamentals, DHCP configuration, provision scripts, enabling/disabling ZTP, deployment preparation, and an example implementation via DHCP. An appendix covers the ZTP API.
PICOS Licenses: License portal guide and methods for installing licenses via Linux prompt and go2cli version.
PICOS Mode Selection: Changing PICOS mode by modifying the boot file or via CLI.
PICOS Password Recovery: Procedures for X86 platforms and AS4610 series switches.
Setting Date and Time: Configuration for system date and time.
Boot Diagnosis Report: Generating reports for boot diagnostics.
Rebooting the System: Procedures for system reboots.
Auto-Run Script Upon System Boot Up: Examples for using auto-run scripts, including remarking rules with OVS.
Graceful Bootup with Backup Configuration: Ensuring graceful system startup with backup configurations.
IP Rule of Management Network and Service Network: Defining IP rules for network management.
Display System EEPROM Data Block: Accessing EEPROM data.
Manual File Backup: Procedures for backing up files manually.
PICOS Monitor: Enabling the Web-based Management Interface and using Linux commands (ssh, scp, ping, traceroute, apt-get, telnet).

PICOS Open vSwitch Configuration Guide

This guide details the configuration and usage of Open vSwitch (OVS) within PICOS, covering:

OpenFlow Support: Matrix and support for OpenFlow 1.3, 1.3.0, 1.4, and 1.4.0.
Introduction to OVS and OpenFlow: Basic concepts and principles.
OVS Web User Interface: Login interface and monitoring capabilities.
OVS Configuration: Adding bridges, ports, GRE ports, group tables, controllers, and editing flow tables and LAG interfaces.
Basic Configuration in OVS Mode: sFlow v5, Port Mirroring, OVSDB file, OVS LLDP, Radius enabling, and Inventory Database.
Broadcom Chip Limitation in OVS: Specific limitations on Trident3 and other chipsets regarding ARP flow, overlap flow, priority of ARP flow, VLAN isolation, and TCAM usage.
OVS CLI Enhancements: Configuring Meter, saving configurations, Buffer management, SNMP (including SNMPv3), Precision Time Protocol, and various Tunneling protocols (GRE, L2GRE, L2MPLS, MPLS, PBB, QinQ, VXLAN).
Configuring Bridge and Ports: Bridge configuration, CDR, CFM, LFS, Loopback, remote OVS configuration, ports in bridge, TPID in Port, LAG and LACP configuration (including GTP hash, Lag hash, Lag Resilient hash, Symmetric Hashing).
Configuring QoS: Scheduler, CoS Mapping, WRED, and VLAN Priority CoS Mapping.
Configuring Flow Table: Combinated Mode, ECMP, egress flow table, Flow Handling Mode, Multi-Table configurations, NAT flow, option-match-vlan-type, TTP (router profile), udf flow, Goto_table, TCAM usage optimization, extend-group, match-mode, VN-tag, Group configuration (creating group tables, ECMP/LAG/Mirror select groups).
Configuring Controller or Manager: Connecting to controllers (including SSL connections), connecting to managers, and configuring OVS connection using SSL with self-signed certificates.
Configuring Counter: Clearing counters, drop counters, counter interval, and rate limiting.
Configuring IPv4/IPv6 address for management port, Duplex Mode of Optical Port, Port Speed on AS9716-32D and N9550-32D.
Examples and Topologies: Demonstrations of 802.1Q VLAN, ECMP, GRE Tunnel, MPLS Network, Multiple Virtual Bridges, SSL Connection to Controller, RYU, OpenDaylight, Floodlight, and ONOS controllers.
OVS Commands Reference: Detailed reference for ovsappctl, ovs-ofctl, and ovsvsctl commands, including bridge, port, controller, database, interface, mirror, NetFlow, Match-mode, QoS_queue, sFlow, Cos-map, Egress-mode, Set-flow-counter-mode, Combinated-mode, DSCP commands.

Troubleshooting Guide

The guide includes troubleshooting steps for various scenarios:

L2/L3 Troubleshooting: Monitoring and Debugging L2/L3 protocols, Routing and Forwarding Table, using Pipe (|) filter functions, and the 'show tech-support' command.
PICOS OVS Troubleshooting: Debugging issues when a switch port cannot come up.
PICOS System Troubleshooting: Resetting the switch to factory defaults, automating ping to multiple hosts, troubleshooting switch crashes, CPU/Memory Rate Limit, and High CPU Utilization.
Backup Partition for PicOS, Linux_configure.py script, Provision.py script, and disabling weak SSH ciphers/MAC algorithms.

Technical Support

Information on general PicOS FAQs and traceoptions configuration commands for displaying debugging messages.

	FS S5860 Series Switches Reset and Recovery System Configuration Guide A comprehensive guide to resetting and configuring the recovery system for FS S5860 Series Switches. This document details procedures for clearing device passwords and performing factory resets via CLI and U-Boot interfaces.
	FS N Series Managed Data Center Switches Quick Start Guide A comprehensive quick start guide for FS N Series Managed L2/L3 Data Center Switches, covering hardware overview, installation, connection, configuration, and troubleshooting for models N5850-48S6Q, N8520-48B6C, N8550-48B8C, N8050-32Q, N8520-32C, and N8550-32C.
	FS Modular Cabling System Guide A comprehensive guide to FS modular cabling systems, detailing high-density FHD series, ultra-high-density FHZ series, and standard-density FHU series solutions for data centers and enterprise applications.
	FS Modular Cabling System Guide A comprehensive guide to FS modular cabling systems, detailing the FHD High Density, FHZ Ultra High Density, and FHU Standard Density series. Includes information on enclosures, adapter panels, and cassettes for various data center and enterprise applications.
	FS PoE+ Series Switches Reset and Recovery System Configuration Guide A configuration guide for FS PoE+ Series Switches, detailing the reset and recovery system, including connection steps, software download, and factory reset procedures.
	FS S5860 Series Switches FSOS Software Release Notes Detailed release notes for FS S5860 Series Switches running FSOS, covering version history, new features, and resolved issues for various FSOS versions.
	FS FOTR Series Handheld Optical Time Domain Reflectometer Quick Start Guide A quick start guide for the FS FOTR Series Handheld Optical Time Domain Reflectometer (OTDR), detailing its features, operation, and basic functions for optical fiber measurement.
	FS S3910 Series Managed L2+ Gigabit Switches Quick Start Guide This guide provides essential information for setting up and configuring FS S3910 Series Managed L2+ Gigabit Switches, including hardware overview, installation, troubleshooting, and warranty details.