Network Management and Automation
Mandatory Migration of Service Template Configuration before Upgrade
After the upgrade to OcNOS 7.0.0 Release, the Service Template CLI commands will be hidden. It is recommended to migrate all Service Template configurations to sub-interface–based commands prior to performing the upgrade.
The following CLI commands are deprecated and no longer supported:
| • | mpls-l2-circuit <NAME> service-template <NAME> ((primary|secondary)|) |
| • | vc-mode (standby|revertive) service-template <NAME> |
| • | mpls-vpls <NAME> service-template <NAME> |
| • | service-template <NAME> |
RBAC Access to System Bootup Logs
RBAC users with privilege levels below 15 can now execute the show system bootup-log command, enabling secure access without elevated privileges. Previously, RBAC users were unable to run this command due to file permission restrictions. OcNOS now allows RBAC users to view system bootup logs, enhancing troubleshooting and operational visibility while maintaining secure access controls.
For more details, see the
NetConf Access Control Model User Guide
OcNOS introduces the NetConf Access Control Model (NACM) feature, which provides an access control mechanism for the protocol operations and content layers of NetConf. This feature enables administrators to configure and manage permissions for different authorized users, allowing them to control, modify, and access network resources based on defined rule types and modules.
For more details, refer to
Event Manager Action Script Validation Enhancement
Event Manager action scripts now require execute permission and a Shebang (#!) line at the beginning of the script to indicate the interpreter. This ensures compatibility and correct execution of the configured scripts.
For more details, refer to
sFlow - Sample Packet Monitoring for Multiple Interfaces
The sFlow feature has been enhanced to support multiple collectors to monitor multiple interfaces. This functionality is enabled by default.
When more than one collector is configured and sFlow is enabled on an interface, samples from the interface are sent to all configured collectors.
To disable the sending of samples from an interface to a specific collector or to multiple collectors, a new command no sflow collector-id has been introduced at the interface level.
The show sflow detail CLI command output has also been updated to display all active collectors for each interface.
For more details, refer to the
Secure Upgrade and Downgrade Using HTTPS
This enhancement introduces HTTPS protocol support for performing system upgrades and downgrades in OcNOS. It enables secure transfer of OcNOS images and licenses through HTTPS URLs, ensuring integrity and confidentiality during version and license updates.
Installing OcNOS using HTTPS through ONIE is not supported.
For more information, refer to the
Support for USB-Based Backup and Restore
OcNOS introduces support for backing up and restoring critical system files using a USB drive, enabling network administrators to store configurations, images, and licenses on a USB drive and restore them when needed. This functionality streamlines the recovery and the return merchandise authorization (RMA) processes by verifying and preserving the integrity of the stored data through validation mechanisms.
For more information, refer to the
SNMP SysOID Support for Vendor and Model Identification
This feature enables device identification based on the SNMP System Object Identifier (SysOID). It allows the retrieval of vendor and hardware model details through SNMP, simplifying device classification and verification in network management environments.
For more information, refer to the
Enhanced Alarm Support in the Fault Management System
OcNOS introduces new alarm types in the Fault Management System (FMS). This enhances the network monitoring capability. It also enables precise tacking of critical system components, improving fault detection and operational reliability. The new alarms include:
| • | LDP_SESSION_DOWN: Indicates that an established LDP neighborship session has transitioned to a down state. |
| • | LDP_SESSION_UP: Indicates that a LDP neighborship session has successfully transitioned to an up state. LDP_SESSION_FAILURE: Indicates that a failure has been detected within an active LDP session. LDP_INTERNAL_ERR: Indicates that an internal error has occurred within the LDP process or component. ISIS_OPR_ADJ_STATE: Indicates a change in the operational state of an IS-IS adjacency. |
| • | ISIS_OPR_INTF: Indicates a change in the operational state of an IS-IS interface. ISIS_OPR_INTF_CIRCUIT_STATE: Indicates a change in the circuit-level operational state of an IS-IS interface. |
For more details, refer to the
Support for CLI-Script and CLI-Shell Commands
OcNOS introduces support for the CLI-Script and CLI-Shell commands to enhance automation and operational flexibility. The CLI-Script command enables the creation and execution of predefined sets of configuration and execution mode commands, with support for including delay and message statements within the script.
For more details, refer to the
sFlow Port PVID Update Support for Sampled Traffic
OcNOS introduces the sflow sampling update-port-pvid command to include the bridge port PVID in sampled untagged packets sent to the collector. This enhancement provides the necessary VLAN context for untagged traffic and is applicable specifically to spanning-tree bridge configurations.
For more details, refer to the
Enhanced DHCP Snooping and Relay Option 82 Support
OcNOS enhances DHCP Snooping and Relay Option82 functionality by enabling the user-defined configuration of the Circuit ID and Remote ID sub-options. Using a template-based approach, parameters such as hostname, interface name, and VLAN ID are included within these sub-options.
For more details, refer to the
SNMP Configuration for ALARM-MIB Support
This enhancement introduces SNMP interface support for the Alarms feature in OcNOS and extends the Alarms Data Model to support the retrieval of active alarm information through SNMP get operations and trap notifications. Users can now access alarm data using SNMP Get commands and receive alarm notifications through SNMP traps, ensuring improved monitoring and integration with SNMP-based network management systems.
For more details, refer to the
System Limits and Counters – Show and NetConf Enhancement
In OcNOS, the System Limits and Counters (Show and NetConf) feature enhances operational visibility by providing real-time access to hardware and software resource utilization through both CLI and management interfaces. It consolidates capacity data for routing, VLANs, MAC, and protocol sessions into a unified view, helping operators validate resource availability before deployment or scaling. Using YANG-based models with NetConf or gNMI, this feature improves troubleshooting accuracy, supports automation, and ensures consistent system capacity monitoring across all platforms.
For more details, refer to the
sFlow - Ingress and Egress Interface Indexes for Sample Packets
sFlow provides a view of the traffic by taking periodic snapshots of packets which helps in identifying the exact source and destination of the packets. While the packet header describes the data, the input and output port provides the context on where the data originated and where it is headed within the switch fabric.
For more details, refer to the
Streaming Telemetry Enhancements
On-Change Stream Mode Support
OcNOS now supports On-Change stream mode for gNMI-based telemetry subscriptions. In this mode, the device sends update notifications only when a subscribed data value changes, reducing telemetry traffic and improving operational efficiency. On-Change mode supports container-level, leaf-level, and wildcard sensor-paths, enabling fine-grained monitoring of dynamic operational states such as interface status, BGP peer state, and transceiver attributes.
For more details, refer to the
Enhanced gNMI Authentication and Certificate Management
OcNOS now supports gRPC-contained user and password authentication for gNMI TLS connections in addition to X.509 certificate Common Name validation. A new exec-mode command, "crypto pki load", enables loading of server and CA certificates from external sources to simplify ZTP workflows.
For more details, refer to the
Enhanced Port Configuration
Users can now configure the same port number across multiple VRFs using the "port" command. Users can explicitly set the default port value, which is 9339, and this value will now appear in the output of the "show running-config streaming-telemetry" command. Additionally, updated the valid port range for the "tls tls-port" and "port" commands from <32768-60999> to <1024–65535> to provide flexibility in deployment.
For more details, refer to the porttls tls-port
IPv6 Interface Support Update
Streaming telemetry now supports connections over IPv6 interfaces in Dial-in mode. IPv6 connections remain unsupported in Dial-out mode.
For more details, refer to the Dial-In Telemetry Connection over IPv6 Interface
Data Model Support
OcNOS adds support for additional IPI data model modules. The new and existing modules ipi-vlan, ipi-acl, ipi-qos, and ipi-rib enhance visibility into the operational status and attributes of various components.
For more details, refer to the
Mirror Filtered Packets to CPU
Mirroring to the CPU using a filter provides the ability to mirror filtered data plane packets to the CPU. It enables sniffing of selected packets that match the programmed filter condition and real-time monitoring in the Network Operating System.
For more information, refer to the
VxLAN OAM for Overlay Networks
OcNOS supports VxLAN Operations, Administration, and Maintenance (OAM) to enhance visibility and fault management for VxLAN overlays in CLOS data center fabric. Using Maintenance End Points (MEPs) at VxLAN Tunnel End Point (VTEPs) and Spines within VxLAN tunnels, operators can perform the following operations to verify connectivity, and isolate faults.
| • | Ping /Loopback - Verify reachability to a remote VTEP and that the VxLAN tunnel is operational end-to-end. |
| • | Pathtrace - Discover the full forwarding path inside the VxLAN fabric, hop-by-hop |
| • | Continuity checks - Provide continuous, periodic monitoring of VxLAN tunnel health. |
The feature supports both static and dynamic VxLAN tunnels in single- and multi-homed deployments, simplifying troubleshooting and improving operational reliability.
For more details, refer to the
Image Upgrade by Traffic Diversion (IUTD)
In OcNOS, this feature introduces the Image Upgrade by Traffic Diversion (IUTD) method to ensure continuous network operation during critical software installation and upgrade processes. IUTD minimizes traffic loss by manually diverting to the redundant node for update, and restores the flow only after a comprehensive verification of the new OS is complete.
The process relies on a NETCONF client utilizing callhome.It uses a new start-service-tracking RPC to monitor the status (UP/DOWN) of specified services, such as BGP, OSPF, or ISIS, ensuring the network remains stable throughout the maintenance window.
For more details, refer to the
Deprecation of commit dry-run Command
The commit dry-run command has been deprecated and removed from the Command Reference. It is no longer supported due to inconsistencies with the current commit behavior, leading to incorrect expectations during validation. It is advised to rely on the standard commit work-flow for configuration validation.
Support for Custom GET/SET RPCs
In OcNOS, this feature supports specialized NetConf RPCs (transceiver-cmis-read and transceiver-cmis-write) to enable direct access to CMIS custom memory pages. These custom GET/SET commands are sent straight to the protocol module (CMMd) for read/write operations, effectively bypassing the OcNOS configuration database on the transceiver hardware.
For more details, refer to the