Table of Contents
Introduction
Amid the accelerating wave of digital transformation, enterprises are placing increasingly stringent demands on their networks—requiring not only high throughput to support large-scale data forwarding, but also high adaptability for multi-scenario applications, all while ensuring operational efficiency.
Asterfusion’s AsterNOS-VPP addresses these needs with its innovative architecture of SONiC control plane + VPP data plane, offering an integrated solution. As an Enterprise SONiC Routing OS–based platform, it combines open-source flexibility with enterprise-grade reliability. In this article, we will provide a comprehensive overview of this next-generation network operating system, covering its core architecture, key capabilities, and typical deployment scenarios of an Enterprise SONiC Routing OS.
Ⅰ. How AsterNOS-VPP Integrates SONiC and VPP
The core competitive advantage of AsterNOS-VPP lies in its deep integration of two mature technologies, retaining the flexible management capabilities of SONiC while inheriting the high-performance forwarding strengths of VPP:
First, on the control plane, AsterNOS-VPP leverages SONiC, a widely recognized open-source network operating system in the industry, to provide a stable and scalable “command center.” In the context of the Enterprise SONiC Routing OS, this means if the architecture represents thet not only supports deployment on ARM and x86 architectures, but also ensures compatibility with different hardware through standardized interfaces such as SAI (Switch Abstraction Interface), effectively avoiding the traditional “vendor lock-in” problem.
Second, on the data plane, AsterNOS-VPP is powered by VPP (Vector Packet Processing) as a high-performance software-defined data plane. VPP excels at improving packet forwarding efficiency through vectorized processing, handling packets in batches, and directly operating on hardware in user space. By converting SAI commands into VPP API calls via the libsaivpp.so shared library (replacing the traditional libsai.so), AsterNOS-VPP enables efficient data forwarding on both DPU and CPU, laying the foundation for high throughput and low latency.
Additionally, at the interface layer, libsaivpp.so acts as a bridge. To achieve seamless coordination between the control and data planes, AsterNOS-VPP uses libsaivpp.so to replace the traditional libsai.so, accurately translating SAI commands issued by the SONiC control plane into API calls recognizable by VPP. This design retains the standardization benefits of SAI while allowing VPP to efficiently take over data forwarding tasks, forming a complete “decision-to-execution” loop.
In short, this architecture achieves a dual advantage of flexible management and efficient forwarding, meeting enterprise demands for network controllability while handling the pressures of large-scale data transmission.
Want to know more about VPP? Click here.
Ⅱ. AsterNOS-VPP Coverage Across Routing, Security, and Operations
If the architecture represents the “skeleton” of AsterNOS-VPP, then its rich set of features serves as the “muscles.” Whether it is core routing and forwarding, critical security protection, or streamlined operational management, AsterNOS-VPP delivers enterprise-grade support across the board.
For organizations evaluating an Enterprise SONiC Routing OS for production environments, AsterNOS-VPP provides a stronger foundation with routing scale, multi-layered security, and automation.
1. High-Performance Routing and Traffic Scheduling
As the network’s “traffic commander,” AsterNOS-VPP excels in routing capabilities.
On the Layer 2 side, it supports QinQ, STP/MSTP for loop prevention, MVRP for dynamic VLAN registration, and port isolation, fully meeting the deployment requirements of complex enterprise and campus networks. On the Layer 3 side, it can handle up to 2 million RIB entries, easily accommodating full BGP routing tables and peer connections. Even in large-scale enterprise or data center networks with complex topologies, it ensures line-rate forwarding without congestion or packet loss.
In terms of multi-WAN routing, AsterNOS-VPP provides intelligent path selection, distributing and scheduling traffic across different ISPs or network paths according to predefined policies. For instance, critical business traffic can be routed over highly stable links, while non-critical traffic takes more cost-effective paths, achieving a balance between reliability and economy.
2. Comprehensive Security Protection and Address Translation
In response to security risks over public networks and the coexistence of IPv4 and IPv6, AsterNOS-VPP offers multi-layered protection and adaptation capabilities.
For encrypted VPNs, it supports both IPsec and WireGuard, enabling secure tunnels over untrusted networks such as the Internet, ensuring confidentiality, integrity, and authentication of data transmission—ideal for remote work and interconnection between geographically distributed branches.
Regarding address translation, AsterNOS-VPP provides NAT, CGNAT, and MAP-T(IETF Standards) functionalities to accommodate IPv4/IPv6 coexistence and network evolution. Large-scale NAPT allows multiple users to share a public IPv4 address, reducing address costs, while MAP-T enables stateless IPv4-to-IPv6 translation, facilitating a smooth transition to IPv6 networks.
For fine-grained access control, it supports N-tuple wildcard match ACLs, allowing administrators to define rules based on IP, port, protocol, and other complex criteria to permit, deny, or prioritize traffic. This can, for example, restrict unauthorized devices from accessing core servers, enhancing network security.
At the access layer, technologies such as DHCP Snooping, IP Source Guard (IPSG), and Dynamic ARP Inspection (DAI) effectively prevent address spoofing and unauthorized access in Layer 2 networks.
Additionally, the built-in stateful firewall (SPI) provides L3–L4 layer protection, accurately detecting and blocking malicious traffic.
3. Streamlined Operations and Automated Management
Traditional network operations often struggle with inefficiency due to “many devices and diverse protocols.” Leveraging the SONiC ecosystem, AsterNOS-VPP delivers both automation and visibility in practice.
For unified management, AsterNOS-VPP inherits SONiC’s widely adopted management framework, compatible with mainstream toolchains, and supports multiple interfaces including ZTP (Zero-Touch Provisioning), Klish (CLI), RESTful API, gNMI, NetConf, and OpenWiFi Controller. New devices can be automatically configured upon power-up, while administrators can integrate with platforms like OpenStack and Open WiFi Controller via APIs to achieve bulk operations and centralized management across both wired and wireless networks, from AP, switches to routers, significantly improving operational efficiency.
In terms of real-time monitoring, AsterNOS-VPP integrates tools such as NetFlow/IPFIX, Prometheus Exporter, and SNMP (v1/v2/v3), providing a clear overview of network status. NetFlow analyzes traffic sources and destinations, Prometheus collects system and network metrics, and SNMP monitors device health. Additionally, traffic can be mirrored via SPAN, RSPAN, or ERSPAN for in-depth analysis, enhancing troubleshooting and performance optimization.
Furthermore, its Quality of Service (QoS) features, including traffic shaping, rate limiting, and priority queue scheduling, ensure the service quality of critical applications.
In summary, AsterNOS-VPP combines a multi-layered security architecture from access to transport, automated operation and monitoring tools, and fine-grained traffic scheduling strategies to form a “Routing-Security-Operation” integrated network solution. This design not only effectively mitigates external threats and internal risks but also greatly simplifies network management complexity, providing enterprises with a modern network that is secure, reliable, intelligent, and efficient.
Ⅲ. Deployment Scenarios: From SMB to Data Center with AsterNOS-VPP
With its flexible architecture and broad hardware compatibility, AsterNOS-VPP, as a leading Enterprise SONiC Routing OS, can adapt to networks of varying scales and scenarios, truly enabling “deployment on demand.” This is exactly what enterprises expect from an Enterprise SONiC Routing OS—the ability to scale from SMB appliances to high-performance data center switches without sacrificing stability or efficiency.
1. SMB/Enterprise Routers: Small Form Factor, Big Performance
For routing needs in small and medium-sized businesses (SMBs) and enterprise branches, AsterNOS-VPP can be deployed on Asterfusion physical appliances to provide a cost-effective solution.
- ET2500(SMB-level): Feature 4×10GE, 4×2.5GE, and 8×1GE ports, powered by the Marvell OCTEON 10 CN102 chip. Combined with AsterNOS-VPP, it delivers 50 Gbps intelligent data processing, meeting the high-speed routing requirements of small to mid-sized teams.
- ET3600(enterprise-level): Offers 2×100GE, 4×2.5GE, and 8×1GE ports, based on the Marvell OCTEON 10 CN103 chip, providing 100 Gbps processing capability, suitable for core routing scenarios in enterprise headquarters and large branch offices.
2. Smart Switches: One Device, Multiple Roles
In enterprise and data center environments, AsterNOS-VPP can upgrade a standard switch into a multi-functional network node. Take Asterfusion CX306P-48Y-M-H as an example:
This intelligent switch is equipped with 48×25GE and 6×100GE ports, and can optionally be powered by the Marvell Falcon switching ASIC alongside the OCTEON 10 CN103 DPU.
The ASIC, driven by the SONiC control plane, handles L2/L3 forwarding for Spine/Core switch functions.
Meanwhile, AsterNOS-VPP running on the DPU can simultaneously act as a router, firewall, and NetFlow processor, supporting complex L3 routing, NAT, micro-segmentation filtering, and stateful firewall functionalities—effectively consolidating the roles of multiple devices into one, greatly simplifying the network architecture.
3. Deployment Requirements
AsterNOS-VPP supports flexible deployment across multiple platforms with relatively low hardware requirements, enabling enterprises to choose solutions based on actual needs and cost considerations. Its deployment options span three main environments:
Asterfusion proprietary physical appliances, including the ET and CX series.
General-purpose hardware with DPDK-compatible network cards, based on 64-bit ARM or x86 architectures.
Mainstream virtualization platforms, such as KVM and VMware ESXi, with virtual network interfaces driven by VirtIO.
The following table provides a clear overview.
| Attribute | Description |
| Deployment Platform | 1. Asterfusion Proprietary Appliances: ET2508-4S4M8-SWP ET3608-2P2S ET3616-4P4S CX306P-48Y-M-H 2. General-purpose 64-bit ARM/x86 servers (requires DPDK-compatible NICs) 3. Virtualized Environments (KVM/VMware ESXi, using VirtIO) |
| Minimum CPU | 4 cores |
| Minimum Memory | 4GB RAM |
| Architecture & NIC | 64-bit ARM or x86 architecture, paired with DPDK-supported NICs |
Ⅳ. Conclusion: Why Choose AsterNOS-VPP?
In today’s landscape, where open-source technologies are increasingly becoming mainstream in networking, the demand for a reliable Enterprise SONiC Routing OS has never been stronger. AsterNOS-APP as an Enterprise SONiC Routing OS–driven platform, it provides:
- Breaking vendor lock-in: Built on the SONiC open-source ecosystem and compatible with multiple hardware architectures, allowing enterprises to select cost-effective devices freely.
- Reducing operational costs: Automated deployment and unified monitoring capabilities minimize manual intervention and enhance operational efficiency.
- Supporting business growth: Full-scenario adaptability from SMBs to data centers, along with line-rate forwarding and flexible routing, ensures the network scales in line with enterprise expansion.
For enterprises pursuing flexibility, efficiency, and security, AsterNOS-VPP is undoubtedly an excellent choice for the next-generation network. By leveraging the agility of open-source technology, it underpins the reliability of enterprise-grade networks, making the Enterprise SONiC Routing OS a true business accelerator rather than a bottleneck.
Please refer to the datasheet for more details:
