How Marvell SONiC Switches Enable Flexible Deployment with OCTEON 10 CN103 DPU

Introduction

Asterfusion CX306P-48Y-M-H, as a Marvell SONiC switch, delivers 2.0T high-performance switching through the Marvell Falcon ASIC and features two 8-core Marvell OCTEON 10 CN103 DPU platforms to provide high-performance routing capabilities.

What makes it even more compelling is the flexibility and openness of the software, giving users full control over the system. By pre-installing different operating systems, the device can be upgraded from a single-function switch to a multifunction platform that integrates switching, routing, traffic capture, server capabilities, and full network management.

We offer four operating system options: AsterNOS-VPP, FusionNOS, OpenWiFi-compatible controller, and custom deployments.

Below, we will examine what each operating system can provide.

Flexible DPU-Defined Network Roles

Ⅰ. AsterNOS-VPP on Marvell SONiC Switch with OCTEON 10 DPU

The first focus is, of course, the AsterNOS-VPP operating system, which provides high-performance routing capabilities for the Marvell SONiC switch.

This operating system focuses on routing and security performance. Once pre-installed, it effectively upgrades the switch into a combined routing and security appliance.

For reference, the routing and security capabilities include:

Key Features and Performance Highlights:

• High-Capacity Route Reflection: In a 1U SONiC core switch, the built-in 8-core DPU platform can handle millions of BGP route reflections and process millions of routing entries, meeting the demands of large data centers and carrier-grade networks.
• High-Performance Security: Based on the 8-core DPU platform, it supports IPSec/WireGuard tunnel encryption and decryption, achieving high-throughput VPN performance (total throughput up to 80 Gbps). It also supports 10K+ ACL five-tuple filtering, efficiently handling large-scale traffic filtering requirements.
• Massive User Access: Under the SONiC control plane, it can provide 100G NAT/CGNAT performance, easily supporting over 20K concurrent users.
• Fine-Grained Policy Control: Supports HQoS traffic scheduling and rate limiting, as well as PPPoE-Radius, Geosite/GeoIP features for complex user authentication and policy management, optimizing network experience.

With AsterNOS-VPP, you can achieve core routing, high-performance security, and full SONiC switching capabilities simultaneously within a 1U space, without deploying multiple devices.

Ⅱ. FusionNOS on Marvell SONiC Switch with OCTEON 10 DPU

If you have high requirements for network traffic analysis, you can choose FusionNOS running on DPU. The FusionNOS operating system focuses on advanced NPB features for traffic analysis, effectively upgrading the switch into a combined core switch and network traffic analysis appliance.

Key Features:

• Supports NetFlow/IPFIX traffic collection and analysis on core switches, suitable for packet capture, traffic visualization, and behavior monitoring scenarios.
• Integrates ntopng, allowing monitoring of traffic and application activities across the network even in environments without NetFlow protocol output.

Applicable Scenarios:

• Within a 1U switch equipped with an 8-core DPU, it can export full 100G north-south and east-west traffic via NetFlow/IPFIX, enabling global network visibility.
• Alternatively, with ntopng built into a SONiC core switch, it can provide real-time traffic and behavior analysis for up to 20K users.

Ⅲ. OpenWiFi Controller on Marvell SONiC Switch with OCTEON 10 DPU

Users can also choose to install an TIP-based OpenWiFi controller to achieve full visibility and management of campus networks. Key features include:

• Unified Management: Supports centralized management and monitoring of wireless APs, wired switches, and routers, eliminating the need to switch between multiple systems.
• Multiple Secure Access Methods: Supports OAuth 2.0, allowing secure login with Google, GitHub, Microsoft, and Feishu accounts, and is compatible with RADIUS authentication for dual-layer security.

•   Topology Planning and Operations Optimization: Allows full-network topology planning via a web interface, one-click import of network structure, and rapid deployment of new devices, significantly reducing operational costs.

Benefits:

With the TIP-based openWiFi controller installed, the switch not only performs traditional switching functions but also serves as an integrated switch and network management appliance.

Administrators can view network topology, device status, and traffic distribution through a visual interface, quickly detect anomalies, and improve overall operational efficiency and security of the campus network.

Ⅳ. Custom Operating System

When the pre-installed options do not meet specific requirements, users can choose to install a default Ubuntu or Debian system for fully customized development and deployment, unlocking unlimited possibilities.

This flexibility transforms the switch from a standard network device into a programmable, high-performance server platform.

Benefits:

• High-Performance Computing: The built-in DPU delivers performance comparable to an independent Linux system with an 8-core CPU and 2T switching capability, supporting complex computations, traffic processing, and high-throughput network applications.
• Containerization and Cloud-Native Support: Supports container platforms such as Docker and Podman, and enables Kubernetes (K8s) cluster deployment, suitable for microservices and Network Functions Virtualization (NFV) scenarios.
• Flexible Storage Expansion: Each DPU supports one NVMe slot, allowing optional SSD configuration to expand storage capacity and I/O performance, ensuring support for high-performance databases, log storage, and big data applications.

 Application Scenarios: It can be used as a custom router, edge computing node, network functions virtualization (NFV) platform, or high-performance development and testing environment, meeting the diverse needs of enterprise campuses, data centers, or service provider networks.

Conclusion

One Key Highlight: The device is equipped with two high-performance Marvell OCTEON 10 CN103 DPUs, providing users with significant deployment flexibility. This allows a single SONiC switch to run two or even three different operating systems concurrently, enabling multiple functions to operate in parallel.

For example, one DPU can run SONiC to focus on high-speed switching and routing; another DPU can run Ubuntu or Debian for custom applications and containerized services; or an OpenWiFi-compatible controller can be deployed to provide unified visibility and management of a campus network.

This multi-system parallel design fully utilizes the DPU’s high-performance computing and network processing capabilities while maximizing hardware resource usage. By flexibly combining operating systems and applications, users can run high-performance switching, network security, custom development, and unified management on a single device, providing a stable and scalable foundation for deployment and operations in complex network environments.

Contact US !

• Join the discussion or leave your message in the Enterprise & Campus Column.
• To receive timely and relevant information from Asterfusion, sign up at AsterNOS Community Portal
• To submit a case, visit Support Portal.
• To find user manuals for a specific command or scenario, access AsterNOS Documentation
• To find a product or product family, visit Asterfusion-cloudswit.ch .
• To contact Sales, Send E-Mail to bd@cloudswit.ch