[warm-reboot][Multi-ASIC] Add Multi-ASIC warm-reboot HLD

[stepanblyschak]

Repo	PR title	state
sonic-buildimage	[multi-asic] Add --netns option to sonic-db-dump
sonic-buildimage	[multi-asic][docker-wait-any] check warm-restart in correct namespace
sonic-buildimage	[multi-asic] Support per-ASIC /host/warmboot$DEV
sonic-buildimage	[multi-asic][finalize-warmboot] support Multi-ASIC systems
sonic-utilities	[lag_keepalive] add --namespace option
sonic-utilities	[teamd_retry_count] Add support for --namespace parameter
sonic-utilities	[warm/fast-reboot] check per-ASIC FW upgrade status
sonic-utilities	[check_db_integrity] Add NETNS environment
sonic-utilities	[centralize_database] Add --namespace option
sonic-utilities	[multi-asic][warm-reboot] Support warm-reboot on Multi-ASIC systems
sonic-utilities	[multi-asic][warm_restart] add Multi-ASIC support for warm_restart commands
sonic-platform-daemons	[xcvrd] add multi-ASIC support for warm boot scenarios

[mssonicbld]

/azp run

[azure-pipelines]

No pipelines are associated with this pull request.

[mssonicbld]

/azp run

[azure-pipelines]

No pipelines are associated with this pull request.

[mssonicbld]

/azp run

[azure-pipelines]

No pipelines are associated with this pull request.

[selva-nexthop]

Please xplicitly state whether multi-ASIC warm-reboot applies to:
(a) Fixed multi-ASIC systems (e.g., leaf switch with N ASICs in single chassis)
(b) VOQ/Chassis systems (distributed line card + fabric card architecture)
(c) Both architectures

CONTEXT: The VOQ HLD (doc/voq/voq_hld.md) explicitly states "warm restart NOT
supported in Phase 1" with CHASSIS_APP_DB configured as persistence_for_warm_boot: "no".

If VOQ systems are NOT supported, this must be documented in:

• Scope section (as explicit limitation)
• Testing section (VOQ excluded from test cases)
• Release notes (to prevent user confusion)

If VOQ systems ARE supported, the following must be addressed:

• How is CHASSIS_APP_DB checkpoint handled despite persistence_for_warm_boot: "no"?
• System port state recovery mechanism
• VOQ scheduler state checkpoint (not exposed in SAI)
• Fabric ASIC coordination during warm-reboot

[stepanblyschak]

Fixed multi-ASIC where all ASICs are frontend ASICs, no interconnect between ASICs.
We do not plan support for other flavors

[selva-nexthop]

It means, this HLD is NOT for voq chassis with multi-ASIC linecards having iBGP inter-connection? Please specify the flavors which will not be covered with this HLD.

[selva-nexthop]

What about the Warmboot_Manager_HLD.md (https://github.com/stepanblyschak/SONiC/blob/30b75ef6b5ee62edb4dd79b9b22d2d8a5ad5860e/doc/warm-reboot/Warmboot_Manager_HLD.md) ? This seems to be improved warmboot architecture and what will be the impact of this architecture to this HLD?

[stepanblyschak]

We do not plan to integrate with warmboot manager

[selva-nexthop]

checkpoint atomicity? if database{0} succeeds but database{1} fails, what happens? if it is all-or-nothing atomicity policy, please mention the same.

[stepanblyschak]

asic1 is doing cold start, while asic0 is doing warm boot

[selva-nexthop]

How consistency is maintained?
e.g.
ASIC0 checkpoint → route via ASIC2 system port (saved)
Route update → path changes to via ASIC1
ASIC2 checkpoint → system port saved (now stale)

On restore: ASIC0 has stale route, ASIC2 has unused port
Result: Inconsistent routing table

[stepanblyschak]

All ASICs in this design are independent

[selva-nexthop]

Do N databases checkpoint in parallel or sequentially? Please specify execution model and failure handling

[stepanblyschak]

Parallel

[selva-nexthop]

Do databases restore with dependencies? Must global DB restore before per-ASIC DBs?

[stepanblyschak]

Yes, enforced by systemd

[selva-nexthop]

Do we need to have any synchronization between Port→Interface→Neighbor→Route phases to prevent cross-ASIC race conditions. Without this, ASIC0 may program routes to ASIC2 before ASIC2 completes interface setup → traffic blackholing.

[stepanblyschak]

There's no cross ASIC interactions in this design - all ASICs are frontend ASICs with no interconnect

[apannerselva]

Can you confirm the behavior of this feature during image upgrade/downgrade when a multi-asic warm-reboot is used?

[stepanblyschak]

Yes, this is applicable to upgrade. Please note, no downgrade is supported even on single asic.

[stepanblyschak]

Summary from community review meeting:

1. Enhance failure handling with orchagent_restart_check rollback. Opened a tracking issue - Enhancement:Implement Orchagent unfreeze operation for warm-boot recovery sonic-buildimage#25224. Will be planned separately.
2. Color code the warm-boot path in XCVRD flow diagrams: Done
3. Make sure (N+1)*MIN_HD_SPACE disk space is reserved on multi asic system, where N is the ASIC count. +1 - for global DB dump. Comment will be addressed in implementation PR - [multi-asic][warm-reboot] Support warm-reboot on Multi-ASIC systems sonic-utilities#4199 (comment)

[mssonicbld]

/azp run

[azure-pipelines]

No pipelines are associated with this pull request.

[mssonicbld]

/azp run

[azure-pipelines]

No pipelines are associated with this pull request.

[anilpannala]

Here is the HLD review recording link - https://zoom.us/rec/share/S1Re3IFE86dlG5FiBzLge0ktrlJdp-zJ1AZpySFTNrzksl7NEpgthkKiGOqX-3Rh._wH-5m_Pqz0gt-Pp?startTime=1769529435000