_dependent_multi_inst_dependent* for multi instance services.
+
+Example of required code change for swss is given below [swss.sh](https://github.com/Azure/sonic-buildimage/blob/master/files/scripts/swss.sh):
+
+```bash
+DEPENDENT="radv dhcp_relay"
+MULTI_INST_DEPENDENT="teamd"
+```
+
+```
+DEPDENDENT=$(cat /etc/sonic/${SERVICE}_dependent)
+MULTI_INST_DEPENDENT=$(cat /etc/sonic/${SERVICE}_multi_inst_dependent)
+```
+
+The infrastructure is not deciding whether this script is needed for a particular package or not based on warm-reboot requirements or
+container lifetime hooks provided by a feature, instead this script is always generated and if no specific actions descirbed above
+are needed it becomes a simple wrapper around a script under /usr/bin/.
+
+Examples are [swss.sh](https://github.com/Azure/sonic-buildimage/blob/master/files/scripts/swss.sh),
+[syncd.sh](https://github.com/Azure/sonic-buildimage/blob/master/files/scripts/syncd.sh),
+[bgp.sh](https://github.com/Azure/sonic-buildimage/blob/master/files/scripts/bgp.sh). These scripts
+share a good amount of code, thus making it possible to templatize into a single script that can be parametrized
+during generation according to feature needs - place lifecycle action hooks and dependent service management.
+
+Every service that the starting service requires should be started as well and stopped when a service is stopped but only if a service
+is doing a cold start. This means when a new package is installed it might affect the other scripts. So after all dependencies are known
+after installation all the service scripts under */usr/local/bin/* are re-generated.
+
+
+###### manifest path
+
+| Path | Type | Mandatory | Description |
+| ---------------------------- | --------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| /service/dependent-of | lits of strnigs | no | List of SONiC services this application is dependent of.Specifying in this option a service X, will regenerate the /usr/local/bin/X.sh script and upgrade the "DEPENDENT" list with this package service.
This option is warm-restart related, a warm-restart of service X will not trigger this package service restart.
On the other hand, this service package will be started, stopped, restarted togather with service X.
Example:
For "dhcp-relay", "radv", "teamd" this field will have "swss" service in the list. |
+| /service/post-start-action | string | no | Path to an executable inside Docker image filesystem to be executed after container start.
A package may use this field in case a systemd service should not reach started state before some condition. E.g.: A database service should not reach started state before redis process is not ready. Since, there is no control, when the redis process will start a "post-start-action" script may execute "redis-cli ping" till the ping is succeessful. |
+| /service/pre-shutdown-action | string | no | Path to an executable inside Docker image filesystem to be executed before container stops.
A uses case is to execute a warm-shutdown preparation script.
A script that sends SIGUSR1 to teamd to initiate warm shutdown is one of such examples. |
+
+
+##### /usr/bin/*feature*.sh
+
+The script under /usr/bin/ starts, stops or waits for container exit. This script is auto-generated during build time from
+[docker_image_ctl.j2](https://github.com/Azure/sonic-buildimage/blob/4006ce711fa6545b0870186ffa05d4df24edb8b7/files/build_templates/docker_image_ctl.j2).
+To allow a runtime package installation, it is required to have this file as part of SONiC image and put it in
+*/usr/share/sonic/templates/docker_image_ctl.j2*. The Jinja2 template will accept three arguments, *docker_container_name*,
+*docker_image_name* and *docker_run_options*, which derive from the */container/* node from manifest. Besides of options
+defined in the manifest, the following default are used to start container to allow container to access base SONiC resources,
+like database and syslog:
+
+```
+docker create {{ docker_run_options }}
+ --net=$NET \
+ --uts=host \
+ --log-opt max-size=2M --log-opt max-file=5 \
+ -v /var/run/redis$DEV:/var/run/redis:rw \
+ $REDIS_MNT \
+ -v /usr/share/sonic/device/$PLATFORM:/usr/share/sonic/platform:ro \
+ -v /usr/share/sonic/device/$PLATFORM/$HWSKU/$DEV:/usr/share/sonic/hwsku:ro \
+ --env "NAMESPACE_ID"="$DEV" \
+ --env "NAMESPACE_PREFIX"="$NAMESPACE_PREFIX" \
+ --env "NAMESPACE_COUNT"=$NUM_ASIC \
+ --name={{docker_container_name}}$DEV {{docker_image_name}}
+```
+
+
+###### manifest path
+
+| Path | Type | Mandatory | Description |
+| ----------------------------- | --------------- | --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| /container/privileged | string | no | Start the container in privileged mode. Later versions of manifest might extend container properties to include docker capabilities instead of privileged mode. Defaults to False. |
+| /container/volumes | list of strings | no | List of mounts for a container. The same syntax used for '-v' parameter for "docker run".
Example: "\:\:\". Defaults to []. |
+| /container/mounts | list of objects | no | List of mounts for a container. Defaults to []. |
+| /container/mounts/[id]/source | string | yes | Source for mount |
+| /container/mounts/[id]/target | string | yes | Target for mount |
+| /container/mounts/[id]/type | string | yes | Type for mount. See docker mount types. |
+| /container/tmpfs | list of strings | no | Tmpfs mounts. Defaults to [] |
+| /container/environment | dict | no | Environment variables for Docker container (key=value). Defaults to {}. |
+
+
+### Initial Extension Configuration
+
+SONiC Package can provide an the initial configuration it would like to start with after installation.
+The JSON file will be loaded into running CONFIG DB and boot CONFIG DB file during installation.
+
+
+###### manifest path
+
+| Path | Type | Mandatory | Description |
+| ----------------- | ---- | --------- | ----------------------------------------------------------------- |
+| /package/init-cfg | dict | no | Default package configuration in CONFIG DB format. Defaults to {} |
+
+
+Example:
+```json
+{
+ "package": {
+ "init-cfg": {
+ "CPU_REPORT": {
+ "global": {
+ "report-interval": "5"
+ }
+ }
+ }
+ }
+}
+```
+
+### CLI extension
+
+SONiC utilities support *show*, *config*, *sonic-clear* operations. A plugin approach is taken when extending those utilities.
+A common way to introduce a plugin support for a python application is to structure a plugin as a python module that can be
+discovered by the application in a well known location in the system.
+
+The proposed location is a package directory named *plugins* under each *show*, *config*, *sonic-clear* python package,
+so that by iterating modules inside those packages utilities can load them.
+This is implemented in a way defined in
+[Python Packaging Guide. Creating and discovering plugins](https://packaging.python.org/guides/creating-and-discovering-plugins/#using-namespace-packages).
+
+A code snipped describing the approach is given:
+
+```python
+import show.plugins
+
+def iter_plugins_namespace(ns_pkg):
+ return pkgutil.iter_modules(ns_pkg.__path__, ns_pkg.__name__ + ".")
+
+discovered_plugins = {
+ name: importlib.import_module(name)
+ for finder, name, ispkg
+ in iter_namespace(show.plugins)
+}
+```
+
+A plugin will register it's sub-commands so that any utility will have a new sub-command group.
+The SONiC package *can* provide a CLI plugin that will be installed into the right location during package
+installation and then discovered and loaded by CLI. Later, once YANG CLI auto-generation tool is ready,
+the plugin will be auto-generated and all command conflicts will be checked in advance during installation.
+
+In this approach it is easy to extend CLI with new commands, but in order to extend a command which is already
+implemented in sonic-utilities the code in sonic-utilities base has to be implemented in an extendable manner.
+
+
+###### Example
+
+For dhcp-relay feature, it is needed to extend the CLI with a new sub-command for vlan, which is easily implemented
+by declaring a new sub-command:
+
+*show/plugins/dhcp_relay.py*:
+```python
+from show.vlan import vlan
+
+@vlan.command()
+def dhcp_relay():
+ pass
+```
+
+Extending an existing command like "show vlan brief" will require to rewrite it in an extandable way:
+
+*show/vlan.py*:
+```python
+class VlanBrief:
+ COLUMNS = [
+ ("VLAN ID", get_vlan_id),
+ ("IP address", get_vlan_ip_address),
+ ("Ports", get_vlan_ports),
+ ("Port Tagging", get_vlan_ports_tagging)
+ ]
+```
+
+*show/plugins/dhcp_relay.py*
+```python
+
+def get_vlan_dhcp_relays(vlan):
+ pass
+
+VlanBrief.COLUMNS.append(("DHCP Helper Address", get_vlan_dhcp_relays))
+```
+
+NOTE: In this approach or in approach with auto-generated CLI an output of the command may change when a package is installed,
+e.g. DHCP Helper Address may or may not be present in CLI depending on installed package. Thus all automation, testing tools
+ave to be also auto-generated from YANG in the future.
+
+
+###### manifest path
+
+| Path | Type | Mandatory | Description |
+| ---------------------- | ------ | --------- | --------------------------------------------------------------- |
+| /cli/mandatory | boolean| no | Wether CLI is a mandatory functionality for the package. Default: False. |
+| /cli/show-cli-plugin | string | no | A path to a plugin for sonic-utilities show CLI command. |
+| /cli/config-cli-plugin | string | no | A path to a plugin for sonic-utilities config CLI command. |
+| /cli/clear-cli-plugin | string | no | A path to a plugin for sonic-utilities sonic-clear CLI command. |
+
+### SONiC Processes and Docker Statistics Telemetry Support
+
+[Processes And Docker Stats Telemetry HLD](https://github.com/Azure/SONiC/blob/master/doc/system-telemetry/process-docker-stats.md)
+
+This feature should be supported by SONiC Application Extension without any changes to existing feature implementation.
+
+### Feature Concept Integration
+
+SONiC controls optional feature (aka services) via FEATURE table in CONFIG DB. Once SONiC Package is installed in the system and
+it must be treated in the same way as any optional SONiC feature.
+The SONiC package installation process will register new feature in CONFIG DB.
+
+[Optional Feature HLD Reference](https://github.com/Azure/SONiC/blob/master/doc/Optional-Feature-Control.md)
+
+Features are configured in *FEATURE* table in *CONFIG DB* and backend - *hostcfgd* daemon - enables, disables features according
+to the configuration. Default desired state for a SONiC Application Extension is "disabled". After installation, user can enable the feature:
+
+```
+admin@sonic:~$ sudo config feature featureA enabled
+```
+
+### Multi-DB support
+
+Application should be using swss-common library or swsssdk which take care of discovering database instances.
+
+### Configuration Reload
+
+*config reload* & *config load_minigraph* are used to clear current configuration and import new configuration from the input file
+or from /etc/sonic/config_db.json. This command shall stop all services before clearing the configuration and then restarts those services.
+Thus, any service that consumes CONFIG DB data has to be restarted on reload commands.
+
+As of today, *config reload* command implementation has a hard-coded list of services it needs to restart on reload.
+A service is restarted in this case if its dependency is restarted (like swss) or it is restarted explicitly by *config reload*.
+A problem arises when the switch will run a service which sonic-utilities is not aware about. Thus, a solution is proposed
+in which *reload* command implementation is not aware of exact list of services and order they should be restarted:
+
+1. There will be a new target unit in systemd called – sonic.target that is wanted by ‘multi-user.target’
+
+2. Every existing or newly installed extension service that requires restart on config reload would have the following
+ configuration in service file:
+
+```
+[Unit]
+BindsTo=sonic.target
+After=sonic.target
+
+[Install]
+WantedBy=sonic.target
+```
+
+* "WantedBy" tells systemd to start services when target starts.
+* "BindsTo" and "After" guaranty that services bound to sonic.target will be stopped
+ and the operation will be blocked till all services stop. Otherwise, service stop
+ can overlap with subsequent "restart" action.
+
+3. Config reload would be simplified to:
+
+```
+systemctl stop sonic.target
+systemctl reset-failed `systemctl list-dependencies --plain sonic.target`
+systemctl restart sonic.target
+```
+
+
+
+A different approach is considered to make easier config reloads. Every SONiC service that has to be restarted on config reload can be defined
+as *PartOf* sonic.target. So the *systemctl restart sonic.target* will restart those services in the ordering is managed by systemd without a
+need to update the list of services in CLI.
+
+### System Dump
+
+SONiC Package *can* specify a command to execute inside container to get the debug dump that should be included in system dump file.
+This command should be specified in manifest. A command should write its debug dump to stdout which will be gzip-ed into a file
+during *show techsupport* execution. This file will be included in techsupport under *dump/\/dump.gz*.
+
+
+###### manifest path
+
+| Path | Value | Mandatory | Description |
+| ------------------- | ------ | --------- | ------------------------------------------- |
+| /package/debug-dump | string | No | A command to be executed during system dump |
+
+### Multi-ASIC
+
+Based on current Multi-ASIC design, a service might be a host namespace service, like telemetry, SNMP, etc., or replicated per each ASIC namespace,
+like teamd, bgp, etc., or running in all host and ASICs namespaces, like lldp. Based on */host-namespace* and */per-namespace* fields in manifest,
+corresponding service files are created per each namespace. *systemd-sonic-generator* is invoked to create and install service units per each namespace.
+
+
+###### manifest path
+
+| Path | Value | Mandatory | Description |
+| --------------------- | ------- | --------- | ----------------------------------------------------------------------------------- |
+| /service/host-service | boolean | no | Multi-ASIC field. Wether a service should run in host namespace. Default is True. |
+| /service/asic-service | boolean | no | Multi-ASIC field. Wether a service should run per ASIC namespace. Default is False. |
+
+### Warmboot and Fastboot Design Impact
+
+A SONiC package can specify an order of shutdown on warm-reboot for a service. A "bgp" may specify "radv" in this field in order to avoid radv
+to announce departure and cause hosts to lose default gateway, while "teamd" service has to stop before "syncd", but after "swss" to be able to
+send the last LACP PDU though CPU port right before CPU port becomes unavailable.
+
+The warm-reboot and fast-reboot service shutdown scripts have to be auto-generated from a template */usr/share/sonic/templates/fast-shutdown.sh.j2*
+and */usr/share/sonic/templates/warm-shutdown..sh.j2* wich are symbolic links to the same template. The templates are derived from the fast-reboot
+script from sonic-utlities.
+
+A services shutdown is an ordered executions of *systemctl stop {{ service }}* commands with an exception for "swss" service after which a syncd
+pre-shutdown is requested and database backup is prepared for next boot. A service specific actions that are executed on warm-shutdown are hidden
+inside the service stop script action.
+
+NOTE: the assumption here is that syncd pre-shutdown is bound to swss service stop when swss service is doing system level shutdown.
+
+The *\*-shutdown.sh* are imported and executed in corresponding *\*-reboot* scripts.
+
+
+###### warm-shutdown.sh.j2 snippet
+
+```jinja2
+...
+{% for service in shutdown_orider %}
+systemctl stop {{ service }}
+{% endfor %}
+...
+```
+
+*warmboot-finalizer.sh* script must also be templatized and updated based on process *reconciles* flag.
+
+
+###### manifest path
+
+| Path | Value | Mandatory | Description |
+| ----------------------------- | --------------- | --------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| /service/warm-shutdown/ | object | no | Warm reboot related properties. Used to generate the warm-reboot script. |
+| /service/warm-shutdown/after | lits of strings | no | Warm shutdown order dependency. List of SONiC services the application is set to stop after on warm shutdown.Example: a "bgp" may specify "radv" in this field in order to avoid radv to announce departure and cause hosts to lose default gateway.
*NOTE*: Putting "radv" here, does not mean the "radv" should be installed as there is no such dependency for the "bgp" package. |
+| /service/warm-shutdown/before | lits of strings | no | Warm shutdown order dependency. List of SONiC services the application is set to stop before on warm shutdown.
Example: a "teamd" service has to stop before "syncd", but after "swss" to be able to send the last LACP PDU though CPU port right before CPU port becomes unavailable. |
+| /service/fast-shutdown/ | object | no | Fast reboot related properties. Used to generate the fast-reboot script. |
+| /service/fast-shutdown/after | lits of strings | no | Same as for warm-shutdown. |
+| /service/fast-shutdown/before | lits of strings | no | Same as for warm-shutdown. |
+| /processes | object | no | Processes infromation |
+| /processes/[name]/reconciles | boolean | no | Wether process performs warm-boot reconciliation, the warmboot-finalizer service has to wait for. Defaults to False. |
+
+
+
+### SONiC-2-SONiC upgrade
+
+SONiC-2-SONiC upgrade shall work for SONiC packages as well. An upgrade will take the new system *packages.json* and version requirements
+and do a comparison between currently running and new SONiC image.
+
+
+###### Package migration scenarios
+
+| Package | Version | Action |
+| -------------------- | ------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------- |
+| Non built-in package | Default version defined in *packages.json* in new SONiC image is greater then in current running SONiC image | Perform a package installation/upgrade in new SONiC image |
+| Non built-in package | Default version defined in *packages.json* in new SONiC image is less then in current running SONiC image | Perform a package installation/upgrade in new SONiC image of currently running package version. |
+
+The old *packages.json* and new *packages.json* are merged together and updated in new SONiC image.
+
+Since the installation or upgrade of packages are required to be done on SONiC image installation time a new SONiC image filesystem
+needs to be mounted and *dockerd* has to be started in the chroot environment of new image as it is a requisite of *sonic-package-manager*.
+
+CONFIG DB shall not updated with initial config of the package and a new feature in the FEATURE table in this scenario. A package should
+keep it's configuration backward compatible with old version. After installation succeeded and reboot into new image is performed all
+previously installed extensions should be available.
+
+An option to skip migrating packages will be added for users that want to have a clean SONiC installation:
+
+```
+admin@sonic:~$ sudo sonic-installer install -y sonic.bin --no-package-migration
+```
+
+
+### Kubernetes & SONiC Application Extension
+
+[Kubernetes HLD](https://github.com/Azure/SONiC/blob/be12cc665c316348352b868f515714f202861f63/doc/kubernetes/Kubernetes-support.md)
+
+This section is WIP and describes the approach in very high level and needs more deep investigation.
+
+The first thing to note here is that a Kubernetes manifest file can be auto-generated from SONiC Package manifest as it cat provide all the info about
+how to run the container. This manifest auto-generation is related to Kubernetes master changes while we will be focusing on SONiC OS side, so it is out of
+the scope here.
+
+Besides of the manifest on the master, the SONiC switch has to have service files, configs, scripts installed for the feature.
+
+1. Package installed through SONiC package manager.
+
+During package installation these necessary components will be auto-generated and installed on the switch. The auto-generation must honor new requirements
+to support "local" and "kube" modes when in "local" mode the container gets started on systemctl start, while in "kube" mode the appropriate feature label
+is set.
+
+2. Docker container upgrades through Kubernetes.
+
+During that processes a new Docker container gets deployed and run on the switch. Kubernetes managed features introduces a state machine for a running
+container that is reflected in the STATE DB. When container starts it sets its state as "pending" and waits till there is a "ready" flag set.
+
+A state-db-watcherd is listening to those changes. If there is a need to regenerate service file and scripts it initiates sonic-package-manager
+upgrade re-generation processes. Since the image is already downloaded and running but pending, the package manifest can be read and based on manifest
+it can generate the required files. Then, the state-db-watcherd can proceed to systemctl stop old container, systemctl start new container
+where the container_action script set the container state to "ready" and the container resumes to run the applications.
+
+3. Docker container deploy through Kubernetes.
+
+The case describe the scenario when the user is setting a label via "config kube label add =". If labels match the manifest on the master
+the docker image gets deployed. Using the same approach, between "pending" and "ready" states an auto-generation process can happen and register the
+Docker as a new package. With that, a deployed image will become an installed SONiC Package, that can be managed in "local" mode as well.
+
+
+### 3rd party Docker images
+
+
+### Installing 3rd party image as is.
+
+It is possible to install 3rd party Docker images if the installer will use a default manifest. This default manifest will have only mandatory fields
+and an auto-generated service will require only "docker" service to be started. The name of the service is derived from the name of the Package in *packages.json*.
+
+Default manifest:
+```json
+{
+ "service": {
+ "name": "",
+ "requires": "docker",
+ "after": "docker"
+ }
+}
+```
+
+The default container run configuration have to be skipped for 3rd party Docker images. E.g. "--net=host", "-e NAMESPACE=$DEV" are not required
+for 3rd party unless. 'asic-service' field is ignored for 3rd party Docker image in this case.
+This settings have to be present in *container* properties in manifest.
+
+3rd party Docker image, as it has no knowledge of SONiC, will not meet the requirements described in section [SONiC Package]((#sonic-package)).
+Thus, for such Docker images the limitations are:
+- can be locally managed only, as the requirement for kube managed features is not met.
+
+Another possibility is to allow users to provide a manifest file URL.
+
+An example of the flow for a collectd Docker image:
+```
+admin@sonic:~$ sudo sonic-package-manager repository add collectd puckel/docker-collectd
+admin@sonic:~$ sudo sonic-package-manager install collectd --manifest https://some-server/manifests/collectd/manifest.json
+```
+
+The manifest is saved under */var/lib/sonic-package-manager/collectd/manifest.json* for future access.
+
+
+
+### Prepare 3rd party image as to be SONiC compliant
+
+This will require to build a new image based on existing 3rd party Docker image and do the change according to requirements described in
+[SONiC Package]((#sonic-package)).
+
+
+### SONiC Build System
+
+#### SONiC SDK Docker Images
+
+SONiC build system will provide three docker images to be used as a base to build SONiC application
+extensions - *sonic-sdk-buildenv*, *sonic-sdk* and *sonic-sdk-dbg*.
+
+*sonic-sdk* will be based on *docker-config-engine* with addition of packages needed at run time:
+
+- libhiredis
+- libnl*
+- libswsscommon
+- python3-swsscommon
+- libsairedis
+- libsairedis
+- libsaimeta
+- libsaimetadata
+
+Corresponding *-dbg* packages will be added for *sonic-sdk-dbg* image. A list of packages will be extended on demand
+when a common package is required by community. If a package is required but is specific to the SONiC package
+it should not be added to this list.
+
+*sonic-sdk-buildenv* is based on *sonic-sdk* and has common SONiC packages required to build SONiC package.
+The idea of this Docker image is a minimalistic sonic-slave container which contains only those packages which are
+SONiC specific. E.g. libswsscommon is SONiC specific as cannot be downloaded pre-built from Debian repositories.
+On the other hand, libteam and teamd are container specific and should be built per SONiC package which require these
+packages.
+
+The list of packages added to *sonic-sdk-buildenv* in addition to *sonic-sdk*:
+
+- build-essential
+- libhiredis-dev
+- libnl*-dev
+- libswsscommon-dev
+- libsairedis-dev
+- libsaimeta-dev
+- libsaimetadata-dev
+- tools, etc.
+
+
+#### SONiC SDK Build Metadata
+
+The SDK images built should be labeled with metadata about the build to give the user an idea about base OS version
+compatibility as well as some core packages version compatibility. Packages like *libswsscommon* and *libsairedis*
+have a relation to database, swss, syncd containers they were built togather with.
+
+The SDK components versions are saved into labels:
+
+```
+LABEL com.azure.sonic.versions.libswsscommon
+LABEL com.azure.sonic.versions.libsairedis
+```
+
+The following list of additional labels are going to be used:
+
+```
+LABEL com.azure.sonic.sdk.config-engine
+LABEL com.azure.sonic.sdk.database
+LABEL com.azure.sonic.sdk.swss
+LABEL com.azure.sonic.sdk.syncd
+```
+
+
+#### SONiC SDK Usage with Docker Multi-Stage Builds
+
+The user of those Docker images can levarage Docker Multi-Stage Builds to efficiently use both build environment image
+and runtime image:
+
+```Dockerfile
+FROM sonic-sdk-buildenv:1.0.2 as buildenv
+
+WORKDIR /src/application
+RUN debuild -b -us -uc -j$(nproc)
+
+FROM sonic-sdk:1.0.2 as runenv
+
+COPY --from=buildenv /src/application_1.0.0_amd64.deb /tmp/
+RUN dpkg -i /tmp/application_1.0.0_amd64.deb
+
+ENTRYPOINT /usr/bin/application
+```
+
+
+#### SONiC SDK Disk Space Usage Optimizations
+
+SONiC Packages might or might not use SONiC SDK but it is strongly advised to be based on SONiC SDK due to disk space optimizations.
+Ideally, all SONiC Packages use the same version of SONiC SDK; in this case Docker maintains a single copy of SONiC SDK image.
+The worst scenario will be when all SONiC Packages use different version of SONiC SDK and SONiC SDK use different versions of
+base debian distribution; in this case Docker will need to have copies of all base layers. This may increase the total size of
+SONiC image twice or more depending on the number of SONiC packages installed.
+
+Considering the fact that within a release the base debian Docker image does not change and SONiC SDK libraries change rarely
+comparing to the packages this should not be a big concern. The versioning information put in a labels of SONiC SDK Docker image
+may help the user to install or upgrade packages considering disk space optimization either manually or the sonic-package-manager
+might be extended with an option to do disk space optimization. In any case, while only limited number of Dockers will become SONiC
+packages this is not a big concern.
+
+### SAI API
+
+No SAI API changes required for this feature.
+
+### Restrictions/Limitations
+
+The current design puts the following restrictions on SONiC packages that can be managed by Application Extension Framework:
+- No support to do ASIC programming from extension.
+- No support for REST/Klish CLI/gNMI extensions
+
+### Testing Requirements/Design
+
+(TODO)
+
+
+#### Unit Test cases
+
+(TODO)
+
+
+#### System Test cases
+
+(TODO)
+
+### Open/Action items
diff --git a/doc/sonic-application-extention/sonic-versioning-strategy.md b/doc/sonic-application-extention/sonic-versioning-strategy.md
new file mode 100644
index 00000000000..1dd60084459
--- /dev/null
+++ b/doc/sonic-application-extention/sonic-versioning-strategy.md
@@ -0,0 +1,212 @@
+
+# SONiC OS & SONiC Docker Images Versioning
+
+
+#### Rev 0.1
+
+
+## Table of Content
+- [SONiC Package API](#sonic-package-api)
+- [SONiC Package Releases](#sonic-package-releases)
+- [Conventional Commits](#conventional-commits)
+- [SONiC Package Versioning Rules](#sonic-package-versioning-rules)
+- [SONiC Packages Versioning](#sonic-packages-versioning)
+- [Base OS versioning](#base-os-versioning)
+- [Base OS API that a package uses](#base-os-api-that-a-package-uses)
+- [Open Questions](#open-questions)
+
+
+## List of Figures
+
+### Revision
+
+| Rev | Date | Author | Change Description |
+|:---:|:-----------:|:-----------------------:|--------------------------------------|
+| 0.1 | 02/2021 | Stepan Blyshchak | Initial Proposal |
+
+### Overview
+
+This document provides guidelines on how to do versioning for SONiC Docker Images using to semantic versioning strategy.
+
+
+#### Motivation
+
+With new SONiC Application Extension Infrastructure SONiC Dockers and SONiC Base OS can be seperated and distributed individually.
+SONiC Dockers (aka SONiC Packages) can be installed, upgraded invididually from other. This creates a new problem which needs to be
+solved - compatibility between dependend Dockers and host OS. SONiC Application Extension Infrastructure provides a way to specify
+the package version dependency using semantic versioning (https://semver.org). This document provides a guideline on how to increment
+version numbers correctly on releases.
+
+## SONiC Package API
+
+First of all, a clear definition of what is package API needs to be provided:
+
+SONiC package API is Redis DB interface including:
+ - CONFIG DB, APPL DB, STATE DB tables schema provided by this package
+
+If any other kind of API is exposed by the SONiC Package it should be accounted as package API.
+
+## SONiC Package Releases
+
+As of today (202012 release), all SONiC Docker Images are released together with SONiC OS. With SONiC Application Extension
+Infrastructure SONiC Dockers are released independently. On every release an increment in package version number is required.
+The exact number in version that needs to be incremented depends on the type of changes comparing to previously released
+package.
+
+Types of changes:
+ - Breaking change: backwards incompatible change; reflects in ***major*** version number
+ - New functionality: backward compatible change; reflects in ***minor*** version number
+ - Bug fixes or enhancement; reflects in ***patch*** version number
+
+## Conventional Commits
+
+In order to help ***package maintainers*** to understand whether a breaking change was introduced
+comparing to previous release or a new functionality was included all SONiC repositories *can*
+follow conventional commits (https://www.conventionalcommits.org/en/v1.0.0/):
+
+e.g:
+
+```
+feat: Introduce new methods in ConsumerTable
+
+BREAKING CHANGE: this feature breaks the Consumer/Producer based IPC
+```
+
+## SONiC Package Versioning Rules
+
+- A package is published with a bug fix or enhancement whenever ***package maintainer decides*** to do so.
+- Manual version update ***is required*** when SONiC Package releases
+- On package release ***package maintainer must*** check package API compatibility comparing to previously released package
+- In case API changed comparing to previous release ***package maintainer must*** must increment major version
+- In case new backwards compatible changes were made comparing to previous release ***package maintainer must*** must increment minor version
+- *Patch* version is updated on changes which do not introduce any changes to the API
+- On package release ***package maintainer can*** update package dependencies
+
+**NOTE**: SONiC package version has no correlation to a SONiC release. While keeping API of dependencies compatible a package can work across different SONiC releases.
+
+Package maintainer may choose to maintain a single repository and have there packages that can work accross different releases or maintain a repository per SONiC release.
+
+***package maintainer can*** update *default-reference* in package.json in SONiC buildimage to point to a default version which will be used when user installs a package.
+
+## Base OS versioning
+
+## Base OS API that a package uses
+
+- SONiC utilities
+ - This is a ***sonic-utilities contributor responsibility***
+- Dependence on a new kernel functionality must be recorded in minor version
+ - This is a ***package maintainer responsibility***
+ E.g.: a patch in kernel to support 3-tuple conntrack entries that NAT docker depends on.
+- SONiC host service (D-Bus based communication)
+- etc.
+
+
+# Examples
+
+1. Changed the API and optionally introduced new API or other changes not related to API:
+
+```
+major.minor.patch => (major + 1).minor.patch
+```
+
+2. Introduced new API and optionally other changes:
+
+```
+major.minor.patch => major.(minor + 1).patch
+```
+
+3. Enhancements and bug fixes, SONiC SDK update, manifest update, etc.:
+
+```
+major.minor.patch => major.minor.(patch + 1)
+```
+
+*NOTE*: It is possible to maintain same version in two repositories, e.g. for two different SONiC releases:
+
+azure/sonic-foo-202106:1.2.3
+azure/sonic-foo-202112:1.2.3
+
+4. Dependency changes
+
+Considering the following package foo:
+
+```json
+{
+ "package": {
+ "name": "foo",
+ "version": "1.2.3",
+ "depends": [
+ {
+ "name": "swss",
+ "version": "^1.0.0"
+ }
+ ]
+ }
+}
+```
+
+4.1 Package foo depends on swss API ^1.0.0. Now if swss upgrades to 2.0.0, but foo uses only few tables from swss APPL DB that didn't change a new package of foo has to be released, updating package dependencies:
+
+foo's manifest:
+
+```json
+{
+ "package": {
+ "name": "foo",
+ "version": "1.2.4",
+ "depends": [
+ {
+ "name": "swss",
+ "version": "^1.0.0,^2.0.0"
+ }
+ ]
+ }
+}
+```
+
+4.2 In case swss tables used by foo have changed, foo has to change by releasing a new package with updated dependency:
+
+```json
+{
+ "package": {
+ "name": "foo",
+ "version": "1.2.4",
+ "depends": [
+ {
+ "name": "swss",
+ "version": "^2.0.0"
+ }
+ ]
+ }
+}
+```
+
+4.3 In case swss tables used by foo have changed, foo's developer might still want to support swss 1.0.0. In that case infrastructure can pass dependencies versions in environment variables when starting the container, foo's application can read the environment "SWSS_VERSION" knowing which exactly API to choose. This case is similar to 4.1 as new foo package will support both ^1.0.0 & ^2.0.0
+
+5. Dependencies SDK changes
+
+An infrastructure can detect wether package foo is using SDK componenet major version same as foo's dependencies. This automatic check does not require package maintainer additional manifest configuration.
+
+For more control foo developer can specify more exact rules.
+
+For example, foo is only using swss::Table, while a breaking change appeared in swss::ProducerStateTable/swss::ConsumerStateTable. foo's developer can update package to work with new SDK in swss as well:
+
+```json
+{
+ "package": {
+ "name": "foo",
+ "version": "1.2.4",
+ "depends": [
+ {
+ "name": "swss",
+ "version": "^1.0.0",
+ "components": {
+ "libswsscommon": "^1.0.0,^2.0.0"
+ }
+ }
+ ]
+ }
+}
+```
+
+## Open Questions
+
+
+
+
+
+
+