aside from finding new bugs here and there when attempting to configure things
OOB/last resort access is not the place you want to be discovering random bugs. That infra should be as rock solid and stable as you can possibly get for obvious reasons. On Mon, Dec 22, 2025 at 9:41 AM Ray Soucy via NANOG <nanog@lists.nanog.org> wrote:
I'll add that this is a great use case for VyOS. FWIW we've run VyOS in production (not just management roles) since 2014 on a deployment of nearly 80 units at 10G line rates, and aside from finding new bugs here and there when attempting to configure things, they've been rock solid through every upgrade cycle. It's a mature project, they take security updates and release management seriously, and it gives a great toolkit for building infrastructure out quickly... in a lot of different roles (routing, vpn, firewall, load-balancer, console server, etc).
On Sun, Dec 21, 2025 at 5:42 PM Ryan Hamel via NANOG < nanog@lists.nanog.org> wrote:
VyOS has a built-in conserver ( https://docs.vyos.io/en/latest/configuration/service/console-server.html ). All one needs is a box to put it on, and it allows for customization with serial ports, power, connectivity, and of course having a firewall for an out-of-band network. Considering the number of ways to deploy VPNs and setup conserver, this setup can allow for centralized "conserver" endpoints for quickly getting into devices.
Job had a presentation (
https://nlnog.net/static/nlnog_live_summer_2020/NLNOG_Live_Job_Snijders_NTT_... )
similar to what I described, but with a Cisco ISR router, replacing those older 2500 series devices.
Adair Thaxton did a presentation on Internet2's out-of-band setup ( https://youtu.be/ZuAZCA5lzww).
Dan Baxter did a presentation on cellular out-of-band ( https://youtu.be/hBX81XrXw18), which could be useful here.
Ryan Hamel
________________________________ From: Brandon Martin via NANOG <nanog@lists.nanog.org> Sent: Sunday, December 21, 2025 1:12 PM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Brandon Martin <lists.nanog@monmotha.net> Subject: Re: What are folks using for serial consoles these days?
Caution: This is an external email and may be malicious. Please take care when clicking links or opening attachments.
On 12/19/25 12:54, Chris Adams via NANOG wrote:
Cisco 2500 series used a 68EC030, which is a dumbed-down 68030 with no MMU. The Linux m68k project always required an MMU, so it would not run on that CPU.
FWIW, MMU-less Linux is a thing and is no longer a separate fork. It's supported by the mainline kernel sources. Just turn off CONFIG_MMU. M68k should be supported for this purpose along with most other popular architectures were MMUs are not an inherent part of the CPU architecture including ARM and PPC.
You also still need enough RAM. The bare minimum is 4MB, and 8MB is far more realistic, and that's just for the kernel itself.
The result, though, is a system with some serious limitations which was also true of the old uClinux fork. In particular, there's no way to run most standard ELF executables. You either need to use uclinux FLAT ABI images (which does not support dynamic linking at all) or the much newer (and with tenable toolchain support) FDPIC ELF ABI.
Either ABI imposes limitations on what userspace can do. For example, fork(2) doesn't work, though vfork does. OpenSSH doesn't even compile against the relevant headers IIRC, but dropbear does though I had trouble getting it to work at last attempt.
Support for various other features often considered sundry to Linux varies, too. For example, on ARMv7-M, causing a segmentation fault from userspace will crash the entire system with rather terse kernel panic instead of terminating the offending process. This is not a technical limitation but rather a lacking implementation. Debuggers also don't work properly and instead lock the system up (ditto regarding it not being a technical limitation AFAIK).
I'm not sure that really solves the desire to meaningfully run Linux of this platform for the purpose intended. -- Brandon Martin _______________________________________________ NANOG mailing list
<
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/OIWTGINA...
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/ZBF22VNO...
-- Ray Patrick Soucy Principal Cybersecurity Engineer University of Maine System _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/2RQA3NLB...