Hi,
I now also got my Vega switch and have been digging around.
Power Consumption
Very nice discovery at the start was that it can run off a ~0,33A 12V power supply if you just wanna log in and look around (didn’t have another at hand), so the power consumption must be really low.
Access
If you connect with a USB-C cable, you get two virtual serial devices, first one is serial console (115200baud) and second one is JTAG.
The switch has the default IP 192.168.40.253. It’s finished booting when it’s not lighting all LEDs anymore. I had one instance where it … didn’t finish. Removed power and plugged back in and everything was fine.
There’s a web interface listening on the IP, it supports Chinese and English. (admin/admin)
SSH can be enabled from the web interface and works with the same credentials as serial (root/milkv)
On the serial console and via SSH after enabling SSH you can log in and do not end up in a standard IOS-style CLI. You are in a buildroot embedded linux env instead.
OS
networking env
I wasn’t able to figure out things yet, but you’ll find a SQLite database there with all settings.
If anyone knows which daemon & interface the web app uses to push settings into the HW and database, we could start to understand how the management works.
The running Linux does see and talk about network changes, i.e. a power going up or down.
Backup
you can download config backups, but they are a binary file, not textual (or the SQLite db, i didn’t check yet)
Security
I searched in vain for ssh cipher lists or https key management.
You can set allowed hosts
SNMP
I’ve seen that the SNMP MIB is incomplete/invalid, it does not present a vendor OID and the interface OIDs are not presented. The sysContact
object by default is set to ‘www.fsl.com’ which, if i’m to guess, was be the company that has written the web UI.
To be clear: There’s no way you can make proper use of SNMP like that. I’m pretty certain that I didn’t just get the view wrong since the vendor OID would be under 1.3.6.1 which is displayed. The product ID is ‘XY1000’. And I’ve seen one or two SNMP devices’ MIB.
If they’re still working on this, it would be easy, otherwise it would be best if those sources where also open-sourced so maybe the community can help itself.
It does not seem as if it is an OSS component right now.
The SNMP setup incl. views seems very nice and straight forward to configure.
Syslog
I think I didn’t see syslog settings
Flow
I think there’s no flow exporting
Web Interface
The web interface is really neat & fun to use. It doesn’t make things too hard.
It does not seem as if the web interface is an OSS component right now.
Hardware
SFP
Compatibility
The docs state that the 1g ports should work with most modules. No further list is given here. but there is a very short list of supported modules for the 10g ports. None of those are from major vendors that you’ll commonly see. I’m gonna test with what I got and list the ones that got a link up.
Monitoring
There’s a DDM menu which can read SFP/SFP+ stats. If I’m so lucky to see data from some SFP, I’ll mark that also.
Switching
LLDP support is also there, RSTP, and - YES - ERPS support for creating resilient ring setups. So, absolutely a great excuse for getting more than one switch.
LACP support seems OK but not fully automagic. There’s support for 4 trunk groups.
RMON
There’s RMON support, and generally it’s possible to set SNMP trap destinations. I didn’t check if the two things are integrated in a way that will work.
VLAN
GVRP Support is there
Private VLAN support seems to be there under the name of “Port Isolate”
QinQ support is there AND it seems also some VLAN remapping.
This is rare, powerful and could be interesting for anyone who has time to play around with it and figure it out.
I didn’t see where to set, or if there IS a notion of a management VLAN. You might have to keep management in VLAN1, which is really undesirable. But I think there’s a good change to change this once the OS is better understood. It’s very open after all.
LAN Access Control
There’s some bit of RADIUS support, but I think it is incomplete.
LDAP auth etc. is not supported.
802.1X support is available.
UDLD
It seems there’s no support for UDLD for detecting half-broken links. You can likely find a solution based on LACP or ERPS, but it would have been helpful.
OAM
I’ve not found any setting related to OAM. Once I know why it’s missing I can hook up the switch to an OAM capable upstream and see if they are happy to talk to each other.
Operations
If you want to use the switch in earnest, this would be the first thing to fully investigate. replace the SSH host keys, investigate the ssh setup, set ciphers, and similar for web interface.
After that likely one would need to learn how to push settings into the SQLite DB and apply them.
You’d also need to see how to programmatically create and restore (and apply) backups.
Or you’d implement your own ZTP solution pulling a config from TFTP. It would be easy enough.
And then the whole thing is ‘automateable’ and a useable switch.
For pure telco usage, I think the additions you’d look for on the hardware side could be:
- second PSU port
- OAM
- UDLD
- ‘dying gasp’ support, sending a last SNMP Trap on power failure
- second CPU core to allow for better service isolation (but maybe cgroups are enough), similarly 512MB instead of 256MB for running some container
Per some video where they opened it up… There’s a lot of space inside the case, one could easily add fans and/or a few more milk-v computers in there
I don’t know if it makes sense to make a video about the web interface until it’s clear how the web interface interacts with the OS & switch chip underneath.