Re: What are folks using for serial consoles these days?

[Ray Soucy via NANOG <nanog () lists nanog org>]

I'll add that this is a great use case for VyOS.  FWIW we've run VyOS in
production (not just management roles) since 2014 on a deployment of nearly
80 units at 10G line rates, and aside from finding new bugs here and there
when attempting to configure things, they've been rock solid through every
upgrade cycle.  It's a mature project, they take security updates and
release management seriously, and it gives a great toolkit for building
infrastructure out quickly... in a lot of different roles (routing, vpn,
firewall, load-balancer, console server, etc).


On Sun, Dec 21, 2025 at 5:42 PM Ryan Hamel via NANOG <nanog () lists nanog org>
wrote:

> VyOS has a built-in conserver (
> https://docs.vyos.io/en/latest/configuration/service/console-server.html).
> All one needs is a box to put it on, and it allows for customization with
> serial ports, power, connectivity, and of course having a firewall for an
> out-of-band network. Considering the number of ways to deploy VPNs and
> setup conserver, this setup can allow for centralized "conserver" endpoints
> for quickly getting into devices.
>
> Job had a presentation (
> https://nlnog.net/static/nlnog_live_summer_2020/NLNOG_Live_Job_Snijders_NTT_IP_OOB.pdf)
> similar to what I described, but with a Cisco ISR router, replacing those
> older 2500 series devices.
>
> Adair Thaxton did a presentation on Internet2's out-of-band setup (
> https://youtu.be/ZuAZCA5lzww).
>
> Dan Baxter did a presentation on cellular out-of-band (
> https://youtu.be/hBX81XrXw18), which could be useful here.
>
> Ryan Hamel
>
> ________________________________
> From: Brandon Martin via NANOG <nanog () lists nanog org>
> Sent: Sunday, December 21, 2025 1:12 PM
> To: nanog () lists nanog org <nanog () lists nanog org>
> Cc: Brandon Martin <lists.nanog () monmotha net>
> Subject: Re: What are folks using for serial consoles these days?
>
> Caution: This is an external email and may be malicious. Please take care
> when clicking links or opening attachments.
>
>
> On 12/19/25 12:54, Chris Adams via NANOG wrote:
> > Cisco 2500 series used a 68EC030, which is a dumbed-down 68030 with no
> > MMU.  The Linux m68k project always required an MMU, so it would not run
> > on that CPU.
>
> FWIW, MMU-less Linux is a thing and is no longer a separate fork.  It's
> supported by the mainline kernel sources.  Just turn off CONFIG_MMU.
> M68k should be supported for this purpose along with most other popular
> architectures were MMUs are not an inherent part of the CPU architecture
> including ARM and PPC.
>
> You also still need enough RAM.  The bare minimum is 4MB, and 8MB is far
> more realistic, and that's just for the kernel itself.
>
> The result, though, is a system with some serious limitations which was
> also true of the old uClinux fork.  In particular, there's no way to run
> most standard ELF executables.  You either need to use uclinux FLAT ABI
> images (which does not support dynamic linking at all) or the much newer
> (and with tenable toolchain support) FDPIC ELF ABI.
>
> Either ABI imposes limitations on what userspace can do.  For example,
> fork(2) doesn't work, though vfork does.  OpenSSH doesn't even compile
> against the relevant headers IIRC, but dropbear does though I had
> trouble getting it to work at last attempt.
>
> Support for various other features often considered sundry to Linux
> varies, too.  For example, on ARMv7-M, causing a segmentation fault from
> userspace will crash the entire system with rather terse kernel panic
> instead of terminating the offending process.  This is not a technical
> limitation but rather a lacking implementation.  Debuggers also don't
> work properly and instead lock the system up (ditto regarding it not
> being a technical limitation AFAIK).
>
> I'm not sure that really solves the desire to meaningfully run Linux of
> this platform for the purpose intended.
> --
> Brandon Martin
> _______________________________________________
> NANOG mailing list
>
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.nanog.org%2Farchives%2Flist%2Fnanog%40lists.nanog.org%2Fmessage%2FOIWTGINAXFVDSQ2WARMMGXVCPXYASJUC%2F&data=05%7C02%7Cryan%40rkhtech.org%7C1a9aa8838f484ed367a508de40d5c2c2%7C81c24bb4f9ec4739ba4d25c42594d996%7C0%7C0%7C639019483999720029%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Ge1v2Dg79zqsJWrc0jlWrD8ghPGKnjjGOuQIcdaYyq0%3D&reserved=0
> <
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/OIWTGINAXFVDSQ2WARMMGXVCPXYASJUC/
> >
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/ZBF22VNO5KSDGYNJWRBDVHEMKMKMAWKP/


-- 
Ray Patrick Soucy
Principal Cybersecurity Engineer
University of Maine System
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/2RQA3NLBBE2JUEOCUYTRIQ5DQNRHX3FN/