I wonder if the author considered at any point using Sparx-5 switch asic from Microchip? Those are available in single quantities for not too crazy price ($121 for 128G variant), and they are Linux based.
Of course I understand that having custom switch engine is far more satisfying to do.
This project dates back to circa 2013 when at the time, there was nothing available in that class without NDAs. Once I got set on the path of going custom I didn't want to back off from the challenge even if an easier path became available.
Also, I explicitly do not want to run embedded Linux. I much prefer bare metal on the control plane (I ended up writing a bare metal sshd because I couldn't find one that supported no-malloc, no-OS operation)
And one of the architectural plans of this project is a completely separate control/data plane where the processor can't see fabric packets and has a physically separate management interface.
The code is at https://github.com/azonenberg/staticnet but I've intentionally avoided over-publicizing it since it hasn't had any kind of third party security review. As of now it's functional enough I'm willing to deploy it on a lab network but wouldn't trust it open to an untrusted network.
I work in embedded security and have tried to avoid any of the most gross footguns, deliberately simplifying the implementation as much as possible both to optimize for deeply embedded applications with double-digit kB flash/RAM footprint, and to minimize attack surface. The only supported cipher suite is ssh-ed25519 + aes128-gcm, and I didn't implement either of those (I use the DJB reference implementation or my line-by-line FPGA port of it for the 25519, and the hardware AES + RNG on the STM32).
But I've never done a formal code review myself (not that I'd trust one done by me as the author of the offending code, but it'd be a good starting point to find low-hanging fruit before I waste somebody else's time), fuzzed it, etc.
I have a bunch of additional features I want to add (notably, IPv6 support in the TCP/IP stack is very incomplete and not yet usable) and then am going to try to get at least some friends/coworkers to bang on it more.
For context of how lightweight this is, an -O3 release build of my entire firmware on the management processor right now (including the sshd, hardware drivers, TCP/IP stack, the CLI itself, all of the code to query the supported set of sensors, etc) uses 109 kB of flash and 84 kB of SRAM. The -Og debug build is smaller at 86 kB flash usage.
It compiles in five seconds from a clean build tree on my workstation.
Sure, this isn't as feature-rich as OpenSSH or even Dropbear and is missing a lot of the fancy features you get on Linux, but it's tiny and fast. Good luck getting buildroot or something to give you a 100 kB kernel+userspace image that builds in five seconds.
And it's fast: "time -p ssh testbed show ver" returns in 70 ms on a debug build. That's faster than some x86 Debian + OpenSSH machines I've benchmarked against. And I'm on a 500 MHz single-core Cortex-M7.
I’m getting ready to turn 42yo, but I want to be like you when I grow up.
Seriously, impressive work. I’m a sysadmin who completed a two-year electronics engineering program (mostly for fun, although it’s become increasingly useful in my work). Since then, I have learned enough to design my own simple boards with BOMs that include maybe a few dozen parts. I can also hack on relatively complex projects that more experienced engineers design, but I find the bulk of my enjoyment in the iterative process of designing for myself.
My family doesn’t understand the appeal, and poke fun at my inability to finish a lot of the things I start, especially when it’s some gadget that I could have purchased off-the-shelf for less than I paid for the parts. But I tell them that, as a hobby, electronics is mostly about finding fulfillment within the journey, rather than the destination. Otherwise, it would be a very masochistic endeavor, as even successfully completed projects will have involved several failures along the way. Each time I fail, I learn something new and exciting to expand my horizons.
That unique experience of your own intuition clicking into place as the gaps in your knowledge are bridged, and you discover how fundamental physics work to produce the phenomena we use to create machines—it is something I have always struggled to describe. It’s sort of like when you learn how a magic trick works, but instead of being disappointed in the mundanity of seeing someone palm a playing card, you’re wonderstruck by the magical nature of physics, the elegance of simple laws that manifest complex systems when applied recursively, and the fractal nature of it all.
Pardon the self-indulgent musings, I have nothing productive to add, only that I very much enjoy exploring your work, and I look forward to following this project.
I really, really would love to see someone make Sparx-5 switch. It's weird that I can't even find any commercially available/closed source switches with them (anyone know of any?).
I posted the link for the ServeTheHome article last year back in 2024 although it's really year 2023 article [1].
Layer 3 switch for examples from Cisco or Juniper used to cost more than USD100K only ten years ago but now they can be dirt cheap with advent of the networking switch SoC like SparX-5.
High end SparX-5-200 (VSC7558) supports up to 200 Gbps of switch core bandwidth, with flexible interface options including 1/2.5/5/10/25 GbE, and the unit cost is only USD165 [2].
Imagine having this kind of really affordable powerful enterprise layer 3 switch with Linux Foundation SONiC or DENT OS [4], [5].
Someone just need to crowd source this SparX-5 SoC based layer 3 switch and will be selling like hot cakes.
[1] Managed Chinese E-Sports Cafe and Hotel Switch: 48-Port 2.5GbE 2x 25GbE 2x 10GbE:
Of course I understand that having custom switch engine is far more satisfying to do.