Posted inUS_1

Unlock Linux on Brocade ICX Switches: Advanced Access for Network Control

No Comments

Brocade’s ICX series switches, particularly models like the ICX6450 and ICX7xxx, are known for their robust performance in enterprise networking environments. While they present a familiar FastIron operating system to the user, under the hood, these powerful devices run on a Linux foundation. This article delves into the fascinating capability of accessing the underlying Linux system on these switches, offering a deeper level of control and customization for advanced users who want to truly Serve The Home network or lab environment with tailored configurations and debugging capabilities.

Initially, the larger ICX6610 utilized a PowerPC processor with a proprietary bootloader. However, Brocade transitioned to ARM platforms for models like the ICX6450, adopting the widely-used u-boot bootloader. This shift brought Linux into the picture, with FastIron operating as a monolithic application on top of it. While this underlying architecture remains transparent to the average user, the open-source nature of u-boot and Linux (protected under GPL) mandates that Arris (now the parent company of Ruckus, which owns the ICX line) provide the source code for these components. Arris has shown commitment to open source compliance by diligently providing product source code on their SourceForge site, and sources related to FastIron are reportedly being added.

By examining a RAM dump of a running ICX6450, insightful INIT scripts reveal hidden functionalities within the Linux system. Specifically, the system checks for boot arguments like “noautostart” and “enabletelnet.” These strings, when passed by the bootloader, unlock two distinct methods for accessing the Linux environment, allowing users to bypass the standard FastIron interface and interact directly with the system’s core. These methods are invaluable for in-depth troubleshooting, custom configurations, and gaining a comprehensive understanding of the switch’s operational mechanics, ultimately enabling users to better serve the home network with expert-level control.

Method 1: Disabling FastIron AutoStart for Direct Linux Access

This method provides a straightforward way to halt the automatic startup of the FastIron application, dropping you directly into the Linux command line interface. This is particularly useful for users who need raw access to the system for debugging or low-level configuration without the FastIron layer. It’s important to note that in this mode, standard networking software is not loaded, and access is limited to the serial console.

To utilize this method, you will need a serial cable to connect to your ICX switch. Follow these steps:

  1. Access the Bootloader: Reboot your ICX switch and interrupt the boot process by pressing ‘b’ when prompted to enter the bootloader.

  2. Set Boot Argument: In the bootloader prompt, execute the following command:

    setenv extra_bootargs noautostart
boot

    This command instructs the bootloader to pass the “noautostart” argument to the kernel during boot. The boot command then initiates the boot process.

    Important Note: This setting is temporary and is not saved to persistent memory. Upon subsequent reboots or power cycles without this argument, the switch will boot normally into FastIron.

  3. Linux Shell Access: The switch will proceed with the boot process but will bypass FastIron startup, landing you directly at the Linux shell prompt:

    BusyBox v1.18.3 (2013-11-22 14:33:50 IST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

/ #

  4. Exploring the Linux Environment: At this prompt, you have access to a BusyBox shell environment. Typing help will show a limited set of commands. However, pressing the Tab key twice will reveal a comprehensive list of available utilities, including familiar tools like wget, curl, vi, and ftpput. You can explore the file system using commands like ls:

    / # ls
FastIron.xz  bin      dev      ftp      home     lib      mnt      proc     sbin     sys      tmp      usr      var
fast_iron  etc      fast_iron init     root     tftpboot
/ #

    The fast_iron directory contains startup configurations saved from the FastIron CLI and various log files.

  5. Rebooting to FastIron: To return to the normal FastIron operating system, simply issue the reboot command at the Linux prompt.

This image illustrates the Linux command-line interface accessed via the serial console on a Brocade ICX switch after disabling FastIron autostart. It highlights the BusyBox shell prompt and the file system structure, showcasing the raw Linux environment available for advanced users to explore and configure.

Method 2: Enabling a Hidden Telnet Server for Live Debugging

This method offers a less intrusive way to access the underlying Linux system while keeping the FastIron operating system running. By enabling a hidden telnet server, you gain concurrent access to both the FastIron CLI and the Linux shell, which is particularly beneficial for live debugging and monitoring the system’s behavior without disrupting normal switch operation. This approach allows you to serve the home network reliably with FastIron while simultaneously exploring the Linux foundation.

Here’s how to enable the hidden telnet server:

  1. Access the Bootloader: As with Method 1, reboot your ICX switch and press ‘b’ to enter the bootloader.

  2. Set Boot Arguments and IP Address: In the bootloader prompt, execute the following commands:

    setenv extra_bootargs enabletelnet
setenv ipaddr 192.168.1.57
boot

    The setenv extra_bootargs enabletelnet command instructs the system to start the hidden telnet server. The setenv ipaddr 192.168.1.57 command sets the IP address for the Linux OS, which will host the telnet server. Choose an IP address that is not in use on your network, and importantly, different from any management IP assigned to the FastIron switch. The boot command then starts the boot process.

    Important Note: Similar to Method 1, these settings are temporary and not saved persistently.

  3. Telnet Access to Linux: The switch will boot into FastIron as usual, and the hidden telnet server will be active on the management port at the IP address you specified (e.g., 192.168.1.57). You can now telnet to this IP address using a telnet client:

    telnet 192.168.1.57

    Upon successful connection, you will be presented with the Linux command-line interface:

    Welcome to FastIron Board's Telnet session

     _ _
    | ||_| |
  _ | || | _   ____ _ _ _ _
 | || | | | | / /  | || | | |
 | || | | | |_| / /|_||_|_| |_|____|_/_/

On Brocade's FastIron board
BusyBox v1.18.3 (2013-11-22 14:33:50 IST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

/ # ls
FastIron.xz  bin      dev      ftp      home     lib      mnt      proc     sbin     sys      tmp      usr      var
fast_iron  etc      fast_iron init     root     tftpboot
/ #

    You now have full Linux CLI access while FastIron continues to operate, allowing for powerful debugging and system analysis.

Conclusion

Accessing the underlying Linux system on Brocade ICX switches opens up a realm of possibilities for advanced users. Whether you choose to disable FastIron for direct Linux interaction or enable the hidden telnet server for concurrent access, these methods provide invaluable tools for deeper system understanding, customization, and troubleshooting. For those looking to truly serve the home network or a sophisticated lab environment, these techniques unlock a level of control and insight far beyond the standard switch interface, allowing for tailored configurations and a more profound understanding of these powerful networking devices. By leveraging these hidden capabilities, users can maximize the potential of their Brocade ICX switches for demanding and specialized networking needs.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *