Many enterprise grade switches from Cisco to Juniper switches are running on Linux. That also is the case with prosumer hardware such as Ubiquiti, Mikrotik (CRS line), Aruba, etc... Wouldn't this be a good use case for LionsOS? The security of the layer 2 is an important part of the security of the overall network and it should be easier to implement compared to the firewall that is currently being worked on. Thank you for your attention to this matter!
"wocexeg869---" == wocexeg869--- via Devel <devel@sel4.systems> writes:
wocexeg869---> Many enterprise grade switches from Cisco to Juniper wocexeg869---> switches are running on Linux. That also is the case wocexeg869---> with prosumer hardware such as Ubiquiti, Mikrotik (CRS wocexeg869---> line), Aruba, etc... Wouldn't this be a good use case wocexeg869---> for LionsOS? The security of the layer 2 is an wocexeg869---> important part of the security of the overall network wocexeg869---> and it should be easier to implement compared to the wocexeg869---> firewall that is currently being worked on. Thank you wocexeg869---> for your attention to this matter! f you want to give it a go, go ahead --- it is an interesting use case. You should be aware though that without specialised switch hardware, the complexity of a LionsOS system at build time (numbers of components and interconnections) is super-linear in the number of network interfaces. Also switches do _more_ work than simple firewalls do. Keeping track of MAC addresses on each port for layer-2 routing; participating in the Spanning-Tree protocol; VLAN management; SNMP support; LACP --- the list goes on. A simple two-port firewall that does stateful packet inspection is _much_ simpler, both to build and to analyse. --- Dr Peter Chubb https://trustworthy.systems/ Trustworthy Systems Group CSE, UNSW Core hours: Mon 8am-3pm; Wed: 8am-5pm; Fri 8am-12pm.
On 21 Jul 2025, at 13:05, wocexeg869--- via Devel <devel@sel4.systems> wrote:
Many enterprise grade switches from Cisco to Juniper switches are running on Linux. That also is the case with prosumer hardware such as Ubiquiti, Mikrotik (CRS line), Aruba, etc... Wouldn't this be a good use case for LionsOS? The security of the layer 2 is an important part of the security of the overall network and it should be easier to implement compared to the firewall that is currently being worked on. Thank you for your attention to this matter!
indeed, it would be. Turns out there are people seriously thinking about this (nothing concrete yet). Note that, while not a switch, we have a reference design for a firewall which we’re in the process of turning into a community project for adding missing functionality. Gernot Confidential communication - This email and any files transmitted with it are confidential and are intended solely for the addressee. If you are not the intended recipient, please be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email and any file attachments is strictly prohibited. If you have received this email in error, please notify me immediately by return email and destroy this email.
participants (3)
-
Gernot Heiser -
Peter Chubb -
wocexeg869@forexru.com