Dell VEP/VMWare Edge/Velo Cloud SD-WAN/VeraCloud VEP1400/VEP1400-X firewall units

[nmpu]

Sounds like you're in a good place. Don't press any little buttons.

Your BIOS version/date matches my 640. However, the 680 variant is back to the 3.48 prefix, but with a later 9-22 suffix.

When I remove the Wi-Fi module, DXE will repeatedly reboot (3 times?) using the primary BIOS and then reboot using the backup (older) BIOS and finally boot the OS under the backup BIOS. This happens on both my 640 and 680. I either have to leave the Wi-Fi module installed or disable the POST via the Diag-OS nvramtool. The side effect of disabling POST is that I don't get stuff like the temperature and fan speeds (static snapshot) in the BIOS.

I've had these units for a while. I know I updated the BIOS on the 640 about a year ago. The 680 was a real prize and I was afraid to mess it up, so I left it alone. Both had all the NICs active and no mention of the missing Wi-Fi module. I started experimenting with passthrough and SR-IOV and discovered that 3 of 4 I350 NICs wouldn't initialize in a VM. This was because their interrupts were undefined by the current BIOS. That and the discussions on this forum prompted me to seek newer BIOS. But, my BIOS started with 3.50 and all the Dell packages referenced 3.48. I assumed they were older. However, the dates seemed really recent, so I gave it a shot. After the BIOS updates, I didn't notice anything different until I saw that the I350 NICs were now missing entirely. That's when I started pressing buttons. At some point DXE started complaining (rebooting) over the missing Wi-Fi module. At the same time, all my NICs were back and the virtualization issues were fixed. One thing that makes my situation different is that I'd already removed the Wi-Fi module before I started updating and pressing buttons. Even after disabling POST, I encountered what must have been an EFI crash. The only way forward was to keep the Wi-Fi module installed until I'd safely made it through the first reboot with POST disabled.

Recommendation: Only update the BIOS with the original hardware present. Actually, I'd also swapped out the SATA drives for 512GB, but that flew under the DXE radar. Access to the SATA drive requires removing the heatsink.

 

[suqianstone]

Legend has it that brothers from China have turned two RJ45 interfaces to 10GB/s

 

[cyyshow]

传说中国兄弟把两个RJ45接口都变成了10GB/s
[/引用]
你说的对！

 

[ccie4526]

Do tell us how? / 请告诉我们如何做？

 

[suqianstone]

Do tell us how? / 请告诉我们如何做？

According to them, there is firmware for hand rubbing, but I don't have it yet.

 

[nmpu]

This 12V 4.6A adapter pairs nicely. However, you'll probably want to replace the plug.

 

[frollic]

I've got a 620 with 3.50.0.9-6 already installed, guess I can't get rid of the watchdog by installing
a newer version of the BIOS.

But at least i2cset -y 1 0x22 0 0 b works.

I did however notice the Velocloud 5x0 watchdog hack also worked on my 620:

modprobe i2c-i801
modprobe i2c-smbus
modprobe iTCO-wdt

add nmi_watchdog=0 as kernel boot param.

 

[nmpu]

I've got a 620 with 3.50.0.9-6 already installed, guess I can't get rid of the watchdog by installing
a newer version of the BIOS.

That BIOS is really old (2020?). Why can't you update to the latest 3.50.0.9-20?

 

[frollic]

Yeah,

I realized it after I had posted, but I also assumed the watchdog wouldn't go away if I went from -6 to -20.

Main problem is I can't get the Dell Diag OS installed, I hit the same error as in https://forums.servethehome.com/ind...be-2x1gbsfp-100-ebay.39176/page-2#post-368037, with
Failure: Unable to install image: /diag-installer-x86_64-dellemc_vep1400_c3538-r0-3.43.3.81-26-2022-03-01.bin
when I try to install to the eMMC or SSD.

I've extracted the content of vep1400x_ufw_2.5, and noticed it said it could run on several other dists, so I'm
in the process of installing one of the dists listed, to try to boot it instead of the Dell Diag OS, and flash the unit.

Also noticed my nmi_watchdog workaround only worked for OpenWRT 22.03, when I switched to 23.05, it didn't,
but it might be due to missing kernel modules.

 

[nmpu]

Main problem is I can't get the Dell Diag OS installed, I hit the same error as in https://forums.servethehome.com/ind...be-2x1gbsfp-100-ebay.39176/page-2#post-368037, with
Failure: Unable to install image: /diag-installer-x86_64-dellemc_vep1400_c3538-r0-3.43.3.81-26-2022-03-01.bin
when I try to install to the eMMC or SSD.

I would boot a 'live' Linux from USB and delete the existing partitions on the eMMC and/or SSD. You could also install Diag-OS to a second USB. I think the problem is the same I have with every modern OS install. They always seek out existing boot partitions to attach to.

 

[frollic]

I would boot a 'live' Linux from USB and delete the existing partitions on the eMMC and/or SSD. You could also install Diag-OS to a second USB. I think the problem is the same I have with every modern OS install. They always seek out existing boot partitions to attach to.

Yeah I tried both, even the USB install fails with the same error.

But, I just managed to get it working, with some serious hands on, the installer is really sh*t.

I'll post a how to, in a bit.

 

[frollic]

This guide is based on the diagos-recovery-x86_64-dellemc_vep1400_c3538-r0.3.43.3.81-27.iso image,
installing onto a 8GB SD card.

For those of you having issues installing the DiagOS, where it fails with

Failure: Unable to install image: /diag-installer-x86_64-dellemc_vep1400_c3538-r0-3.43.3.81-26-2022-03-01.bin
This should be not reachable unless something wrong is there!!!!!

Once the installer fails, activate the console, and execute i2cset -y 1 0x22 0 0 b, to kill the watchdog.

Afterwards restart the installer, when you get the install menu, kill it by pressing Ctrl-C.

ONIE-RECOVERY:/ # i2cset -y 1 0x22 0 0 b
ONIE-RECOVERY:/ # ./diag-installer-x86_64-dellemc_vep1400_c3538-r0-3.43.3.81-27-2022-12-08.bin
Ignoring Verifying image checksum ... OK.
cur_dir / archive_path /diag-installer-x86_64-dellemc_vep1400_c3538-r0-3.43.3.81-27-2022-12-08.bin tmp_dir /tmp/tmp.aaQT41
Preparing image archive ...sed -e '1,/^exit_marker$/d' /diag-installer-x86_64-dellemc_vep1400_c3538-r0-3.43.3.81-27-2022-12-08.bin | tar xf - OK.
Diag-OS Installer: platform: x86_64-dellemc_vep1400_c3538-r0
platform found vep1400
platform vep1400 is supported.
console port ttyS0

****************************
Select Installation Device
****************************
1.SSD
2.USB Disk
3.eMMC
0.Quit
---------------------------
Please select the device type that DIAG OS will be install on : ^C
ONIE-RECOVERY:/ #

Look for the tmp_dir posted at the beginning of the extraction, in my case /tmp/tmp.aaQT41, go to the installer folder, located in that dir, and edit install.sh.

Locate line 446, and add --force to the command line

grub-install --boot-directory="$diagos_mnt" --recheck "$blk_dev"
->
grub-install --force --boot-directory="$diagos_mnt" --recheck "$blk_dev"

Save, exit, and execute the installer (./install.sh), it should now work, but it'll probably tell you the
crashed initial installer left the destination partitions mounted, unmount them, and rerun.

The 2nd part is optional, and probably only required if you didn't install the DiagOS to the eMMC, since
the root= is hardcoded in grub.cfg.

-----------------------------------------

The installer is sloppy, once it's done run the mount command, and you'll notice it left the install partitions mounted -
/dev/sdc2 on /tmp/tmp.b1XL4u type ext4 (the mount point name will be different every time you run the installer).

Installation finished. No error reported.
ONIE-RECOVERY:/tmp/tmp.aaQT41/installer # mount
....
/dev/sdc1 on /boot/efi type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
/dev/sdc2 on /tmp/tmp.b1XL4u type ext4 (rw,relatime,data=ordered)

Go to the grub folder in your tmp.?????? dir, edit grub.cfg, and change the root= param, you could also remove the quiet switch,
to get full console output during boot, but it's optional.

linux   (hd0,gpt2)/boot/ngos.linux quiet reboot=cold,pci  console=ttyS0,115200 root=/dev/sda2 rw
->
linux   (hd0,gpt2)/boot/ngos.linux reboot=cold,pci  console=ttyS0,115200 root=LABEL=EDA-DIAG rw

Reboot, and DiagOS should now start.

As posted earlier by nmpu, the logon is root/calvin.

 

[frollic]

That worked, now I need to figure out how to get the admin rights back in BIOS.
Service tag didn't work, nor did restoring the settings from within BIOS...

dellemc-diag-os login: root
Password:
Last login: Wed Apr 10 13:21:43 UTC 2024 on ttyS0
Linux dellemc-diag-os 4.9.30 #1 SMP PREEMPT Fri Nov 11 01:15:48 PST 2022 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Diag OS version VEP1400_DIAG_OS_3.43.3.81-27
Build date/time Thu Dec  8 00:49:16 PST 2022
Build server    diagslogin-eqx-01
Build by        v.liu
Kernel Info:
Linux 4.9.30 #1 SMP PREEMPT Fri Nov 11 01:15:48 PST 2022 x86_64 GNU/Linux
Debian GNU/Linux 8 \n \l

root@dellemc-diag-os:~# i2cset -y 1 0x22 0 0 b
Error: Write failed
root@dellemc-diag-os:~# ls
temp  vep1400x_ufw_2.5  vep1400x_ufw_2.5-md5
root@dellemc-diag-os:~# ./vep1400x_ufw_2.5
Creating directory temp
Verifying archive integrity...  100%   MD5 checksums are OK. All good.
Uncompressing release  100%
firmware_updater/
firmware_updater/common_tools/
....
firmware_updater/firmwares/
firmware_updater/firmwares/N1406_App_V40Q_230414.bin
firmware_updater/firmwares/vep1400x_cpld_versa_transfr_v18_2023_0424.vme
firmware_updater/firmwares/vep1400x_cpld_gris_transfr_v2a_2023_0410.vme
firmware_updater/firmwares/SBR10015_646_1TB_m2_2280_D_DEL_ISP.bin
firmware_updater/firmwares/N1406_App_V20P_220223.bin
firmware_updater/firmwares/VEP1400-X-BIOS-3.48.0.9-22.bin
firmware_updater/firmwares/VEP1400-X-BIOS-3.50.0.9-20.bin
firmware_updater/lib_setup.sh
firmware_updater/install.sh
firmware_updater/lib_unsetup.sh
firmware_updater/firmware.files
~/temp ~/temp

    ===== Update ALL Images =====

    [Update BIOS Image]
     Updating primary BIOS only...
     BIOS image is /tmp/fw/VEP1400-X-BIOS-3.50.0.9-20.bin
     Updating BIOS and NVRAM
     Updating image...done

     ===== Update BIOS Successfully =====
     Will continue to update rest of components
     Please power cycle cpu to boot new BIOS after the update is complete

    [Update CPLD Image]
     CPLD image is /tmp/fw/vep1400x_cpld_gris_transfr_v2a_2023_0410.vme
     Updating image...done

     ===== Update CPLD Successfully =====
     Will continue to update rest of components
     Please power cycle cpu to boot new CPLD after the update is complete

    [Update PIC Image]
     PIC image is /tmp/fw/N1406_App_V20P_220223.bin
     After update is completed, PIC will automatically re-enter AppCode and cause a reboot.
     Updating image...| 11, 32, 15, 00068001, 19, 00068000,


BIOS Boot Selector for VEP1400-X
Version 3.50.0.9-20
Board_Init()
        Boot_ok GPIO: 0x45000200, Timer Disable 0x45000200


POST Configuration
  CPU Signature 506F1
  CPU FamilyID=6, Model=5F, SteppingId=1, Processor=0
  Microcode Revision 38
  Platform ID: 0x0
  PMG_CST_CFG_CTL: 0x37
  Misc EN: 0x840089
  Gen PM ConA: 0xA0800200
  Gen PM ConB: 0x20000
  Therm Status: 0x8000000
  Perf Ctrl & status: 0x897, 0x202800000800
  Perf cnt (curr,fixed): 0xD52F78E0,0x24A428D02
  MC0 Ctl, stat, addr: 0x0, 0x0, 0x0
  MC1 Ctl, stat, addr: 0x0, 0x20000000000000, 0x0
  MC2 Ctl, stat, addr: 0x0, 0x0, 0x0
  MC3 Ctl, stat, addr: 0x0, 0x0, 0x0
  MC4 Ctl, stat, addr: 0x0, 0x0, 0x0
  MC5 Ctl, stat, addr: 0x0, 0x0, 0x0
  MC6 Ctl, stat, addr: 0x0, 0x0, 0x0
  MC7 Ctl, stat, addr: 0x0, 0x0, 0x0
  MC8 Ctl, stat, addr: 0x0, 0x0, 0x0
  POST Control=0xEA000303, Status=0xE600DF00
  Enabling MRC verbosity

 

[nmpu]

That worked, now I need to figure out how to get the admin rights back in BIOS.
Service tag didn't work, nor did restoring the settings from within BIOS...

The default password is service tag followed by !

Is that what you tried?

 

[frollic]

The default password is service tag followed by !

Is that what you tried?

Ah, didn't realize ! was part of the password, thanks.

 

[Kacper]

According to them, there is firmware for hand rubbing, but I don't have it yet.

If someone could take a picture or tell us the p/n of the PHY we could probably tell if it's doable by just changing firmware. According to this Intel datasheet (https://www.intel.com/content/dam/w...-c3000-family-programmer-reference-manual.pdf) the Intel Denverton C3000 SoC supports 2.5GbE and I wonder if the hardware support is there or if Dell cheapend out on the PHY and it doesn't support 2.5GbE.

 

[talkingdog]

I have a 610 is there any way to update the Bios or get the ethernet ports to work outside of the DiagOS?

somehow I was able to disable the watchdog.

 

[oneplane]

Ethernet ports are configured via the CPLD, PHY, Switchchip. By default they have some VLAN grouping working like a switch all connected to the KR backplane. The configuration happens over sideband (MDIO). Instructions are posted in the thread, you can use the tool from DiagOS in your Linux of choice, or you can use the marvel MDIO config that is included in FreeBSD, it has native switch control.

 

[Mithril]

Might have missed it, has anyone tested actual speed with pfsense/opnsense for NAT + firewall and the SFP+ ports on a 620 or better? I would assume best case is the firewall OS running "bare metal"?

 

[suqianstone]

My testing software is called Panabit. The best results tested under this software are shown in the following figure:
The magic of PPS reaching 10 million is that it has its own network card and CPU scheduling method. However, this also resulted in the C3558 CPU having only 3 cores involved in operation, retaining one core for the Panabit OS .