Juniper SSG320M / J2320

jgriff · October 13, 2024, 3:05pm

Hi,

I've got a pair of old SSG320M devices here (also sold by Juniper as the J2320) which are ancient but it seems a shame to throw them away. They have hardware crypto offload, modular slots in the front, user replaceable RAM and storage, up to 28 GBE ports some of which can operate as a switch and some as individual interface ports.

The hardware itself is a fairly bog standard 32-bit Intel PC really, the CPU is in a socket 478, it has 4 DDR DIMM slots, a 'standard' Intel Northbridge/Southbridge, but after that things get interesting. Oh and an external 'secondary' CF slot. They were all 2.0GHz Celerons with either 256MB or 1GB of RAM, but the device has 4 DIMM slots so I see no reason you couldn't put 4GB of DDR400 in it, and a better P4 CPU.

The chipset appears to have a GPU and an e1000 NIC in it, but obviously neither of these do anything. The e1000 NIC has a blank eeprom, no MAC adddress, etc.

The hardware crypto is a Cavium Nitrox Lite, which I don't think there was ever real Linux support for. There was a proprietary openssl offload module for this chip but the Linux kernel support for Cavium devices is for newer 64-bit chips.

The motherboard then connects through a proprietary edge connector to the 4-module slot backplane. The backplane has one (what I assume is) PCI-X slot which is connected to a sub-board. This sub-board has the forward facing ports on it (USB, serial console, 4x GigE) and internally has an unpopulated IDE header and the internal 'primary' CF slot for the OS - these devices could run either the legacy Netscreen OS or an early (v8 if I remember right) version of JunOS. This crossover period and need to support users of both OS after Juniper bought Netscreen is why this is an x86 device which is very un-Juniper, these days all their devices are mips running BSD. The USB, serial console, and CF storage all appear as expected within OpenWRT.

This same sub-board has a Marvell 98DX106 switch controller chip on it, which looks like it should be supported by the 'prestera' kernel module, but I can't get that to work. I suspect this device is addressed via memory/DMA rather than directly over the PCI bus, as it does not appear in lspci output. There is another chip on that board with a large heatsink on which I am yet to remove to find out what it is. This means that at the time of writing the device has no functional network interfaces.

OpenWRT 'generic' boots and runs on the device out of the box. It has an AMIBIOS (hilariously the BIOS screen says 'TRIAL VERSION NOT FOR RESALE'). The BIOS handles serial console redirection, although it is by default 9600 baud. It also has a hardware watchdog enabled by default which will reboot the device and reset the primary boot device back to the CF after 37 seconds unless disabled. When I got these, they were still running ScreenOS and the BIOS options for boot devices were all disabled. However factory-resetting ScreenOS, logging in and setting the boot config to junos from within ScreenOS unlocked the boot options in the BIOS and the device can be set to boot from network, USB, or either CF slot.

Having written all this out, I do get the feeling I am probably wasting my time on this ancient gear, but it does seem a shame to throw it in a skip when it is still plenty-capable.

Does anyone have any suggestions on how I might get the Marvell switch chip to work? I've built an image of v23.05.0-generic with the prestera module enabled (and prestera-pci) but they don't appear to do anything. The Marvell device as mentioned does not appear on the PCI bus - I wonder if it needs something sent to it to 'wake it up' or similar.

slh · October 13, 2024, 3:09pm

For devices like these, it is quite common to see special MDIO hooks embedded in the driver for a 'normal' network card (e1000 is quite often chosen for this), getting this to work will be very painful.

evs · October 13, 2024, 11:50pm

I haven't been able to find much info on this or the 98dx107. It's a 1gbe switch with 10x SGMII?

Is it a TQFP package? Google was saying TQFP or QFN? Only other thing I can think of is logic analyser on stock firmware. Try to find the SMI/MDIO ports etc.

Datasheet for 88E6096/88E6097/88E6097F suggests the 98dx106 can be used as an upstream switch ? So config options could be eeprom/SMI or remote management frames? So I wonder what the How does one get the "up to 28gbe" ports? Is that cascading switches?

jgriff · October 14, 2024, 10:21am

The device is modular and one of the available modules is an 8 port GigE switch module. 3 modules slots = 3x8 = 24 plus the 4 onboard = 28.

In the configuration I am testing on there are no modules present, so 4 GigE ports off the 98DX106

evs · October 14, 2024, 11:27pm

OK so qfp. Looks like you have some nice vias to probe off of too. Sadly looks like the signals go inside/ other side of the board.

I'd put it in the "too hard basket" =P

jgriff · October 15, 2024, 3:07pm

Yeah am inclined to put it in the same basket. Last thing I am going to do is heat up and remove that heatsink you can see in the image to see what's under it. There are 2 more Marvell chips on this same area of the board but they are just clocks.

Wallbanger · October 18, 2024, 7:47pm

I have some SSG140. Seems they must go to the bin...what a pity...

evs · October 18, 2024, 8:25pm

Is that the same platform?

jgriff · October 18, 2024, 8:37pm

I'd be very surprised if it is, as far as I am aware the devices that can run ScreenOS and JunOS are quite a specific platform. The 140 is a generation earlier and I think is a pure ScreenOS device

evs · October 18, 2024, 8:52pm

Yeah I had a quick look at datasheet.

What's your experience there? Do you have pictures/FCC?

@Wallbanger
What's the processor. Can you get bootloader to run arbitrary code? Can we get datasheets for the components? Are there drivers available?

Different platform, potentially different result? I find it fun to figure out whether devices are "probably" just "developer effort". Or the other option being a disaster in reverse engineering =P.

For example I have like two cavium devices that I can boot to ram, but one I don't have a driver for the FPGA based watchdog that the bootloader sets so It's useless until I ever get JTAG on it. Other should be "relatively straightforward" but I can't be bothered figuring out how to get some of the stuff I need from the bootloader to get PCI initialised so it's just on the shelf =P Both reasons why they're not getting openwrt.