[9fans] coraid ethernet console

[9fans] coraid ethernet console

[erik quanstrom]

coraid ethernet console (cec) is a way to do most of what you
can do over a serial console over raw ethernet frames.

coraid appliances use cec instead of a serial console so we can
have console access without tcp, ip or a serial connection.
i've put our plan 9 client in /n/sources/contrib/quanstro/cec.tar.
there's a protocol description and a man page in that tar.

i've also submitted a port of the cec device to the cpu kernel.
/n/sources/patch/cpu-cec.  unfortunately as i'm writing this, 
(i realize that i forgot to write a manual page.  i'll fix that in the
next few days.)

i've used this driver to debug a couple of device drivers.
we don't always have enough ports on the console server to go
around.  generally, cec will give you all the output that would be 
available on the serial console once plan 9 has started.  it
definately beats sitting in the unix room.

limitations (or future work)

1.  consolefs doesn't yet speak cec.  (good soc project.)
2.  the cec client doesn't know how to listen for the Toffer
sent by the kernel driver when it starts listening.
3.  thus, 9load doesn't speak cec.
4.  i didn't submit my boot time modifications that make
cec available on boot.

due to a limitation in netif, only one cec client may
run per interface.

enjoy
- erik

Re: [9fans] coraid ethernet console

[Russ Cox]

> 1.  consolefs doesn't yet speak cec.  (good soc project.)

as long as you have a cec client that presents a file,
consolefs should be able to read it.  consolefs doesn't
speak serial either.

what is the relation between cec and this ethernet console?
http://www.usenix.org/events/usenix03/tech/freenix03/kistler.html
it would be nice if they could use the same protocols, though
i don't know how complicated the freenix one is.  ericvh?

is the protocol documented somewhere other than the code?

security?

thanks.
russ

Re: [9fans] coraid ethernet console

[erik quanstrom]

hanks for the thoughtful response, russ.

On Mon Mar 19 09:40:26 EDT 2007, rsc@swtch.com wrote:
> > 1.  consolefs doesn't yet speak cec.  (good soc project.)
> 
> as long as you have a cec client that presents a file,
> consolefs should be able to read it.  consolefs doesn't
> speak serial either.

cec(1) doesn't currently present a file.  it is modeled on con.
there should be something like /net/cec, but i haven't done
that work yet.

> 
> what is the relation between cec and this ethernet console?
> http://www.usenix.org/events/usenix03/tech/freenix03/kistler.html 

i would suspect that there is little relationship.  cec doesn't do
tcp, ip nor framebuffers.  can someone point me to a protocol
document?

> it would be nice if they could use the same protocols, though
> i don't know how complicated the freenix one is.  ericvh?
> 
> is the protocol documented somewhere other than the code?

the protocol documentation is in cec/Protocol.

> 
> security?
> 

the main security mechanism is that cec is an unrouted ethernet
protocol.  cec packets are not encapsulated in ip or (tcp/udp).
thus one would have to be on the local segment to access a
machine's cec console.  

there is a password mechanism, but there is no encryption.
this is ment to be a reminder and not real security.  the password is
sent in the clear.

since servers generally have more interfaces than they need these
days, one could set up a seperate network for cec and other management
functions, if one were interested in the utmost in security.

-erik

Re: [9fans] coraid ethernet console

[Eric Van Hensbergen]

On 3/19/07, Russ Cox <rsc@swtch.com> wrote:
> > 1.  consolefs doesn't yet speak cec.  (good soc project.)
>
> as long as you have a cec client that presents a file,
> consolefs should be able to read it.  consolefs doesn't
> speak serial either.
>
> what is the relation between cec and this ethernet console?
> http://www.usenix.org/events/usenix03/tech/freenix03/kistler.html
> it would be nice if they could use the same protocols, though
> i don't know how complicated the freenix one is.  ericvh?
>

The freenix one was pretty dead stupid/simple.   It just set the
protocol to 0x0666.  To my knowledge, no one outside of us has every
really used the freenix console, although I did get a few requests for
the code over the years.

> is the protocol documented somewhere other than the code?
>

Nope.

> security?
>

Nope - I believe the paper makes the argument that you could use VLANs
to enforce security, but our primary use for the ethernet-based
console was purely pragmatic -- the hardware we had didn't have
serial, video, or any other means of getting output.

       -eric