Electronics Lab private network

 

Plan Overview:
 

In Room 1-232 (the "Electronics Lab"), our goal is to remove experimental test equipment and unsupported (or poorly supported) computer systems from the "public" network.   These are likely sources of Cyber Security concerns and may benefit from a less volatile network environment than the campus network.  To do this, we will create a private network in the Electronics Lab, with one maintained Linux node that will be dual-homed on the public network to act as a gateway to access the private network as needed.   With the introduction of one (or more) Linux box(es), eventually we hope to retire the old Sun workstation completely.

The address space we will use is 192.168.140.0/255.255.255.0 (256 IP addresses).  This is "registered" with ITD network operations as a STAR private network, so that if anything "escapes" from the private space into the campus network, they will know who to call.

Given the short list of anticipated devices (below), no name server is planned, nor other common network services such as DHCP (subject to change as needed). 

Devices Using This Network:

  1. The Linux gateway system -- presley.star.bnl.gov (Scientific Linux 4.5) using 192.168.140.1
  2. One Sun Ultra E450 -- "svtbmonitor" (Solaris 8) using 192.168.140.2 
  3. One serial console server using 192.168.140.3 
  4. Several (~4-5) rack-mounted MVME or similar devices at any time.  An initial set have been assigned 192.168.140.11-15.  A set of working sample boot parameters are included in a file attached to this page (see the links in the Attachments section below).
  5. Update August 4, 2009:  Six more processors are being added to the network.  The name trgfe6 through trgfe11 have been assigned 192.168.140.16-21 (ie. added to /etc/hosts on presley and svtbmonitor).
  6. Several Windows PC's, including laptops that may come and go (which will require manual configuration -- a small inconvenience that can perhaps be overcome with networking "profile" software that stores multiple configurations on the node -- to be investigated, such as http://www.eusing.com/ipswitch/free_ip_switcher.htm

Status:

A Linux box named presley.star.bnl.gov is configured on the public network, with a second NIC using 192.168.140.1 to act as a manual gateway node as needed.  It is in the south-west corner of the lab.  An account named daqlab has been created (contact Wayne or Danny for the password if appropriate)

 

For the effort to replace svtbmonitor,  the home directory of svtbmonitor's testlab account have been copied over to presley in /home/svtbmonitor/testlab. 

Danny and Phil identified a handful of files from svtbmonitor as important so far:

  • emc.tcl
  • smd_qa.tcl
  • tower_qaodt.tcl
  • grab (compiled C code to open a window and connect to a specified node on the serial console server)
  • grab.bag (used by grab to "resolve" common names into ports on the console server)

The original versions of these files are all in their original (relative) paths, and modified versions for presley and the current networking setup were created and put in /home/daqlab/.  The Tcl scripts were modified to account for the slightly different environment on presley and were demonstrated to work (at least the basics - still needs testing to confirm full functionality).  The "grab" executable had to be recompiled from source (simple enough - the required source code consists of "grab.c" and only required a single minor change for the new environment on presley).  So far so good there.

 

Two small "desktop" 10/100 Mbps switches have been connected to each other to serve as the "backbone":

  • one is on a shelf on the west wall
  • the other is on a shelf on the north wall

 

This is easy to expand with one or two 16-port switches if needed (well, it actually is needed as I write this...).  (In fact, these switches have been rather fluid in the first months, coming and going and being swapped for others, all at a slight inconvenience to those of us trying to work with them...)

[Feb. 19, 2009 update -- the physical layout of switches and cables has been switched around many times since this description and I don't know the current state.]

The old networking (not to mention the serial lines) is a mess of cables, old hubs and switches that I plan to ignore as long as possible, though most should be removed if it isn't nailed down.  [Feb. 19, 2009 - some clean up appears to have been done by the folks working in the lab.]

 

To Be Done, moving from svtbmonitor to presley (last updated, Feb 19, 2009):

Towards this end we've identified the following remaining tasks:

Configure backups of the home directories on presley as another safety net for the critical content from svtbmonitor that has been transferred over.

Jack Engelage and Hank Crawford have transferred a bunch of files from svtbmonitor to presley [are they done?].  A "trigger" group was created containing Jack, Chris and Hank.  They have /home/trigger to share amongst themselves.

The biggies: 

VxWorks compilers for Linux and booting the VME processors from presley.  [Feb 19, 2009 update:  Yury Gorbunov (and Jack Engelage?) have made successful boots of trgfe3 from presley via FTP, so it looks like svtbmonitor has a chance of being retired at some point.  Sample boot parameters are attached]