Slashdot Mirror
Ask Slashdot: Best Way To Solve a Unique Networking Issue?
New submitter petro-tech writes: I work as a service technician, maintaining and repairing gas pumps and POS equipment. In my day to day activities, one that consumes a ton of time and is relatively regular is the process of upgrading the software on pumps. This is done by connecting to the pump via direct ethernet from my laptop, then running a manufacturer-provided program that connects to the device and pushes the new software. Some sites have 8+ pumps with 2 devices in each, and at 20-30 minutes apiece this can be quite time consuming. Unfortunately the devices are not actually on a network, and as such cannot be updated remotely, also since they are not on a network, they are all configured with the same IP address. Additionally the software doesn't allow you to specify the adapter to use. I would like to be able to get to a site, connect a cable to each pump, and load them all at the same time. The only way I can figure to accomplish this with the software we've been provided is to do this: Get a 16-port powered USB hub, with a usb-ethernet adaptor in each port; Set up 16 VM's with extremely stripped down XP running on each, with only one USB-ethernet adaptor assigned to each VM; Set XP to boot the application for loading software as its shell; and load each device that way at the same time. Is there a better way to accomplish this?
Have a question for Slashdot's readers? Take a look at other recent questions first to see if someone else has had a similar question. And if not, ask away! The more details and context you include, the more likely your question will be selected.
>> Unfortunately the devices are not actually on a network
So...it's not a networking issue?
Unfortunately the devices are not actually on a network, and as such cannot be updated remotely, also since they are not on a network,
It makes me feel good to know that something in this world is still air-gapped.
"First they came for the slanderers and i said nothing."
... is no.
The thing you propose sounds fine. But do they really want to upgrade all of the pumps at once? Sounds like a great way to brick an entire facility.
The only "improvement" I could think of would be to set up some kind of cheap router that can do MAC address filtering, that way you can set up the router to allow only one of each pump to show up as that one silly IP address at a time on a switched network. But then you'll still be able to only do one at a time.
The "right" way to do this is just throw money at the problem and attach a real computer to each pump, with a separate interface to talk to the static IP. Maybe something as small as http://www.fit-pc.com/web/prod... or just some generic mini-ITX board in a telecom chassis or whatever.
1) Get a managed switch
2) Configure all ports but one to be on their own VLANs
3) Configure one port to be a trunk port
4) Configure your laptop or other computing device to support trunking
5) Configure your virtual machine so the entire process is scripted. It should boot, execute the upgrade procedure, and then provide logging for the process to you.
6) Start VMs, with each configured on one of the VLANs.
Done.
Get 16 laptops.
The only way I can figure to accomplish this with the software we've been provided is to do this: Get a 16-port powered USB hub, with a usb-ethernet adaptor in each port; Set up 16 VM's with extremely stripped down XP running on each, with only one USB-ethernet adaptor assigned to each VM; Set XP to boot the application for loading software as its shell; and load each device that way at the same time.
That might be the best way, because you are limited by the software they gave you. Might consider trying Linux and Wine to save space. If that works, then you can load 16 raspberry pies into a briefcase and run it from there (I've seen similar operations for wireless monitoring).
If you actually do build that setup, please take pics because it sounds kind of cool.
"First they came for the slanderers and i said nothing."
Go on FleaBay and get a few older laptops for dirt cheap ; set one up with your software and copy it to all the others.
You can now do thay many pumps at once, and if one has a problem it wont screw up the whole lot.
Create 8 battery operated arduino's whose sole purpose is to translate and then broadcast the single IP Ethernet to unique IP on a wireless network, run a local ap, then I'm sure there are apps/scripts that will allow you to sandbox the OEM app allowing the reversing of the IP translation back to the original and running multiple concurrent independent instances(no VM required), i did this with outlook prior to it allowing multiple exchange accounts, although didnt tackle the ip routing. Then sit back and get fat while you compete you full days job in an hour.
In the problem specification, it says that the devices have the same IP. Maybe the installation program relies on this. Since it's an embedded system, changing it may not be possible. OP has to deal with the situation as it is, and "change the situation" is not a simple option.
If you fix this problem they will more then likely fire you. Nobody likes a smart-ass. They know what your time is worth, likely not much. Just do it the slow way.
Seriously, you are an upgrade monkey.Just monkey on and look for a better job where you can use your skills and you will be _paid for them_.
Alternatively: If your employer is contracting to do the upgrades, figure out how to do it in 25% of the time and take the business from them. They don't own their clients, but likely think they do.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
I think you could configure each port on the switch with a different default VLAN and plug those into the terminals (e.g. Port 1 gets VLAN 1, Port 2 gets VLAN 2, etc). That will by default separate each port into a separate network. Then use VLAN tagging on your XP VMs that you were going to spin up, so they each are effectively connected to a separate port on the switch (e.g. VM 1 is tagged for VLAN 1, VM 2 is tagged for VLAN 2, etc).
This is just the high-level details of what you'll need to do. Most lower-end consumer grade switches don't have VLAN support, so you may need to spring for a better switch, and make sure your VM software supports VLAN tagging.
Things you think are in the Constitution, but are not.
OP said "day to day" activities. He's updating one pump at a time. What are the other pumps doing? Dispensing gasoline. To update all 16 pumps at once would render all 16 pumps out of service for half an hour. That is simply unacceptable for the station. They would not want to just shut everything down and eliminate a half-hour's worth of revenue from 15 pumps just so OP is not inconvenienced.
This is a typical IT viewpoint. We have a technical problem to solve, and to hell with the users. They're just in the way of our supreme elegance anyway.
How about a moderation of -1 pedantic.
Yup. A bunch of cheap single boards with ethernet would work. Like raspberry pi.
Strip down the OS and script it to push the update from a given directory on boot up. Then you can just clone the SD card for 4/8/16 devices and update them with the new firmware as needed.
Pi, case, battery with power switch, small SD card. $50-$75 a piece depending on how fancy your want to get with the case and battery.
I don't suffer from insanity, I enjoy every minute of it!
Except, you know, saying that they are all using the same IP.
Yes, that doesn't 100% lock in the use of TCP, but in 2015? You can pretty well assume that we're dealing with TCP/IP, and the asker can offer additional information if this isn't the case.
Lots of devices still use TFTP for firmware updates, so the pumps could be using UDP/IP rather than TCP/IP.
Not only that, the gas station may not want more than 1 pump down at a time.
I do fully subscribe to this point of view. If you solve the problem for cheap, test it a couple of times just to be on the safe side, and then SELL THE SOLUTION to your employee.
Is there anything that uses Ethernet without using */IP?
I'm not even going to start answering that, but I am curious about one thing.
Which major corporation are you the CIO for? Please be honest, as I stand to win $20 here.
A competent, helpful answer in the third post.
ATA over Ethernet for one. If it's running over a private network also used for management the second question is also yes.
Dear Lord...
You have an airgapped network that prevents remote access, reducing the question of security to one of physical security... which is typically handled with big locks, cameras, 24 hour staffing at the gas station, and maybe men with guns if it comes down to it.
Why would you network these together and create an avenue for simultaneous, surruptitious hacking and attacking of your industrial equipment?
Be thankful you have a job, and don't let the SysAdmin's (natural, and usually good) desire for laziness and efficiency to lead to a future security issue justified by convenience.
Hire a Linux system administrator, systems engineer,
Get a switch which supports VLANs, 1 vlan on each port and the trunk on your laptop. Then run the mfg's software inside virtual machines, each of which has one of the vlans connected to its virtual ethernet, using the mfg's IP address. Now you can run all the updates in parallel.
The better solution is for the mfg to give you software and a configuration that does not suck. But if you're stuck with it, the above will work just fine.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Sometimes, for diagnostic purposes I also need to add a second read head to the credit card scanner. It would really be helpful if I could add this to the network, along with the keypad's diagnostic port. Any ideas?
In all seriousness though, there are some real fire protection issues with taking cables from the pump zone elsewhere. Everything in and out needs to be properly sealed to prevent explosive vapors from entering into a non spark-resistant system.
I can't believe nobody has posted the most obvious solution yet. Upgrade to IPv6.
Ideology: A tool used primarily to avoid the bother of thinking.
Yes. I worked with a 3com phone system that ran on bare Ethernet.
Instead of by the device. Problem solved!
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
I am having trouble with my billiards table, could you please tell me the best way to keep my football bat sharp so that my chlorine levels stay consistent?
Besides, if you can do it in 1/16th of the time, you might find your maintenance budget get slashed to 1/16th of previous year/quarter. From what you described, it seems you/they allocate about a day to upgrade each station (16 units at 0.5 hour each.) Beats driving around in traffic to 16 different stations a day, too.
Don't be silly. The maintenance will still take just as long. He'll just have much more time to focus on his real priority - Clash of Clans.
Why 16 VMs? If you're looking to learn VMs and/or advanced networking, then sure go that route. If you're just looking to save some time, just get 16 old laptops or netbooks with ethernet.
Not that this wasn't entirely predictable.
Yes, tons of stuff. Dozens of protocols.
Yes; there are a number of "companion" protocols that interoperate with IP when it's on an ethernet. You've probably heard of ARP and ICMP, to give just two examples. Neither of those is actually part of the Internet Protocol, and they don't ride over it, but they do use IP addresses on an Ethernet.