Port mirroring with GRE

I recently had a requirement to mirror a port from a physical machine to a virtual machine. Initially I thought it would be pretty trivial, but when I came to implement it, it turned out to be less than straightforward. While it certainly is possible, in a complex data center environment there can be a lot of changes that need to be made which might make it an unattractive option.


If the distribution switch you are using happens to support erspan, then you can set that up and send all the traffic to the VM directly. Your traffic will have the GRE header attached to the packet, but for many applications this may be acceptable. In our case it was not, so I wrote a filter driver using WinpktFilter to strip all the GRE headers off before being passed up the stack to the protocol drivers.

In our case, we also didn't have a switch that supported erspan. So I wrote another filter driver which takes all the packets arriving on an interface, wraps them up in an GRE packet and spits them out the same or different interface. You can put this tunneling application either on the source machine itself or a dedicated machine that has the source machine mirrored to it using a regular switch port mirror - this way you can avoid modifying the source machine at all if it is running critical production processes. The source for both filters is at
https://github.com/Raggles/gremirror - gretunnel tunnels the packets and grestrip strips the GRE headers at the other end. This solution works well with the winpcap driver because winpcap is a protocol driver whereas WinpktFilter is a intermediate driver/LWP Filter driver (depending on OS). I haven't yet tested with npcap, so I'm unsure whether npcap will see the packets before or after they have the GRE headers removed.

| Posted in Networking | No Comments »

update on compiling sall calcs with gcc for SCD6000

It's been a while since I last worked on this, and today I made my first (unsuccessful) attempt to load a gcc compiled elf onto a SCD6000. In the previous post, I outlined how a sall file can be turned into an elf outside of the RTU Station environment.  The progress made in this post is the small step of using the gcc toolchain from within the RTU Station environment.  This is required, because any points used by the calc need to be parsed and included for the rest of the RTU configuration (these points are stored in the defs.h file, which gets renamed to <calcname>.h).  The details are in on github.

Unfortunately, the first attempt to load an actual file didn't work (the calc shows up in the error state in the RTU).  This is not at all unexpected, and now begins the tedious process of trying to understand why.  This may prove to be quite a challenge, given that we can't really observe the internals of the RTU, but I'll keep chipping away at it.



Reverse engineering the innards of System Platform #1 - Packages, Templates, Objects, Primitives and Attributes

In order to try and understand various aspects of System Platform a little better, I have been poking around the inner workings of the software and discovering many interesting things, which I intend to share in a series of posts on the subject.  So here goes with the first one about Packages, Templates, Primitives and Attributes - settle in because it's a long one.

Firstly, we must must realise that the templates, primitives and attributes that we are going to talk about here are not the same as the templates and attributes that we are used to dealing with in the IDE which I will call IDE templates and IDE attributes from now on.

Templates are a base object type, such as $UserDefined, $Symbol, $DiscreteDevice and so on.  This list of templates is in the database in table template_definition, and for example mine looks like this:
Read the rest of this entry »


Google Earth KML Generator for Radio Networks

One thing that really bothers me sometimes is having the same data in multiple places, and having to manually update the same data more than once.  So I was bothered when a colleague recently spent a few days creating a google earth file for our communications network (>150 nodes), even though we had a spreadsheet of all the locations of each node already.  So, in a couple of hours I came up with this program which converts a spreadsheet or csv file into a kml file which can be imported into google earth.

Take the following data (this is not a real network, I just picked a bunch of random points):

Drop the spreadsheet onto the CsvToKml program, and it spits out a kml file, which looks like this in Google Earth:

Now every time we update the spreadsheet all we need to do is feed it to CsvToKml and we get a new google earth file.

| Posted in Software | No Comments »

protplot - now with Fault Level annotations and Chance T fuses

I finally got round to adding fault level annotations to protplot - this was the last feature missing from protplot that we did have in the old spreadsheets that protplot is designed to replace. I have also completed the tedious task of transcribing the graphs for Chance T fuses as well so protplot is pretty much feature complete as per my original plans. There are some more things I'd like to work on (highlighting non grading portions of the graph, and interactive curve adjustments for example), but I don't have a timeline for any of that at this stage.

| Posted in Software | No Comments »

Loopback interfaces on RX1500

Recently we decided to convert a bunch of layer 3 radio links into layer 2 links in order to simplify our OSPF routing database, work around a couple of nasty OSPF bugs in the radios and achieve better balancing when there are equal cost paths.  However this took me down a bit of a rabbit hole that I wasn't expecting - consider the topology change below:

On the left, all of the central routers interfaces are in one vlan/subnet.  On the right the interfaces all have their own IP addresses.  This creates a problem - what IP address does one use when wanting to ssh into the device?  We can use any of the IP addresses of course, but what about monitoring via SNMP?  What about terminating VPN endpoints?  Which IP do we choose, when any of the radio links might be down for whatever reason, and therefore the associated IP address will be unavailable?
Read the rest of this entry »

| Posted in Networking | No Comments »

Crosswire Webclient

Crosswire is a dispatch platform that is compatible with SIP, analog and digital radio.  It comes with a Java client which you pay for per instance, but there are occasions where you may want additional people to be able to listen in.  To this end I have developed a web client that watches the crosswire mysql database and plays out the audio in semi real time.  By this, I mean that you have to wait for each call to be persisted to disk before you can listen to it which creates a delay of at least the length of the call before you can listen to it.  It is written in ASP (C# Razor), source is here.

| Posted in Software | No Comments »

Adapting ospf-visualiser for use with RuggedCom RX1500

A handy thing to see in an OSPF network is a visual view of the active paths and costs.  There are a couple of expensive tools around that can do this very well, but there isn't much around that can do it for free.  One such free tool is ospf-visualiser which can take output from quagga and print out a pretty picture of the network.  If you have telnet enabled on a machine with quagga then you can telnet to it and everything is supposed to work, but it isn't compatible with RuggedCom devices out of the box.

Therefore I have extended ospf-visualiser so that it can SSH to a RuggedCom ROXII device, log in using the given credentials and extract the required data to build the model.  Rather than write a new parser for the RuggedCom ospf command output, I have opted to log in to the maintenance shell and run the quagga commands directly so the existing data parser can be used, which means that the total amount of code changed is actually quite small.

New SSH options for source data

New SSH options for source data

Output for example RuggedCom network

Output for example RuggedCom network

The next step will be to enable live listening to LSA packets so that the visualisation is truly live, but for now the source and binaries are on Github


Top 8 improvements for System Platform/InTouch OMI

My top 8 improvements for System Platform (as at 2017 SP1):

  1. Overrides are not applied to object graphics, unless the graphic is embedded in a host graphic.  Unfortunately it doesn't seem to be a priority.  This means that if your object's graphics are altered by overrides, you can't display them directly in a OMI pane, popup window, or in the presenter app.  The only workaround is to create a symbol for each object graphic and embed the object graphic into it.
    UPDATE: This is apparently in the pipeline for whatever follows 2017 Update 2 (Update 3 presumably?)  Q4 2018
  2. The new alarm app doesn't have a column for the attribute description.  The alarm comment field does contain the description, but when you acknowledge the alarm it is overwritten either with a user comment or a fixed value.  In InTouch the alarm client can be scripted to keep the description in place, but there is no scripting ability in OMI.
    UPDATE: This is apparently fixed in 2017 Update 2
  3. When changing the navigation item in a graphic  script, it is done asynchronously.  This means that you cant change the navigation item programmatically then immediately show a graphic, because the autonavigation will kick in after your graphic is shown and close it again.
  4. Graphics shown on the map have no ability to be clicked on and navigate to a graphic in place of the map.  The only option to achieve this functionality is to use autonavigation which is not desirable in many cases.
    UPDATE: This is possibly fixed in 2017 Update 2...
  5. Windows that were opened in a multitabbed pane, are closed when the navigation object is changed.  There should be an option to keep these open.
  6. Multiple screens should have an option to have a separate navigation session for each screen.  The whole point of having multiple screens is that sometimes you want to see two different things at once.
    UPDATE: This has been noted and is being worked on for a future release
  7. IDE performance is terrible when checking in complex templates with many children.  One of my templates has 120 attributes, and 100 choices/options, and 100 children templates/instances.  It takes 10 minutes to check in which is painful.  It will be many times worse when I go to implement the rest of the 200 instances that I haven't done yet.  Complex templates also takes quite a while open in the IDE, but at least when it's open it is reasonably responsive.
  8. Sometimes data subscriptions get stuck, and are paused for about 30 seconds before completing.
    UPDATE: This can be fixed by deleting all your objects and importing them all again.  Hopefully this has been fixed in update 2...

| Posted in SCADA | No Comments »

The ArchestrA Attribute Wrangler

One frustration that I often have with ArchestrA is wanting to do bulk updates to attributes on one or more objects.  Things such as,

  • Updating a the description on an attribute that has a typo for all objects descending from a template
  • Change all the alarm priorities on objects hosted in a particular area
  • Changing the IO references for all objects using a particular topic name

Read the rest of this entry »

| Posted in SCADA, Software | No Comments »