Re: Definitions of "Console" and "CLI" expanded

[Perry E.Metzger <perry@piermont.com>]

Owen DeLong <owen@delong.com> writes:
> I think the fact that certain manufacturers are starting to let this slip
> away is a *BAD* thing.  Personally, I would rather NOT reconcile with
> this, as I don't believe it provides a reliable solution.
>
> Ethernet plus an IP stack is a much more complicated interface with many
> more points of failure possible.

Let me subtly disagree.

RS232 is a dying protocol. RS232 concentrators now exist entirely for
people like us, and wiring the things up wastes large amounts of
time. (Indeed, likely wasted hundreds of hours in my life with
breakout boxes making one port or another speak at last).

Then, on top of this, the RS232 concentrators/terminal servers don't
always run a good secure protocol like SSH, so suddenly my terminal
servers become a way to attack my boxes, and if I'm setting up just
one or two boxes in a particular colo I either have to bring my own
terminal server just for one box or (if the locals have one at all!) I
have to trust someone else's security to make sure my box is kept
safe.

Having an over-ethernet management console, handled by a separate
processor inside the box, which is now cheap enough to be almost
ignorable on the cost of "real" equipment, is a serious benefit.

At the very least, we should not be telling people that they "must"
use RS232. Even if the systems of the future run with USB target ports
for their consoles and run the serial-over-USB protocol, it would be a
big win -- you could use a few USB hubs on a linux box as your
"terminal server" and handle a hundred ports from one machine if
needed, or just a couple if you wanted, with the wiring all impossible
to screw up. USB is so much nicer than RS232 from a "can't mess up the
wiring" perspective it isn't funny. (On top of this, many laptops
don't even have a native RS232 port any more...)

> The total cost to putting a serial port in a box these days is usually
> under $20.  Even ZyXEL in their "toaster" products has a serial port on
> most of them (all of the more recent models).  If you have a CLI, there's
> really little or no additional software required for serial.

On the other hand, these days, a single chip can provide a supervisory
microprocessor running separately from the rest of the machine plus an
ethernet port for under your magic $20. That processor can perform
additional tasks like doing watchdog timer based resets of the box and
giving you a console even when the machine itself has hung hard, and
providing a hard reset to the main processor! And yes, integrated
systems-on-a-chip have indeed gotten that cheap.

I've gotten rather used to using console boards on PCs. See, for
example, http://www.realweasel.com/ for an example. That board gives
you a separate processor running its own software that handles console
but also does a true hardware watchdog timer and can hard reset the
device. I'm told by the guys building that thing that their next
generation board will have ethernet, and will have ssh for access. I'm
thrilled.

> The console port is for those times that communication absolutely
> positively has to work or you completely lose control of the device.
> These are circumstances in which you usually face at least one other
> form of network failure already.

Yah, but how are you going to get to the terminal server? You probably
need a management net anyway if the device going down means that the
network goes down.

> As to full-featured HTML as an option to replace CLI, it's not.

Here we agree fully.

-- 
Perry E. Metzger		perry@piermont.com