H3C OAP / OSN CentOS updating


The embedded application board for H3C (or Huawei, or 3com or now HP) Routers (or switches) contains a Pentium M CPU, a harddisk, a cf card, a SODIMM socket for DDR ram and 2 gigE ports.
One external, one internal.

The device is very great for example to run OSSEC/OSSIM for security event collection right in the router, or in my case, Nagios.

It comes preinstalled with CentOS 4.4, which is not really OK to use in 2010.

The upgrade procedure would look like the following now:

  • Upgrade to last CentOS 4 release

to get there you can just dhclient eth1 up to enable the external interface, install a centos4 gpg key and run yum update. so far i havent found anything broken during that update.

the old kernel will keep running, so no kernel security fixes for us, yet.

CentOS release 4.8 (Final)
Kernel 2.6.9-42.0.3.EL on an i686

localhost login:

 

  • Gather and test the needed kernel patches, rebuild a new kernel and test.
  • Strip away useless services and uninstall them
  • Install SystemImager and/or bacula and run backup!

Once I had the patch and the SystemImager image available it will be possible to test it against CentOS 6, so here I would continue in a VM -> patch / test new kernel

  • PXE install the appboard
  • update the ramdisk and disk images to CentOS 6

I want to avoid falling back to CentOS 5 as it is reaching the end of its lifecycle, the main risk is breaking core functions of the OAP / OSN module – i.e. the apis that allow setting the IP from the router shell or enable IDS functions. Hard to tell, probably I could do without some of the gizmos in favor of a more current linux OS.

From what I’ve seen the whole OSN concept the vendors had been pushing has never become successful for them. The 3com manuals give a little peek, how you could’ve run network applications “right on the network” but it seems nobody (among their customers) really cared.

I quite understand that – the OSN modules on Ebay US run around $2000.
How would you decide if you wanted to have a squid proxy next to each group of users:
Use 10 $2000 modules that plug into the switches and are way cool, or use 10 $400 lowcost rackmount PC servers with 4 times the performance & ram & disk space, saving $6000?

conclusion: Ebay prices must generally come down to the $100 I paid for my module, then I can buy 4-5 more of them and enjoy the benefits of 3com open services networking 😉

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s