Prometheus @ Datacenters Why Modbus Is Even Worse than SNMP Richard - - PowerPoint PPT Presentation

prometheus datacenters
SMART_READER_LITE
LIVE PREVIEW

Prometheus @ Datacenters Why Modbus Is Even Worse than SNMP Richard - - PowerPoint PPT Presentation

Oct 02, 2023 496 likes •928 views

Introduction Background Datacenters Prometheus Outro Prometheus @ Datacenters Why Modbus Is Even Worse than SNMP Richard Hartmann, RichiH@ { freenode,OFTC,IRCnet } , richih@ { debian,fosdem,richih } .org, @TwitchiH 2019-11-07 Richard

slide-1
SLIDE 1

Introduction Background Datacenters Prometheus Outro

Prometheus @ Datacenters

Why Modbus Is Even Worse than SNMP Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH 2019-11-07

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-2
SLIDE 2

Introduction Background Datacenters Prometheus Outro

whoami

Richard ”RichiH” Hartmann Swiss army chainsaw at SpaceNet Project lead for building one of the most modern datacenters in Europe

First one world-wide to be certified under the new revision of EN 50600 One of less than a dozen with both security and availability class 4 There’s no harsher non-military standard on Earth

FOSDEM, DENOGx, PromCon staff Prometheus team member

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-3
SLIDE 3

Introduction Background Datacenters Prometheus Outro

Show of hands

Who has heard of SNMP? Who has heard of ModBus?

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-4
SLIDE 4

Introduction Background Datacenters Prometheus Outro

ModBus

ModBus is worse

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-5
SLIDE 5

Introduction Background Datacenters Prometheus Outro

Relation

SNMPv1: 1988 ModBus release: 1979 (!)

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-6
SLIDE 6

Introduction Background Datacenters Prometheus Outro

SNMP

Without SNMP , the Internet would break down within hours

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-7
SLIDE 7

Introduction Background Datacenters Prometheus Outro

ModBus

Without ModBus, society would break down within hours

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-8
SLIDE 8

Introduction Background Datacenters Prometheus Outro

ModBus

Without ModBus, you would have no power Without ModBus, you would have no water Without ModBus, you would have no ports, or trade Without ModBus, you would have no processed food Without ModBus, you would have no clothes

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-9
SLIDE 9

Introduction Background Datacenters Prometheus Outro

ModBus

Of course, ModBus has zero security built in

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-10
SLIDE 10

Introduction Background Datacenters Prometheus Outro

Flavours of ModBus

Modbus RTU: Serial bus with binary data, most common. Hard real time ModBus ASCII: Serial bus with ASCII. Just don’t. Hard real time Modbus TCP: Binary over TCP/IP . No hard real time requirements Modbus over TCP: Slight differences, not commonly used ModBus UDP , Modbus Plus, Pemex Modbus, Enron Modbus: Ignored

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-11
SLIDE 11

Introduction Background Datacenters Prometheus Outro

Which to use?

You want to use ModBus TCP

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-12
SLIDE 12

Introduction Background Datacenters Prometheus Outro

What if I can’t?

Bridging RTU into TCP is common and you can buy ”master” units off the shelf

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-13
SLIDE 13

Introduction Background Datacenters Prometheus Outro

Master & slave

References to master & slave in modbus exporter have been removed even though they are still part of the official standard

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-14
SLIDE 14

Introduction Background Datacenters Prometheus Outro

Addressing scheme

00001-09999: Read-Write, Discrete Output Coils 10001-19999: Read-Only, Discrete Input Contacts 30001-39999: Read-Only, Analog Input Registers 40001-49999: Read-Write, Analog Output Holding Registers

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-15
SLIDE 15

Introduction Background Datacenters Prometheus Outro

Addressing scheme

00001-19999: Bit-wise addressing into a 2-byte block. So you need sub-addressing 30001-49999: 2-byte block. Unless you need 16 bits, you need suba-ddressing or combination You always get 2-byte blocks back

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-16
SLIDE 16

Introduction Background Datacenters Prometheus Outro

Wat?

No other data types defined Four ways to clobber a Float32 together:

Big endian (1 2 3 4) Little endian (4 3 2 1) Mixed endian (2 1 4 3) YOLO endian (3 4 1 2)

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-17
SLIDE 17

Introduction Background Datacenters Prometheus Outro

Waat?

At least I have not seen YOLO endian yet

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-18
SLIDE 18

Introduction Background Datacenters Prometheus Outro

Waaat?

Yes, ”Input” and ”Output” are from the perspective of the sender, not the actual device Yes, x0000 is skipped Yes, the binary 0x0000 maps to decimal 00001 No, there’s no rule if you start counting with 0 or 1, it’s free for all Addresses up to 65536, or 105536, is ”extended range”

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-19
SLIDE 19

Introduction Background Datacenters Prometheus Outro

Waaaat?

This standard is enforced by devices simply stopping to work Easy, reliable, horrible

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-20
SLIDE 20

Introduction Background Datacenters Prometheus Outro

Reminder

Without ModBus, you would have no power Without ModBus, you would have no water Without ModBus, you would have no ports, or trade Without ModBus, you would have no processed food Without ModBus, you would have no clothes

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-21
SLIDE 21

Introduction Background Datacenters Prometheus Outro

Maps

ModBus maps are roughly what SNMP MIBs are

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-22
SLIDE 22

Introduction Background Datacenters Prometheus Outro

Maps

Only you can’t unit test them and your production might stop working if you do something wrong

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-23
SLIDE 23

Introduction Background Datacenters Prometheus Outro

Maps

I have seen maps which are scans of photocopied paper

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-24
SLIDE 24

Introduction Background Datacenters Prometheus Outro

How do you work with that?

Industry standard is to have a hex viewer, a map, an Excel sheet, and strong nerves

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-25
SLIDE 25

Introduction Background Datacenters Prometheus Outro

What do I use this in datacenters for?

Everything

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-26
SLIDE 26

Introduction Background Datacenters Prometheus Outro

What do I use this in datacenters for?

Everything, except the cameras

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-27
SLIDE 27

Introduction Background Datacenters Prometheus Outro

What do I use this in datacenters for?

Access control, intruder detection, glass breakage, fire detection, fire suppression, cooling set points, groundwater pump, groundwater filters, ion exchange pump, reverse osmosis system, water leakage, fan speed, doors opening and closing, fence gates, lighting, MCCB & status, diesel engine status, diesel fuel tank levels, battery runtime, battery health, elevator access, elevator position, movement in secure areas, potential to ground, lightning strikes, microsecond events on power distribution, medium voltage, transformer load, transformer heat, floodlights, pressure release valves, airflow in office, temperature in office, temperature/humidity/pressure in data halls, smoke extraction fans, emergency exit status, LASER fence scanners, conductivity of cooling water, bullet-proof glass being shot at

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-28
SLIDE 28

Introduction Background Datacenters Prometheus Outro

What do I use this in datacenters for?

Not a complete list

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-29
SLIDE 29

Introduction Background Datacenters Prometheus Outro

Why?

Why?

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-30
SLIDE 30

Introduction Background Datacenters Prometheus Outro

Why?

I like pain

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-31
SLIDE 31

Introduction Background Datacenters Prometheus Outro

Why?

ModBus is the one standard supported by ALL industrial equipment

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-32
SLIDE 32

Introduction Background Datacenters Prometheus Outro

Why?

ModBus is horrible, but it’s also extremely reliable

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-33
SLIDE 33

Introduction Background Datacenters Prometheus Outro

Why?

Because countless people would die if it wasn’t

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-34
SLIDE 34

Introduction Background Datacenters Prometheus Outro

How?

https://github.com/RichiH/modbus_exporter Max Inden did tons of work during a one-month networking & ModBus stint at SpaceNet

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-35
SLIDE 35

Introduction Background Datacenters Prometheus Outro

Caveats

If you have ModBus RTU, use a PLC as a gateway to expose ModBus TCP

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-36
SLIDE 36

Introduction Background Datacenters Prometheus Outro

Caveats

Reading out ModBus registers takes several seconds

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-37
SLIDE 37

Introduction Background Datacenters Prometheus Outro

Future work

Currently having my PLCs reprogrammed to expose seconds spent and might adapt exporter to calculate correct time

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-38
SLIDE 38

Introduction Background Datacenters Prometheus Outro

Future work

There is a semi-standard way to write a ModBus map and I want to have a generator like snmp exporter’s

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-39
SLIDE 39

Introduction Background Datacenters Prometheus Outro

Reminder

Without ModBus, you would have no power Without ModBus, you would have no water Without ModBus, you would have no ports, or trade Without ModBus, you would have no processed food Without ModBus, you would have no clothes

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-40
SLIDE 40

Introduction Background Datacenters Prometheus Outro

ModBus

Without ModBus, society would break down within hours

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters

slide-41
SLIDE 41

Introduction Background Datacenters Prometheus Outro

Thanks!

Thanks for listening! Questions? Twitter: @TwitchiH

Richard Hartmann, RichiH@{freenode,OFTC,IRCnet}, richih@{debian,fosdem,richih}.org, @TwitchiH Prometheus @ Datacenters