Adam Nielsen wrote: > Perhaps you can answer something that's been bugging me for some time. > How does this actually work? I mean, what gets sent over the wire when > you redirect a serial port? > > It's always bugged me that there's not much information about how this > is done, and it seems to use a bit too much magic for my liking. I > mean, is it TCP? Can you restrict access to it with a firewall? How > does it share the network card with the host OS, in the cases where you > use the one NIC for both? >
The IPMI BMC is a complete autonomous embedded computer on the motherboard. It has various connections to the "main" computer, but is otherwise distinct from it (runs all it's own code, and has its own CPU and RAM). For shared LAN access it also (typically) has a "backdoor" into the NIC chip, so that it can tell the NIC to - for example - get all traffic destined for a certain MAC address (earlier implementations were even more strange - in that they could set the NIC up to do things like steal all UDP traffic to the IPMI port). The IPMI over LAN protocol is implemented as UDP (on port 623) - look at the "LAN INTERFACE" and "LANPLUS INTERFACE" entries in a recent ipmitool manual page for details With SOL, Linux sends serial data to the serial port - the output of this serial port is then connected to the BMC which receives the traffic on its own serial port, encapsulates it as IPMI lanplus SOL UDP packets, and sends it out via the NIC backdoor... Because of the way that the BMC goes straight-to-the-NIC, any iptables firewalls under Linux aren't going to see the traffic - so you'd need to do any firewalling before the traffic hits the NIC (i.e. outside of the box). Another alternative is to configure the BMC to only communicate on a separate VLAN, so that you can isolate it from other traffic using that mechanism instead (e.g. "ipmitool lan set X vlan id 888"). Tim. -- South East Open Source Solutions Limited Registered in England and Wales with company number 06134732. Registered Office: 2 Powell Gardens, Redhill, Surrey, RH1 1TQ VAT number: 900 6633 53 http://seoss.co.uk/ +44-(0)1273-808309 _______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge Please read the FAQ at http://lists.us.dell.com/faq
