Hi and thanks for all the infos.
understanding is somehow "limited" for now.
........ compared to the initial "simple" need which is "I want to
And so... a bunch of port forwarding rules everywhere.
private IP. (means the server side is somehow "hardcoded", I can't act
on server behavior).
the local network to get to any other server console with ipmitool. So I
suggested the "NAT" solution (and pointed to security issues it implies. )
I thank you for the suggestions and documentation pointers btw. I have
bits 6 and 7 are not set.
by IPMITool does not have bits in field 3:6, byte 1, bits 6 and 7 set.
that to my customer.
Post by Al ChuHi Martin,
I think part of the confusion is that the code snippet you provided
does not implement the IPMI standard. The line
lprintf(LOG_ERR, "Error: BMC requests SOL session on different port");
is not an IPMI error and the BMC is preforming it's intended function.
IPMI does allow the different port. Infact that line should be
replaced by a huge amount of logic. IPMI allows the allocation of the
SOL session on any existing RMCP session(IPMI 2.0, Section 24.1
Activate Payload Command, page 330. All references in this email are
to the IPMI 2.0 version dated June 12, 2009) or the creation of a new
RMCP session.
Since IPMITool does not track multiple existing RMCP sessions it
appears that it just prints the error.
Al Chu provided a very concise and correct overview of the SOL session
creation.
If you want some more detail here is a web page but there are two
things to note.
1) This is a programming reference page for a Java library. Since you
are looking at IPMItool internals it not much of a stretch. The links
that begin with "IPMI 2.0" are especially useful. All our software has
links back to the IPMI spec to the page number of relevant decisions.
2) Full disclosure. The web page is for a library called Hemi that my
company provides which replaces IPMItool for high end system managers
implemented in Java.
This is the page
http://www.jblade.com:8080/jbpublic/products/hemi/doc/programmers/HemiSol.html
I'm not sure there is a solution to your problem but try these options
to keep the SOL session using port 623
1) Make sure that Table 26-5, SOL Configuration Parameters, parameter
2, bits 6 and 7 are not set.
2) Make sure that the Table 24-2 Activate Payload Command page 332
sent by IPMITool does not have bits in field 3:6, byte 1, bits 6 and
7 set.
Another approach. This may not meet your needs but abandon the NAT as
a method of security and change to use IEEE 802.1q VLAN as documented
in IPMI 2.0 Table 23-4, LAN Configuration Parameters, parameter #25
and send the VLAN to an encryption/decryption device before forwarding
the UDP stream to the unsecured network.
Hank
JBlade
Hi Martin,
Sorry, it can be confusing to new folks.
With 99% of IPMI over LAN, the communication is always through port 623.
1. Client connects to server/BMC over port 623.
2. Client authenticates w/ server/BMC.
3. server/BMC informs client what port to communicate for SOL.
4a. If server/BMC tells client to use port 623, SOL session continues
under the current connection/session
4b. If server/BMC tells client to use port XXX, client should
disconnect and reconnect under port XXX.
To my knowledge, the disconnect/reconnect under non-port-623 is not
supported in ipmitool. If this is happening with your motherboard, it
would explain your problem.
Al
Post by Martin HamantI'm lost.
ipmitool is a tool to connect to any (most?) baseboard management
controller, to get/set system settings.
ipmitool with default settings connects on port 623/UDP
This was the easiest part :D And to this point all is going well
WITH or
Post by Martin Hamantwithout PNAT (I can use "chassis" commands etc)
now SOL. Something different is happening when ipmitool ask a SOL
session. (thru lanplus interface)
Do I have to understand that ipmitool "sol" arg simply doesn't
take the
Post by Martin Hamantgiven command line "-p <port>" arg into account ?
I tried to read IPMI specification but I have to say this is a
little
Post by Martin Hamantcomplex to eat it like this, at least for me :)
If someone can briefly explain me what's happen when asking a SOL
session thru IPMI (what is "this" trying to connect to "that",
on which
Post by Martin Hamant(random) port)
Maybe I could find a workaround then (other than SOLProxy ^^ )
to get to
Post by Martin Hamantmy BMC interface / console redirection from the internet
Thanks again !!
-
Post by Al ChuI think this is what Hank is talking about. SOL connects at
port 623,
Post by Martin HamantPost by Al Chubut it may communicate over a different port later in the session.
However, ipmitool doesn't support communication over any port
other than
Post by Martin HamantPost by Al Chu623. So if SOL works for you w/o port forwarding, then this
isn't your
Post by Martin HamantPost by Al Chuissue.
Al
Post by Martin HamantHi Hank,
Thanks for you reply, but I'm still not sure we speak about
the same
Post by Martin HamantPost by Al ChuPost by Martin Hamantthing :/
(...)
/* NOTE: the spec does allow for SOL traffic to be sent on
* a different port. we do not yet support that feature. */
if (intf->session->sol_data.port != intf->session->port)
{
/* try byteswapping port in case BMC sent it
incorrectly */
BSWAP_16(intf->session->sol_data.port);
Post by Martin HamantPost by Al ChuPost by Martin Hamantif (portswap == intf->session->port) {
intf->session->sol_data.port = portswap;
}
else {
lprintf(LOG_ERR, "Error: BMC requests SOL session on
different port");
return -1;
}
}
(...)
the comment seems to explains why I get this message...
The RMCP server can use any UDP port it wants to for a SOL
session.
Post by Martin HamantPost by Al ChuPost by Martin HamantSome implementations use port 623. If you have more than two SOL
sessions open on a single RMCP server at least one will be
on a port
Post by Martin HamantPost by Al ChuPost by Martin Hamantother than 623. Each of the SOL sessions may be encrypted
differently using separate cipher suites(or none at all).
Hank
JBlade
On Fri, Dec 30, 2011 at 6:34 AM, Martin
Hi !!!
I have a BMC configured with a local IP adress
(192.168.X.X)
Post by Martin HamantPost by Al ChuPost by Martin Hamantlistening
on default port (623).
I want to access it from the outside world. For
that I have
Post by Martin HamantPost by Al ChuPost by Martin Hamantset a port
forwarding rules on the router to the port 623 of
this local
Post by Martin HamantPost by Al ChuPost by Martin HamantIP.
every ipmitool commands works well BUT not SOL.
# ipmitool -I lanplus -p (external_port) -U (...)
-P (...)
Post by Martin HamantPost by Al ChuPost by Martin Hamant-H (external
IP) sol activate
I get the message: "Error: BMC requests SOL session on
different port"
I'm not sure to understand exactly what it means ?
What I
------------------------------------------------------------------------------
you don't
Post by Martin HamantPost by Al ChuPost by Martin Hamantneed a complex
infrastructure or vast IT resources to deliver
seamless,
Post by Martin HamantPost by Al ChuPost by Martin Hamantsecure access to
virtual desktops. With this all-in-one solution, easily
deploy virtual
desktops for less than the cost of PCs and save 60%
on VDI
http://p.sf.net/sfu/Citrix-VDIinabox
Post by Martin HamantPost by Al ChuPost by Martin Hamant_______________________________________________
Ipmitool-devel mailing list
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
--
Albert Chu
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory