http://serverfault.com/questions/259792/how-does-ipmi-sideband-share-the-ethernet-port-with-the-host
我在此稍微作筆記、翻譯
- Sharing Ethernet means that LAN1 appears to have 2 MAC addresses(the IPMI interface, the standard Broadcom NIC)
- 公用同一條網路線表示LAN1會有兩個對應到的MAC位址(IPMI和原本的網路卡)
- Traffic to the IPMI interface is magically intercepted below the operating system level and never seen by whatever OS is running.
- 原本到 IPMI 介面的流量會跑到作業系統底下,而不論使用什麼作業系統都將無法看到
Downsides for sharing the IP for IPMI and OS host
- It's particularly difficult to partition the IPMI interface onto a separate subnet in a secure manner.
- 很難做到將兩者分開成不同子網路以保證安全
- The latest IPMI cards now support assigning a VLAN to the IPMI NIC, so you can get some semblance of separation - but the underlying OS could always sniff the traffic for that VLAN.
- 最新的IPMI卡可以支持把VLAN轉到IPMI NIC的功能,所以你可以得到一個「看似」兩者區分開來的樣子,但是OS仍然可以監視到該通訊流
- Older BMC controllers don't allow changing the VLAN at all, although tools like ipmitool or ipmicfg will ostensibly let you change it, it just doesn't work.
- 比較舊的BMC控制器不允許你更便VLAN,雖然有像是ipmitool或ipmicfg等工具,但是就是辦不到
- You're centralizing your failure points on the system. Doing configuration on a switch and manage to cut yourself off somehow? And, you've now cut off the primary network connection to your server AND the backup via IPMI. NIC hardware fail? Same problem,
- 你把所有可能失敗的地方都集中在系統,要怎麼設定一個開關,然後要他關掉自己?你關掉最重要的到伺服器的網路連線和透過IPMI備份的機制。至於NIC硬體問題也會遇到一樣的狀況
照這份文章的解釋,不建議我們設法把 IPMI 和 host IP共用。
No comments:
Post a Comment