Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 Software Applications & Hardware Appliances => Topic started by: broquea on January 24, 2012, 12:41:29 PM

Title: Supermicro IPMI + IPv6
Post by: broquea on January 24, 2012, 12:41:29 PM
Quick writeup I did for configuring Supermicro servers with ATEN IPMI chipsets to use IPv6. http://ipvsix.me/?p=159
Title: Re: Supermicro IPMI + IPv6
Post by: ka9q on July 08, 2012, 02:55:55 PM
With thanks to the people on this list, I just got 6rd going over Uverse down here in San Diego. I had noticed 6to4 wasn't working, went to investigate and discovered this discussion. Wonders never cease.

My traceroute path to the relay address 12.83.49.81 is as follows:

 1. uverse.local                                                           
 2. 99-71-136-2.lightspeed.sndgca.sbcglobal.net 
 3. 75.20.78.24
 4. 75.20.78.48
 5. 75.20.78.131
 6. 12.83.70.137
 7. 12.123.132.213
 8. 12.83.49.81

Delays were a remarkably flat 20-25 ms all the way up; the 20 ms is for the first IP entity on the other side of my VDSL2 link. I have never learned exactly where that is; is it in the cabinet down the street or somewhere in AT&T's vast cloud? THe 25 ms is for hop 8, so there's very little additional latency over what I normally experience from Uverse.

BTW, tracerouting from a static IPv4 address over Uverse has *never* worked; apparently the brain-dead 2WIRE box blocks the returning ICMP error reports. But it does work when you use the NAT in the 2WIRE; go figure.


Title: Re: Supermicro IPMI + IPv6
Post by: broquea on July 08, 2012, 02:58:23 PM
^ has what to do with supermicro and IPMI access over IPv6?
Title: Re: Supermicro IPMI + IPv6
Post by: snarked on July 09, 2012, 09:47:22 AM
Holds true for their H8SCM-F motherboard too.
Title: Re: Supermicro IPMI + IPv6
Post by: snarked on March 12, 2014, 05:01:05 PM
Unfortunately due to abuse of it, I have also found that the IPMI interface has lots of undocumented features that generate traffic.  Therefore, it should never be placed in the open but needs an external firewall between it and the Internet.

What Supermicro doesn't tell you:
1)  NTP client is also a server that has the "monlist" exploitable feature.
2)  There's an SSH server that apparently allows connections out.
Probably other things that it shouldn't have but does.

Things I did not test for:  To see if the interface has built-in 6to4 decoding allowing 2002::/16 addresses or 6in4 decoding and relaying.