• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Supermicro IPMI + IPv6

Started by broquea, January 24, 2012, 12:41:29 PM

Previous topic - Next topic

broquea

Quick writeup I did for configuring Supermicro servers with ATEN IPMI chipsets to use IPv6. http://ipvsix.me/?p=159

ka9q

With thanks to the people on this list, I just got 6rd going over Uverse down here in San Diego. I had noticed 6to4 wasn't working, went to investigate and discovered this discussion. Wonders never cease.

My traceroute path to the relay address 12.83.49.81 is as follows:

1. uverse.local                                                           
2. 99-71-136-2.lightspeed.sndgca.sbcglobal.net 
3. 75.20.78.24
4. 75.20.78.48
5. 75.20.78.131
6. 12.83.70.137
7. 12.123.132.213
8. 12.83.49.81

Delays were a remarkably flat 20-25 ms all the way up; the 20 ms is for the first IP entity on the other side of my VDSL2 link. I have never learned exactly where that is; is it in the cabinet down the street or somewhere in AT&T's vast cloud? THe 25 ms is for hop 8, so there's very little additional latency over what I normally experience from Uverse.

BTW, tracerouting from a static IPv4 address over Uverse has *never* worked; apparently the brain-dead 2WIRE box blocks the returning ICMP error reports. But it does work when you use the NAT in the 2WIRE; go figure.



broquea

^ has what to do with supermicro and IPMI access over IPv6?

snarked

Holds true for their H8SCM-F motherboard too.

snarked

Unfortunately due to abuse of it, I have also found that the IPMI interface has lots of undocumented features that generate traffic.  Therefore, it should never be placed in the open but needs an external firewall between it and the Internet.

What Supermicro doesn't tell you:
1)  NTP client is also a server that has the "monlist" exploitable feature.
2)  There's an SSH server that apparently allows connections out.
Probably other things that it shouldn't have but does.

Things I did not test for:  To see if the interface has built-in 6to4 decoding allowing 2002::/16 addresses or 6in4 decoding and relaying.