[IPv6] No support from Supermicro ipmi protocol

As we slowly move towards IPv6 only deployment, we sometimes reach a situation where there is no simple solution for our problem.

This time we found that supermicro out of band management cards are not accessible via ipmi protocol over IPv6. Instead of getting the asnwer we just received icmp6 message port unreachable. Web interface works well over IPv6 though.

After a while of digging in our firewall, we tried google and the answer was found very quickly: https://www.supermicro.com/support/faqs/faq.cfm?faq=21475

We use zabbix to monitor our infrastructure, which uses openipmi library to access ipmi. For some reason (I didn’t dig into it, so I don’t know why) it doesn’t fall back to ipv4 when IPv6 device is not accessible.

Instead of spending a lot of time by reading C code, which we don’t understand to, we fixed our problem on DNS side. All our devices are being accessed via DNS. Therefore we installed powerdns-recursor (3.6.2-2+deb8u3) on our monitoring server and wrote a simple lua filter, which drops AAAA records in the response when accessing to ipmi.

/etc/powerdns/recursor.conf

lua-dns-script=/etc/powerdns/dns-script.lua

/etc/powerdns/dns-script.lua

function postresolve(remoteip, domain, qtype, records, origrcode)
    -- ipmi.srw.cz returns only ipv4 records
    if (string.find(domain, ".ipmi.srw.cz.$")) then
        for key, value in pairs(records) do
            if (value.qtype == pdns.AAAA) then
                table.remove(records, key)
            end
        end
        return 0, records
    end

    -- Nothing has changed
    return -1,{}
end

Even though it’s not the best solution, it works. We hope we will get ipmi IPv6 support soon. Or perhaps it is time to switch over to snmp (yes, supermicro should support snmp these days) or their new rest api (supermicro added redfish protocol support), which is unfortunately paid feature.

Advertisements