Cannot access BMC over WAN

Question

Dell PE 1950 Windows XP x 2   Hello, I have a setup of a 1950 - router - router - 1950 to simulate a WAN. The cisco routers use NAT. I can ping the each machine from the other using the external IP addresses. I configured the BMC to have the same IP address as the host machine.   PE-1 (172.16.155.1) - router - router - PE-2 (172.16.155.2) BMC (172.16.155.1) - router - router - BMC (172.16.155.2) PE-1 external addr (172.16.157.1) - router - router - PE-2 external addr (172.16.157.2)   BUT no matter what I do I cannot access the BMC's. The error I recieve is BMC is not detected? I am pretty sure I have the network and IP's configured properly. Is it possible to access the BMC's directly over a WAN? Does the use of NAT and external IP's make accessing BMC's not viable? Does the IPMI protocol allow for this?   Any help would be very usefull. Thanks.

Hlorewvr · Answer

Jas,   I still have a lot to learn about IP addressing but I think you missed the configuration.   Your WANs should be on different subnets, 172.16.157.x and 172.16.158.x with your routers set accordingly. It appears that you are trying to use the routers without really routing.   Can you ping the machines across the routers or just from behind them?   Are you sure the BMC needs to be the same as the machine IP? Two nodes with the same address usually cause issues.   My configuration would be:   PE #1  NIC #1 192.168.1.253  BMC     192.168.1.252   Router #1  WAN 172.16.157.1  LAN  192.168.1.254   Router #2  WAN 172.16.158.1  LAN 192.168.2.254   PE #2  NIC #1 192.168.2.253  BMC     192.168.2.252   The routers of course have either been statically set with the routes or have RIP turned on. I have not had much success with RIP using my Linksys routers but they do the job.   I need to look in to this subject more as I have a PE 2650 that I would like to access remotely.

Jas_1 · Answer

Hi Hlorewvr,   Unfortunately the network I am using is a customers and cannot be changed. They have setup the WAN so that each local network has the same subnet and IP addresses as each other.   I.E   PE#1 IP:172.16.155.1 BMC: 172.16.155.1   PE#2 IP:172.16.155.2 BMC:172.16.155.2   Router#1 WAN: 172.16.157.33 LAN: 172.16.155. x   Router#2 WAN: 172.16.157.160 LAN: 172.16.155. x   PE#3 IP:172.16.155.1 BMC:172.16.155.1   PE#4 IP:172.16.155.2 BMC:172.16.155.2   I have limited IP addresses to work with so therefore I have given the BMC's the same IP address as the host. I have tested access to a BMC on a local host on either of the local subnets and it has worked perfectly. I can access PE#2 BMC from PE#1 and PE#4 from PE#3 but not PE#4 from PE#1.   I can ping across the network using the external ip addressess provided. PE#1 can ping PE#3 using PE#3 external IP address.   Is the problem is that the network has the same local subnets? Therefore when PE#4 BMC recieves a message from PE#1 and tries to respond the IP addr it responds with is IP:172.16.155.1 which is also the same as PE#3? I am not sure on the low level workings does the IPMI message hold the source IP address or does the NIC handle that?   I.E PE#1 sends a message to 172.16.157.34 (PE#4 external IP addr) The message is sent to the routers NAT look up The message is sent to PE#4 BMC   ... does the PE#4 BMC respond to 172.16.155.1 (PE#1 local IP addr)  or the PE#1 external IP address? ... does the Router + NAT + NIC know that the message has come from an external IP address and route the message properly?   Or am I going in the wrong direction and it is something else completely?   Regards Jas

Hlorewvr · Answer

Jas,

I see what you are trying to accomplish. There are two major hurtles to this.

1) When you ping site 2 (PE 3 and 4) from site 1 ( PE 1 and 2) you will receive a response from the router/gateway. Unless you have port forwarding turned on and redirected the ICMP port to a specific address on the inside the response will be from the router.

2) When trying to access an address on the inside you need to have the port forwarding set up. I do not know what the ports are for the BMC. And if you have more than one possible address to connect to you will need to change the port on every BMC after the first. Example, MS Terminal Services uses port 3389 by default. If you have a server acting solely as a host for remote clients and need to access your servers you need to change the port on the additional servers and direct those ports to the correct addresses in the firewall. I generally start with port 3388 and work my way down.

The only other solution, which does not appear to be available to you, is a VPN tunnel connecting the two sites. The issue here is that the two sites need to have different subnets such as 192.168.1.x for site 1 and 192.168.2.x for site 2.

Message Edited by Hlorewvr on 01-10-2008 10:41 AM

Jas_1 · Answer

Hi,   Ok thanks for the information. I will try to look in to this and let you know what I find out. Hopefully it solves the issue!   Cheers.

Jas_1 · Answer

Hi,

I have come back to work on this issue. I have been told that the two routers have no firewallls or ports blocked what so ever. That they are completely open. Therefore does the hurdles you mentioned still apply?

Thanks.

Hlorewvr · Answer

Jas,

The bottom line is:

1. All devices on a network need a unique address.

2. All addresses must match their appropriate subnet.

3. The routers must be given the routing information for the alien subnets.

Each server and BMC must have a unique IP address that matches the current subnet. Site one must be X.X.A.X and site two must be X.X.B.X. Firewalls generally come in to play when you are accessing sites via public or semi-private connections so they are not an issue.

If you go back to my example above, you will end up with two subnets (XXX.XXX.A.XXX) and eight IP addresses (four for each subnet).

I would definately set my server and BMC IPs to consecutive numbers that match on both sides.

PE 1 XXX.XXX.A.253

BMC 1 XXX.XXX.A.252

PE 2 XXX.XXX.A.251

BMC 2 XXX.XXX.A.250

(routers XXX.XXX.A.XXX <---> XXX.XXX.B.XXX)

PE 3 XXX.XXX.B.253

BMC 3 XXX.XXX.B.252

PE 4 XXX.XXX.B.251

BMC 4 XXX.XXX.B.250

Of course, this starts to get a bit more complicated if you need access from outside.

[edit] One last note, the LAN and WAN sides of your router must match the subnets on the corresponding sides. You CANNOT set the LAN sides of the routers to have the same exact subnets.

Router 1 WAN connects to the internet

Router 1 LAN is the dominant internal network

Router 2 WAN matches the Router 1 LAN subnet

Router 2 LAN is a different subnet

If the Router 1 connects to a different router before connecting to the internet then the WAN sides of both routers must match the subnet of the dominant LAN subnet.

I hope this is making it better for you.

Message Edited by Hlorewvr on 02-05-2008 10:49 AM

Jas_1 · Answer

Hello,

I rang Dell Support. The person told me that the BMC only communicates if on the same subnet it is not designed to work over a WAN!?

Therefore I setup the network like this:

PowerEdge Server 1
IP: 198.10.10.10
BMC: 198.10.10.10
Gateway: 198.10.10.1

Router 1
IP: 198.10.10.1
Route all 198.10.10.x
open

Router 2
IP: 198.10.10.11.2
Route all 198.10.10.x
open

PowerEdge Server 2
IP: 198.10.10.11
BMC: 198.10.10.11
Gateway: 198.10.10.2

So that it matches the subnet. Can ping but still no luck with detecting BMC. If this didnt work then am not sure introducing NAT, external ips etc etc is gna make any diffference? The routers are completely open and route the same subnet through each other.

I am just goin to try changing the BMC address to a digit out but I am sure this will not make it work.

I also observed a perculiar action. I tried accessing the BMC of another Dell PE Server on the same LAN with a completey different IP Subnet etc e.g. 172.16.155.5. According to the Dell person different subnets dont work but when I tried accessing it, it worked!? Then I tried 2 minutes later and then it stopped working!?!?!?

Doesnt seem very reliable to me.

PowerEdge Hardware General

Cannot access BMC over WAN

Was this post helpful?