1

I have an issue and I am trying to come up with a solution around it.

The problem: I have 3 HP servers which have both iLO and iLO2 management controllers. Both of these do not support IPv6.

I am wanting to setup my test lab rack in full IPv6 mode. I want to disable IPv4 for my INTERNAL network. I am trying to figure out a way to bypass the iLO controllers yet still maintain something similar in fuctionality.

I had considered an IP KVM but all of them seem to require special software or cost a ton of money. There were some on eBay I was looking at like the HP AF600A but I can't figure out if it supports IPv6 or what kind of software requirements it has.

Would an IP KVM be the best solution?

I was also thinking I could get another IPMI card for my server and just pop it into one of the spare PCIe slots on the machine. But there are not many slots since they are 1U servers.

Can anyone give their 2 cents on this matter.

The biggest hurdle to overcome is I do not have direct access to the hardware, its located about 200 miles from me. So....

Would I really just be better running dual stack protocol? and just use the iLO controllers since they can power on the servers in the event of a power outage?

AtomicPorkchop
  • 1,975
  • 8
  • 34
  • 55
  • You have complained to HP about the lack of IPv6 support, right? – Michael Hampton Jan 17 '13 at 06:47
  • No I have not, I did not really think it would do any good. Isn't iLO2 EOL? – AtomicPorkchop Jan 17 '13 at 06:48
  • Hell, HP just EOL'd the G7's, which has lots of people in an uproar. Feel like a major infrastructure refresh? :) – Michael Hampton Jan 17 '13 at 07:13
  • 1
    Change your requirements. Hack the firmware for the ILO controllers. ALl you can do. Any other implementation will require at least SOME IPv4 in the network. A NAT64 device will make it isolated (ISO subnet only), but it will still be a IPv4 network at least in one segment. I would suggest NOT going IPv6 for that layer, simple like that. – TomTom Jan 17 '13 at 07:40
  • @MichaelHampton heck if I could afford some G7 they would be mine, I have had my eye on them. Eh who knows what eBay will have one day (in my price range). – AtomicPorkchop Jan 17 '13 at 08:43
  • Move the iLO network to a separate private segment and use NAT and PAT on a firewall to open up on the IPv6 network. – Steve-o Feb 01 '13 at 14:59

1 Answers1

1

OK, so you have a number of old IPv4-only devices in your network. Ideally you'd like to be able to continue using them on your IPv6 network, though it seems that you think you can't do so since, well, they're IPv4-only. So now you're looking for other solutions.

Of course, you could replace the offending devices, but the boss won't give you that kind of money!

Enter NAT64.

NAT64 is a router protocol which permits IPv4-only hosts to be accessed from IPv6 hosts. The device implementing NAT64 translates the IPv6 addresses to IPv4 addresses and passes them on to the (hopefully very isolated) IPv4-only network, and translates the other way going back.

There are several Linux and BSD software implementations of NAT64. Microsoft Forefront Unified Access Gateway, as well as some recent Cisco and Juniper routers also implement it.

So, using NAT64, you can isolate and access your IPv4-only devices from IPv6-only hosts. Currently this is the preferred method of dealing with such old hardware.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • THe problem with this is that it is nice in theory, and practice, but it is not usable per the OP's requirements because he does NOT WANT IPv4 ON HIS NETWORK. Point. No Ipv4 on the internal network, and tha would be A SORT OF internal network. – TomTom Jan 17 '13 at 07:39
  • 1
    hmmm you know NAT64 may be the solution. First off its FREE, second it will be supported in the upcoming release of pfSense (2.2 to be exact). This would not solve the issue with my crappy Netgear switch but that is a different problem. I mean in a perfect world I would like to eliminate IPv4 altogether but considering my situation that sounds like the best solution. It gives me 90% of goal which is to run a network that uses IPv6 and considering I would still access it with a v6 address it sorta bends the rules a bit. – AtomicPorkchop Jan 17 '13 at 08:39
  • I was reading that NAT64 does not allow access to site with IPv4 literal addresses. This would be mean I would not access the iLO portals with the IPv4 address (of course). So I would use the address of the NAT64 server? – AtomicPorkchop Jan 17 '13 at 08:51
  • 1
    With NAT64 you map a block of IPv6 addresses to IPv4 addresses. The well-known-prefix for that is 64:ff9b::/96 where bits 97-128 are the IPv4 address. So if you want to connect to 192.0.2.1 you would use 64:ff9b::c000:0201 instead. When using hostnames you can let the DNS server do the replacement (DNS64). You can also put the right address in DNS yourself. But if the ILO interface has links to 192.0.2.1 then those won't work because there is no DNS lookup involved and on the other side of the NAT64 box IPv4 addresses don't exist. Still: using NAT64 would be the best solution in your situation – Sander Steffann Jan 17 '13 at 09:15