BladeSystem - General

c7000 networking / ILO configuration

 
Ernst_H
Occasional Visitor

c7000 networking / ILO configuration

Dear all,

 

a newbie in the field of c7000 systems – me – has some fundamental questions regarding ILO / networking.

I have the following situation: I got two c7000 enclosures populated with various blades running in the basement of our building, so physical access if necessary is not a big deal. The OA are connected to the institute network (128.128.x.x/23) using static IP configuration. I can connect to them flawlessly an have performed also firmware updates, so this is working without any problems.

BUT: our IT department complains about the fact that on the network port(s) in the server rack to which the OA(s) is(are) connected, not only the MAC of the OA are visible, but also the MACs of the ILOs which are in the corresponding enclosure (so the OA acts like as a switch). This should be turned off, if possible.

So this is the situation I would like to have (if this is technical possible and makes sense…):

  • The OA MAC should be the only one which appears on the network port connected to the institute network
  • The MACs of the ILOs should not be visible on this port!
  • The ILOs should not request IPs via DHCP from the institute network (128.131.x.x) nor should they have static IP addresses within this range.
  • I don’t want to completely turn off the ILOs, as I like to monitor the blades / interconnects via the OA from my office and I want to use the connection for firmware updates via the enclosure (and this requires an ILO connection, right?)
  • The preferred configuration of the ILOs would be an automatic one (that means the OA working as an “DHCP” only (!) within the enclosure) or, if this is not possible, I can configure the ILOs manually. But I’d really like to avoid this.

And now there are some questions:

  • Can I achieve this / is this possible and how would be the preferred way to configure the OAs / ILOs?
  • As for the automatic configuration of ILOs I read about “EBIPA”, which I think would do the job. But on the one hand I read, “If you use DHCP servers on your management network, do not use EBIPA for management IP address assignments.” (http://bladesystem.helpmax.net/en/first-time-setup-wizard/enclosure-bay-ip-addressing/). And of course on the 128.131.x.x. network a DHCP server is running. On the other hand, I don’t think, that this would solve the “MAC is visible though the OA management port” problem…
  • Is it possible / necessary to have an “internal” network within the enclosure for the ILOs (blades & interconnects), I read about “virtual networks VLANs”, could this be a solution?
  •  An option I was thinking about is using my HP Procurve switch as a “MAC filter”. If I would connect the OAs not directly to the network ports at the patch field but have the switch in between, I might use the option "MAC Address lockout”, which – according to the manual “Prevents configured particular MAC addresses from connecting to the network". This should also avoid DHCP request passed to the DHCP server for 128.131.x.x., right?

 

Maybe these problems were “already solved 100 times”, however, I was not able to find any substantial information about it – maybe I was using wrong search terms. If this is the case, please point me in the right direction – However, any help / suggestions are really appreciated.

 

Thanks for your precious time,

 

Best

 

Ernst

 

2 REPLIES 2
AmRa
HPE Pro

Re: c7000 networking / ILO configuration

Enclosure Bay IP Addressing (EBIPA)

The First Time Setup Wizard Enclosure Bay IP Addressing screens allow you to configure IPv4 and IPv6 fixed addresses forOnboard Administrator enclosure bays. The Onboard Administrator EBIPA feature helps you provision a fixed IP addressbased on bay number, which preserves the IP address for a particular bay even if a device is replaced. The managementinterface for components plugged into the bays must be set for DHCP. EBIPA can only be used if the devices are set to bootfrom DHCP. If a device is configured for static IP, then it must be manually reconfigured to DHCP to change the EBIPA IPaddress.

NOTE: The Onboard Administrator documentation refers to EBIPA IP addresses as "fixed IP addresses" or "fixed DHCPaddresses," meaning that each of these addresses is an IP address permanently associated with a specific bay numberindependent of the actual device currently attached to the bay.

The server blade iLO bays and interconnect module management bays can obtain IP addresses on the management network inseveral ways: dynamic IP addressing using an external DHCP server, static IP addressing, SLAAC via router advertisements(IPv6 only), or EBIPA. If your network has a DHCP service or if you want to manually assign static IP addresses one by one tothe server blades and interconnect modules, click Skip to bypass configuring Enclosure Bay IP Addressing.

EBIPA only assigns fixed DHCP IP addresses to the management interface for server iLOs and interconnect modules on themanagement network internal to the enclosure. EBIPA does not assign IP addresses for any other devices on the managementnetwork external to the enclosure and cannot be used as a DHCP server on the production network.

The server blade iLO defaults to DHCP addressing, which is obtained through the network connector of the Active OnboardAdministrator. Interconnect modules that have an internal management network connection to the Onboard Administratormight also default to DHCP addressing.

For more information, please refer HPE BladeSystem Onboard Administrator User Guide (page number 71 to 77)

https://support.hpe.com/hpesc/public/docDisplay?docId=c00705292

I am an HPE Employee

Accept or Kudo
AmRa
HPE Pro

Re: c7000 networking / ILO configuration

Enclosure Bay IP Addressing (EBIPA):
The First Time Setup Wizard Enclosure Bay IP Addressing screens allow you to configure IPv4 and IPv6 fixed addresses for Onboard Administrator enclosure bays. The Onboard Administrator EBIPA feature helps you provision a fixed IP address based on bay number, which preserves the IP address for a particular bay even if a device is replaced. The management interface for components plugged into the bays must be set for DHCP. EBIPA can only be used if the devices are set to boot from DHCP. If a device is configured for static IP, then it must be manually reconfigured to DHCP to change the EBIPA IP address.

NOTE: The Onboard Administrator documentation refers to EBIPA IP addresses as "fixed IP addresses" or "fixed DHCP
addresses," meaning that each of these addresses is an IP address permanently associated with a specific bay number independent of the actual device currently attached to the bay.

The server blade iLO bays and interconnect module management bays can obtain IP addresses on the management network in several ways: dynamic IP addressing using an external DHCP server, static IP addressing, SLAAC via router advertisements (IPv6 only), or EBIPA. If your network has a DHCP service or if you want to manually assign static IP addresses one by one to the server blades and interconnect modules, click Skip to bypass configuring Enclosure Bay IP Addressing.

EBIPA only assigns fixed DHCP IP addresses to the management interface for server iLOs and interconnect modules on the management network internal to the enclosure. EBIPA does not assign IP addresses for any other devices on the management network external to the enclosure and cannot be used as a DHCP server on the production network.
The server blade iLO defaults to DHCP addressing, which is obtained through the network connector of the Active Onboard Administrator. Interconnect modules that have an internal management network connection to the Onboard Administrator might also default to DHCP addressing.

For more information, please refer HPE BladeSystem Onboard Administrator User Guide (page number 71 to 77)

https://support.hpe.com/hpesc/public/docDisplay?docId=c00705292

I am an HPE Employee

Accept or Kudo