Serial over LAN

Tim Small tim at
Fri May 21 04:12:26 CDT 2010

Adam Nielsen wrote:
> Perhaps you can answer something that's been bugging me for some time. 
> How does this actually work?  I mean, what gets sent over the wire when 
> you redirect a serial port?
> It's always bugged me that there's not much information about how this 
> is done, and it seems to use a bit too much magic for my liking.  I 
> mean, is it TCP?  Can you restrict access to it with a firewall?  How 
> does it share the network card with the host OS, in the cases where you 
> use the one NIC for both?

The IPMI BMC is a complete autonomous embedded computer on the
motherboard. It has various connections to the "main" computer, but is
otherwise distinct from it (runs all it's own code, and has its own CPU
and RAM). For shared LAN access it also (typically) has a "backdoor"
into the NIC chip, so that it can tell the NIC to - for example - get
all traffic destined for a certain MAC address (earlier implementations
were even more strange - in that they could set the NIC up to do things
like steal all UDP traffic to the IPMI port).

The IPMI over LAN protocol is implemented as UDP (on port 623) - look at
the "LAN INTERFACE" and "LANPLUS INTERFACE" entries in a recent ipmitool
manual page for details

With SOL, Linux sends serial data to the serial port - the output of
this serial port is then connected to the BMC which receives the traffic
on its own serial port, encapsulates it as IPMI lanplus SOL UDP packets,
and sends it out via the NIC backdoor...

Because of the way that the BMC goes straight-to-the-NIC, any iptables
firewalls under Linux aren't going to see the traffic - so you'd need to
do any firewalling before the traffic hits the NIC (i.e. outside of the
box). Another alternative is to configure the BMC to only communicate on
a separate VLAN, so that you can isolate it from other traffic using
that mechanism instead (e.g. "ipmitool lan set X vlan id 888").


South East Open Source Solutions Limited
Registered in England and Wales with company number 06134732.  
Registered Office: 2 Powell Gardens, Redhill, Surrey, RH1 1TQ
VAT number: 900 6633 53 +44-(0)1273-808309

More information about the Linux-PowerEdge mailing list