Results 1 to 8 of 8
  1. #1
    Join Date
    Jun 2001
    Posts
    480

    IP allocation for KVM devices

    Hi All

    Right now, most of the new server equipment has built in KVM dedicated port. Whats the best pratice for assigning IP for each KVM devices? Do you assign a /30 with Vlan setup to prevent IP hijacking? But that would be wasting a lot of IP when you have hundreds of servers.

  2. #2
    Join Date
    Jun 2005
    Location
    New Jersey
    Posts
    219
    I'd recommend setting up a VPN and then simply use private addresses to access each KVM device. This would be much more secure than having them publicly facing and also save the addresses you do have for more important applications.
    Plutomic Hosting
    Empowering Your Web Ventures
    In Business Since 2005
    Specializing in Web Hosting, VPS, Managed Dedicated Servers and Managed Colocation

  3. #3
    Join Date
    Jan 2003
    Location
    Budapest, Hungary
    Posts
    231
    NAT-on-demand or VPN as said before
    ServerAstra.com website / e-mail: info @ serverastra.com
    HU/EU Co-Location / Managed and Unmanaged Cloud & Dedicated servers in Hungary with unmetered connections

  4. #4
    Join Date
    Mar 2011
    Location
    Graz, Austria
    Posts
    298
    External IPs, easiest way - but depends on what device it is.

    some are also able to share an IP.
    Last edited by EDIS; 06-06-2011 at 04:25 AM. Reason: .

  5. #5
    Join Date
    May 2009
    Location
    Vaduz/LI
    Posts
    2,778
    NAT, Customers get access over their Port (Supermicro/HP) or over a single interface that contains all servers (Dell/IBM/Towers/NoName).

    We use 1 IP for all SM/HP Servers (we soon need one more, as we run out of ports on that one ;-)) and around 10 IPs for external KVM switches (usualy 8 Port) and Dell/IBM KVMs.


    Works fine, but is a hassle to setup at first (extra switches for the NATed network everywhere etc.)

  6. #6
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,710
    NAT sounds like a good idea, but it doesnt do much for security.
    The best approach is private network addressing with a VPN tunnel, as well as router firewalling to only allow specific clients to access their designated subnets. This way no public traffic and no other clients can access each others IPMI's.
    EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
    Bandwidth Billing | Inventory & Asset Management | Server Control
    Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management

  7. #7
    NAT isn't really viable for IPMI as the java client expects to be listening on a particular port. We put most of our IPMI on a private network that we access by remotely accessing a particular server on the network that is also connected to the private network. For customers who want IPMI, we make an exception and assign an ip from our pool to that ipmi and then we move the ipmi to the public network. If we had a lot of people who wanted public ipmi access, we'd definitely be looking into a vpn solution, both for security and also to cut down on wasting ips for this sort of thing.
    IOFLOOD.com -- We Love Servers
    Phoenix, AZ Dedicated Servers in under an hour
    ★ Ryzen 9: 7950x3D ★ Dual E5-2680v4 Xeon ★
    Contact Us: sales@ioflood.com

  8. #8
    Join Date
    May 2007
    Location
    Montreal, Canada
    Posts
    76
    I recommend a /29 per physical server. First ips for server and last usable ip for kvm.

    This way each server is isolated within its own Vlan and you know that the last usable ip of each subnet is a kvm
    Last edited by Gogax | Simon; 06-07-2011 at 09:11 AM. Reason: edited text
    Simon Choucroun | Gogax.com
    The Smart Hosting Difference
    Web Hosting & Dedicated Servers

Similar Threads

  1. Replies: 0
    Last Post: 03-11-2010, 04:41 PM
  2. Single KVM over IP w/ 8 port KVM For Sale
    By daniel-ceo in forum Other Web Hosting Related Offers
    Replies: 0
    Last Post: 01-01-2007, 09:38 PM
  3. NCC/Comand Center KVM & KVM-IP Solution?
    By WiredSP in forum Colocation, Data Centers, IP Space and Networks
    Replies: 2
    Last Post: 02-15-2005, 12:09 AM
  4. SSH: Size of connection (from mobile devices) & UK deals on devices?
    By alex-davies in forum Hosting Security and Technology
    Replies: 5
    Last Post: 01-31-2005, 12:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •