## The iLO Redfish Host Interface (Virtual NIC) Before providing technical details about the HPE Redfish Host Interface, it is important to clearly define the terms "out-of-band" and "in-band" and management. ### Out-of-band management "Out-of-band" or "remote" management refers to the access of the [BMC](/docs/etc/glossaryterms/) of a server from an Operating System (OS) located somewhere on the network. If the OS is located in the same server as the target BMC, then, the communication path goes physically out of the server through a physical network adapter and reaches the BMC in its external network interface (i.e. iLO dedicated network interface). The following example opens an out-of-band Redfish session using ilOrest and cURL (Basic authentication). iLOrest out ```shell ilorest login ilo_ip -u ilo-user -p password ilorest get FirmwareVersion --select Manager. --json { "FirmwareVersion": "iLO 6 v1.67" } ilorest logout ``` cURL out ```shell cURL --insecure --silent --location -u ilo-user:password \ https://ilo-ip/redfish/v1/Managers/1 | \ jq '.FirmwareVersion' "iLO 6 v1.67" ``` ### In-band management By definition, "in-band" or "local" management refers to the access of the [BMC](/docs/etc/glossaryterms/) of a server from the OS sitting in the same server, through an internal communication path. HPE iLO implements the standard Redfish Host Interface specification for in-band management. This host interface is also known as Virtual NIC or vNIC within HPE documents. The HPE Virtual NIC communication path between the OS and iLO is the DMTF standard alternative to the legacy HPE Channel Interface (CHIF). NOTES - The CHIF communication path between HPE ProLiant and Synergy Gen12 operating systems and associated iLO 7 has been removed. The virtual NIC is the only in-band communication path implemented in iLO 7 based servers (Gen12) and later. Refer to this [paragraph](/docs/redfishservices/ilos/supplementdocuments/securityservice/#transitioning-to-hpe-ilo-7) for more information. - When using in-band management through the HPE virtual NIC, authentication is enforced even if you logged in as a privileged user in the server operating system. Read the [transitioning to iLO 7](/docs/redfishservices/ilos/supplementdocuments/securityservice/#transitioning-to-hpe-ilo-7) documentation section for more detail. The following example opens an in-band Redfish session using iLOrest via CHIF on an iLO 6 based server in Production `SecurityState`, and logged as privileged user `root`. The second tabulation forces the opening of a Redfish session via the Virtual NIC. in-band CHIF session ```shell ssh root@fdz365g11-1 ilorest login Discovering data...Done ilorest get SecurityState --select HpeSecurityService. SecurityState=Production ilorest logout exit ``` in-band vNIC session ```shell ssh root@fdz365g11-1 ilorest login --force_vnic -u $u -p $p Attempt to login with Vnic... Discovering data...Done ilorest get SecurityState --select HpeSecurityService. SecurityState=Production ilorest logout ``` TIPS - Generic Redfish clients like cURL, PowerShell, Postman don't have the ability to open an in-band Redfish session via CHIF. - Python scripts can create in-band Redfish sessions via CHIF ([iLO 5 and iLO 6 only](/docs/redfishservices/ilos/supplementdocuments/securityservice/#transitioning-to-hpe-ilo-7)), using the `blobstore://.` base URL as mentioned in the quick start example of the HPE Python ilorest library. ## Managing the Virtual NIC The status of the iLO Virtual NIC can be retrieved from the standard `HostInterface` subsystem or from the Hpe OEM extension of the `Manager` subsystem . The following example retrieves these properties from those two locations, using iLOrest and cURL. Generic GET of vNIC status ```text 1. GET /redfish/v1/Managers/1/HostInterfaces/1/?$select=Status/State, InterfaceEnabled or 2. GET /redfish/v1/Managers/1/?$select=Oem/Hpe/VirtualNICEnabled ``` iLOrest ```shell # 1. ilorest login ilo-ip -u ilo-user -p password ilorest get Status/State InterfaceEnabled --select HostInterface. --json { "InterfaceEnabled": true, "Status": { "State": "Enabled" } } # or 2 ilorest get Oem/Hpe/VirtualNicEnabled --select Manager. --json { "Oem": { "Hpe": { "VirtualNICEnabled": true } } } ilorest logout ``` cURL ```shell # 1. curl --insecure --silent --location -u ilo-user:password \ https://ilo-ip/redfish/v1/Managers/1/HostInterfaces/1/?%24select=Status%2C%20InterfaceEnabled | \ jq '.' { "@odata.context": "/redfish/v1/$metadata#HostInterface.HostInterface", "@odata.etag": "W/\"3008060126\"", "@odata.id": "/redfish/v1/Managers/1/HostInterfaces/1/", "@odata.type": "#HostInterface.v1_1_1.HostInterface", "InterfaceEnabled": true, "Status": { "State": "Enabled" } } # 2. curl --insecure --silent --location -u ilo-user:password \ https://ilo-ip/redfish/v1/Managers/1/?%24select=Oem/Hpe/VirtualNICEnabled | \ jq '.' ``` ### Enabling/disabling the Virtual NIC The Virtual NIC may be enabled/disabled in HPE iLO either though the iLO Web GUI or by a Redfish request. An iLO reset is required for this change to fully take effect. PATCH request URIs ```text 1. Standard URI PATCH /redfish/v1/Managers/1/HostInterfaces/1 2. Oem/Hpe URI PATCH /redfish/v1/Managers/1 ``` Requests body ```json # 1. Standard body { "InterfaceEnabled": true} # 2. Oem/Hpe body { "Oem": { "Hpe": { "VirtualNICEnabled": true } } } ``` Response body ```json { "error": { "code": "iLO.0.10.ExtendedInfo", "message": "See @Message.ExtendedInfo for more information.", "@Message.ExtendedInfo": [ { "MessageId": "MessageId": "iLO.2.30.ResetRequired" } ] } } ``` iLOrest ```shell ilorest login ilo-ip -u ilo-user -p password # 1. Standard command ilorest set InterfaceEnabled=true --select HostInterface. --commit # 2. Oem/Hpe command ilorest set Oem/Hpe/VirtualNicEnabled=true --select Manager. --commit ilorest iloreset # Comment: No need to logout after iLO reset. ``` TIP Search for string "Virtual NIC" in the iLO User Guide to enable and configure the Virtual NIC in the server operating system. ### vNIC configuration details The easiest and safest procedure to gather the entire set of vNIC configuration details is to start with a `GET` request of the `HostInterfaceCollection` collection, and then follow the links. TIP Use the `ilorest list` command to make sure `Links` and other [reserved properties](/docs/redfishclients/ilorest-userguide/globalcommands/#reserved-properties) are part of the response. The following example uses iLOrest and cURL to identify the vNIC's URI via the `HostInterfaceCollection` collection . iLOrest ```shell ilorest login ilo-ip -u ilo-user -p password ilorest list Members --select HostInterfaceCollection. --json { "Members": [ { "@odata.id": "/redfish/v1/Managers/1/HostInterfaces/1/" } ] } ``` cURL ```shell curl --insecure --silent --location -u ilo-user:password \ https://ilo-ip/redfish/v1/Managers/1/HostInterfaces | \ jq '.Members[]' { "@odata.id": "/redfish/v1/Managers/1/HostInterfaces/1" } ``` The following example retrieves the `State` and the vNIC's Ethernet URI using the `HostInterface` URI found in previous example. iLOrest ```shell ilorest list InterfaceEnabled ManagerEthernetInterface --select HostInterface. --json { "InterfaceEnabled": true, "ManagerEthernetInterface": { "@odata.id": "/redfish/v1/Managers/1/EthernetInterfaces/3/" } } ``` cURL ```shell curl --insecure --silent --location -u ilo-user:password \ https://ilo-ip/redfish/v1/Managers/1/HostInterfaces/1 |\ jq '{ManagerEthernetInterface, InterfaceEnabled}' { "ManagerEthernetInterface": { "@odata.id": "/redfish/v1/Managers/1/EthernetInterfaces/3" }, "InterfaceEnabled": true } ``` The following example retrieves the vNIC Ethernet properties using the URI found in previous example. iLOrest ```shell ilorest get --select EthernetInterface. --filter Id=3 --json { "Description": "Configuration of this Manager USB Ethernet Interface available for access from Host .", "IPv4Addresses": [ { "Address": "16.1.15.1", "AddressOrigin": "DHCP", "SubnetMask": "255.255.255.252" } ], "IPv4StaticAddresses": [], "IPv6AddressPolicyTable": [], "IPv6Addresses": [], "IPv6StaticAddresses": [], "IPv6StaticDefaultGateways": [], "Id": "3", "InterfaceEnabled": true, "LinkStatus": "LinkUp", "MACAddress": "0A:CA:FE:F0:0D:04", "Name": "Manager Virtual Network Interface", "NameServers": [], "Oem": { "Hpe": { "ConfigurationSettings": "Current", "InterfaceType": "HostInterface", "NICSupportsIPv6": false } }, "PermanentMACAddress": "0A:CA:FE:F0:0D:04", "StaticNameServers": [], "Status": { "Health": "OK", "State": "Enabled" } } ``` cURL ```shell curl --insecure --silent --location -u ilo-user:password \ https://ilo-ip/redfish/v1/Managers/1/EthernetInterfaces/3/ | \ jq '.' { "@odata.context": "/redfish/v1/$metadata#EthernetInterface.EthernetInterface", "@odata.etag": "W/\"2871979682\"", "@odata.id": "/redfish/v1/Managers/1/EthernetInterfaces/3/", "@odata.type": "#EthernetInterface.v1_4_1.EthernetInterface", "Description": "Configuration of this Manager USB Ethernet Interface available for access from Host.", "IPv4Addresses": [ { "Address": "16.1.15.1", "AddressOrigin": "DHCP", "SubnetMask": "255.255.255.252" } ], "IPv4StaticAddresses": [], "IPv6AddressPolicyTable": [], "IPv6Addresses": [], "IPv6StaticAddresses": [], "IPv6StaticDefaultGateways": [], "Id": "3", "InterfaceEnabled": true, "LinkStatus": "LinkUp", "Links": { "HostInterface": { "@odata.id": "/redfish/v1/Managers/1/HostInterfaces/1/" } }, "MACAddress": "0A:CA:FE:F0:0D:04", "Name": "Manager Virtual Network Interface", "NameServers": [], "Oem": { "Hpe": { "@odata.context": "/redfish/v1/$metadata#HpeiLOEthernetNetworkInterface.HpeiLOEthernetNetworkInterface", "@odata.type": "#HpeiLOEthernetNetworkInterface.v2_3_4.HpeiLOEthernetNetworkInterface", "ConfigurationSettings": "Current", "InterfaceType": "HostInterface", "NICSupportsIPv6": false } }, "PermanentMACAddress": "0A:CA:FE:F0:0D:04", "StaticNameServers": [], "Status": { "Health": "OK", "State": "Enabled" } } ``` The iLO Virtual NIC configuration can be retrieved with a GET request from the `EthernetInterfaceCollection` resource type: GET vNIC configuration ```text GET /redfish/v1/Managers/1/EthernetInterfaces/?$filter=Name eq 'Manager Virtual Network Interface' ``` iLOrest request 1 ```shell ilorest login ilo-ip -u ilo-user -p password ilorest get --select EthernetInterface --filter Name="Manager Virtual*" --json ilorest logout ``` iLOrest request 2 ```shell Filter="?%24filter=Name%20eq%20%27Manager%20Virtual%20Network%20Interface%27" ilorest login ilo-ip -u ilo-user -p password ilorest rawget /redfish/v1/Managers/1/EthernetInterfaces/$Filter ilorest logout ``` Response ```json { "@odata.context": "/redfish/v1/$metadata#EthernetInterfaceCollection.EthernetInterfaceCollection", "@odata.etag": "W/\"02BD3E02\"", "@odata.id": "/redfish/v1/Managers/1/EthernetInterfaces/", "@odata.type": "#EthernetInterfaceCollection.EthernetInterfaceCollection", "Description": "Configuration of Manager Network Interfaces", "Name": "Manager Network Interfaces", "Members": [ { "@odata.context": "/redfish/v1/$metadata#EthernetInterface.EthernetInterface", "@odata.id": "/redfish/v1/Managers/1/EthernetInterfaces/3/", "@odata.type": "#EthernetInterface.v1_4_1.EthernetInterface", "Id": "3", "Description": "Configuration of this Manager USB Ethernet Interface available for access from Host.", "IPv4Addresses": [ { "Address": "16.1.15.1", "AddressOrigin": "DHCP", "SubnetMask": "255.255.255.252" } ], "IPv4StaticAddresses": [], "IPv6AddressPolicyTable": [], "IPv6Addresses": [], "IPv6StaticAddresses": [], "IPv6StaticDefaultGateways": [], "InterfaceEnabled": true, "LinkStatus": "LinkUp", "Links": { "HostInterface": { "@odata.id": "/redfish/v1/Managers/1/HostInterfaces/1/" } }, "MACAddress": "0A:CA:FE:F0:0D:04", "Name": "Manager Virtual Network Interface", "NameServers": [], "Oem": { "Hpe": { "@odata.context": "/redfish/v1/$metadata#HpeiLOEthernetNetworkInterface.HpeiLOEthernetNetworkInterface", "@odata.type": "#HpeiLOEthernetNetworkInterface.v2_2_1.HpeiLOEthernetNetworkInterface", "ConfigurationSettings": "Current", "InterfaceType": "HostInterface", "NICSupportsIPv6": false } }, "PermanentMACAddress": "0A:CA:FE:F0:0D:04", "StaticNameServers": [], "Status": { "Health": "OK", "State": "Enabled" } } ], "Members@odata.count": 1 } ``` ## Using the Virtual NIC When enabled in both the server operating system and in iLO, software running in the host may access the iLO Web GUI or Redfish API via this communication path. By default, the iLO vNIC IP address is `16.1.15.1/30`, and the OS vNIC IP address is `16.1.15.2/30`. Secure Shell (SSH) communications are also possible via vNIC when `SSH.ProtocolEnabled` property is set to `true` in the `ManagerNetworkProtocol` subsystem . TIP When vNIC is enabled, iLO becomes a DHCP server on the vNIC interface. Make sure that the corresponding interface in the host is configured as a DHCP client. Redfish clients [authentication](/docs/concepts/redfishauthentication/#redfish-authentication-and-sessions) (basic or session based) is always required to access iLO resources via vNIC, regardless the type of user (privileged or standard) sending the Redfish requests and the [security state](/docs/redfishservices/ilos/supplementdocuments/securityservice#ilo-security-state) of the iLO. TIP Read the [transitioning to iLO 7](/docs/redfishservices/ilos/supplementdocuments/securityservice/#transitioning-to-hpe-ilo-7) paragraph for information about the authentication of host applications like the Agentless Management Service (AMS), iLOrest, iSUT or SUM.