User guide
7
filtering. This feature is active with both the shared and dedicated network modes and provides
protection against a denial of service attack. In addition, there is internal firewall software as described
by the IP blocking and IP range filtering in subsequent sections.
Shared NIC Mode
Figure 2 provides more detail about the connection between the iDRAC6 and the network adapter.
Incoming packets are filtered by the MAC address of the iDRAC6. If there is a match, the packet is
routed to the sideband connection to iDRAC6. Otherwise, the packet is filtered and is not received by
iDRAC6. Outgoing packets from the iDRAC6 are sent onto the network, but it is physically impossible to
send a packet through the network adapter to the host processor. This is also the case for outgoing
packets; it is not possible to send a packet to the iDRAC6 through the network adapter. This isolation
provides security by preventing access to one network even if the other is compromised.
The iDRAC6 uses the high-speed NC-SI (Network Controller Sideband Interface) to communicate with
the network controller. The iDRAC6 configuration allows the user to select between the dedicated port,
the shared port (βnetwork controllerβ in Figure 2, or LAN on motherboard), the shared port with failover
to LOM2 (LAN #2 on motherboard), or the shared port with failover to all LOMs. These options provide
significant flexibility to the user while maintaining the security discussed in this section.
Figure 2 β NC-SI sideband interface