InfiniBand Security
When MKEY protection is enabled by the Subnet Manager on the fabric devices, following command options should be used in ibdiagnet:
Parameter | Description |
--m_key <m_key> | Specifies constant MKey for the fabric. The MKey value should be specified when a single MKEY is shared by all InfiniBand devices. The mkey value can be obtained from the opensm.conf file (m_key parameter). |
--m_key_files <path to key files directory> | Specifies the path to the directory with the key_files (guid2lid, guid2mkey, neighbors, guid2cckey, guid2vskey). Key files usually provided by opensm in /var/cache/opensm/. |
Example of guid2mkey/guid2cckey/guid2vskey file:
0x0002c9000000001e 0x0000000000000111
0x0002c9000000002a 0x0000000000000222
0x0002c90000000026 0x0000000000000333
0x0002c90000000006 0x0000000000000444
Example of guid2lid file:
0x0002c9000000004b 0x0027 0x0027
0x0002c9000000002a 0x001a 0x001b
0x0002c90000000006 0x0004 0x0005
0x0002c90000000047 0x000e 0x000e
Example of neighbours file:
0x0002c9000000004d:4 0x0002c9000000000e:1
0x0002c9000000004b:1 0x0002c9000000002e:1
0x0002c90000000049:2 0x0002c90000000022:1
0x0002c90000000006:1 0x0002c9000000004d:2
Example:
ibdiagnet --mkey 0x00ff
ibdiagnet --m_key_files /var/cache/opensm/
ibdiagnet --m_key_files /tmp/opensm_mkey_files/
Aggregation Management Key (AM key) is sent in SHARP Management MADs to the Aggregation nodes. (default 0). Aggregation management key is configured in SHARP Aggregation Manager configuration file.
Parameter | Description |
--am_key <am_key> | Specifies constant am_key. |
--am_key_file <path_to_am_key_file> | Specifies the path to am_key_file: guid2am_key. |
Example of guid2amkey file:
0x0000000000000111 0x0000000000000001
0x0000000000000222 0x2
0x0000000000000333 0x0000000003
0x0000000000000444 0x0000000000000004
Example:
ibdiagnet --am_key 0x0000000000000123
ibdiagnet --am_key 0x123
ibdiagnet --am_key_file /tmp/guid2am_key
ibdiagnet --am_key_file /tmp/am_keys