USB0 network interface - why?

[bumperdoo]

Hi,

Running TrueNAS-SCALE-22.02.0.1 and keep seeing a usb0 network interface

I've tried removing it but can't - the other two NICs are fine. Any thoughts on why it exists and how to remove it? Definintely not using any usb-based network adapters.

 

[bumperdoo]

I'm *thinking* it's the BMC on the SuperMicro board... but why would it show up here in TrueNAS?

 

[jgreco]

If you're not using any USB-based network adapters, how have you "tried removing it"?

Perhaps you could outline what you're using for hardware. Without that, it's really hard to speculate.

 

[Ericloewe]

Most interesting is that it's claiming to be connected to something, as evidenced by the link-local addresses.

Any smartphones connected by any chance? As it turns out, drivers for USB tethering of both Android and iOS are widely-included in Linux distros.

 

[HoneyBadger]

Most interesting is that it's claiming to be connected to something

Often times BMCs will make themselves accessible to guest OS's by means of an APIPA address, to allow for lifecycle management or other hardware interactions.

If @bumperdoo opens a telnet/ssh session to that port from within TrueNAS, I bet there's a reply from the BMC.

Super Micro Computer, Inc.. - FAQ Entry

This extra virtual LAN (RNDIS ethernet over USB) come from BMC and is the interface used for BMC communicate with OS for specific feature.

 

[Ericloewe]

That's a new one... One would have thought that the existing mechanisms would suffice without the need for a virtual NIC and yet here we are. Feels like, once again, Ethernet being shoved through a hole it probably should not go through.

 

[jgreco]

Well, when you lack competence at designing a secure mechanism for controlled access between BMC and host, which is how I read most of the trainwreck attempts at doing this, then by all means just open it wide open for backdoor network access, why not. Sheeesh.

 

[DannyB]

This is generally how the ASPEED BMC's (which supermicro, and almost everyone, use) communicate with the OS. Dell IDRAC, etc does the same thing (for example, dell requires it for the OS service module to communicate with IDRAC).

In the case of supermicro, for the H12/X12 series of boards, if you want to disable it, go into IPMI, go to configuration->bmc settings.
Choose the host interface tab, and disable it.

On the X11/H11, it should be pretty close to that too.
I never used the 10 series, so no idea.

 

[HoneyBadger]

It's a pretty solid OS-agnostic method for in-band management, IMO. Sure, you could do it via an emulated serial port, but if I've got to shove a few hundred MB's of firmware/microcode I'd much rather do it at ~100Mbps than 115Kbps, and it's easily scriptable.

Poked through the manual for the X10 series and the AST2400/2500 BMC's but I don't see a disable option, at least not one that's called out. Looking for something similar to what @DannyB described might be worthwhile.

 

[bumperdoo]

Perhaps you could outline what you're using for hardware. Without that, it's really hard to speculate.

Sure... sorry for the absence.. busy few days.

SuperMicro H12SSL-NT
128TB - 8 x 16TB RDIMMS MTA9ASF2G72PZ-3G2E1
AMD EPYC 7543P
Samsung Pro 980 1TB qty 2 mirror (VM - Win 10)
Lexar NS100 128GB qty 2 mirror (TrueNAS OS)
WD Gold 16TB qty 8

System runs headless. Interestingly, I can't seem to bridge the VM's NIC so the local SAMBA storage is accessible to Win 10 per this guide. Will tackle that next.

TIA!

 

[DannyB]

I have an H12SSL-CT, which is the sister mobo of that one.
It's also headless using IPMI.
Happy to walk you through whatever :)

If the system is in heavy use, i've found it easier to bridge the nics from the CLI over IPMI, than trying to do it in the UI carefully.

For example, you now can't take the IP address away from the primary nic if it's in use by kubernetes, If you delete it in the UI, then click apply, it will not disappear :)
if you do it from the CLI, it tells you it's because it's in use by kubernetes.

Also keep in mind that bridging is not instant. The member nics go through a few states before they start forwarding. Honestly, it's easier to make a config download, update all the nic settings, force-commit it even though the network isn't working, reboot, and it will all work when it finishes booting.

 

[bumperdoo]

If the system is in heavy use, i've found it easier to bridge the nics from the CLI over IPMI

It's not in heavy use... yet.

Here's the thread I started on my struggles with the br0.

 

[bumperdoo]

if you want to disable it, go into IPMI, go to configuration->bmc settings

Neat...

That's the IP associated with usb0 - disabling it will remove what functionality, if any, for the TrueNAS?

 

[bumperdoo]

Disabled it... so far I can't see that it's had an impact.