Link Preference and Link Control

Unlike wired LAN traffic, wireless interface (WLAN) traffic either arrives at the host or is sent to Intel AMT directly. When traffic goes to the host, the WLAN driver determines which traffic should be forwarded to Intel AMT. When the host driver is off or fails, or the host operating system fails, or the host is in a sleep state, manageability traffic is routed directly to Intel AMT. If the host returns to S0 or the driver is restarted, then Intel AMT must return control to the host, otherwise the host will not have WLAN connectivity.

Link Control during SOL/Storage Redirection

Starting with the first mobile version of Intel AMT (Release 2.5), when an SOL or Storage Redirection session (USB-R from Version 11, IDE-R in earlier versions) is established over a WLAN, control of the WLAN passes immediately to Intel AMT. This is done so the session can complete without interruption, even if the SOL activity commands a restart of the host. Once the session starts, however, the host has no WLAN access. When the session completes, control returns to the host, if the host driver is active. Starting with Release 6.0 through to Release 8.0, users of the redirection library can control link preference during a redirection session. Release 8.1 introduces link protection which removes the need to manually control the WLAN connection for a SOL/Storage Redirection session.

Setting Link Preference

Release 6.0 introduces the link preference option, which provides ISVs more control over Intel AMT behavior when dealing with the WLAN. The AMT_EthernetPortSettings.LinkPreference property allows an application to determine whether the Host or the Intel ME (where Intel AMT firmware executes) is the preferred master of the WLAN. The difference between these two options is that when LinkPreference is set to Intel ME (subject to a timer) the Intel ME takes control of the link unconditionally; the host remails with no WLAN connectivity and the viability of an Intel AMT redirection session is guaranteed. If the setting is Host, the Intel ME may still take control, depending on a series of other conditions – for example, whether the host driver is still active. In this state, most probably an Intel AMT redirection session will not survive a asystem reset if required.  The Redirection Library in Release 6.1 through to Release 8.0 can control whether Intel AMT will take control of the WLAN during a redirection session or will accept SetLinkPreference commands during the session.

Link Protection

Release 8.1 introduces automatic link protection thereby removing the need for the ISVs to manually manage the WLAN link preference between the host and Intel ME. This feature is enabled automatically.  

Link protection mode ensures that when a link sensitive condition exists, such as a redirection session or CIRA tunnel, where the Intel AMT has an open manageability session which must be maintained, its connectivity will be preserved throughout a loss of host connectivity, such as a system reset. 

There are four levels of link protection:

   None:  Normal mode when no link protection is applied.  This is the equivalent to Link Preference=Host.  This is the mode when there is no redirection session open.

   Passive:  The Intel ME is protecting the link.  Intel ME WLAN link protection is activated automatically by the Intel ME when a manageability session is opened.  For as long as the host has a healthy WLAN connection the Intel ME will use the host connection.  At the moment that the host loses its connectivity the Intel ME will establish its own WLAN connection while maintaining the properties of the link (profile and Access Point) such that the IP address is maintained so that the manageability session does not disconnect.  After an OS or WLAN driver reset, the Intel ME will give the host a chance to reestablish its own connection while limiting the OS to the same link that the Intel ME was connected to.  If the host fails to establish a connection within a set timeout, the Intel ME will regain control of the connection and thereby maintain the open manageability session.

   Override:  Link protection (both automatic and manual) is temporarily cancelled by CancelLinkProtection() used by the management console.  In this state, the Intel ME will not take ownership of the WLAN NIC so long as the host driver is loaded.  SetLinkPreference() will return an error.  This mode is for debug use cases and not for normal manageability use cases.

   High: This is for future use. The Intel ME is protecting the link but the required protection level is high so the Intel ME takes the control of the NIC and the host loses WLAN connectivity.  There is no external API for setting this mode.  This mode is intended for Intel ME firmware use cases such as Intel® Anti-Theft where the Intel ME cannot suffer any sort of distraction to the link which might be caused by the host OS.  In this mode RF Kill will also be overridden.  At present this is not yet a firmware application that sets this mode. 

The link protection level is automatically set to Passive whenever there is a Storage Redirection/SOL/KVM/User-Initiated-CIRA session opened. This link protection is maintained for only 5 minutes, enough time to establish the CIRA tunnel.  For CILA, link protection is applied for 30 minutes. 

It is also possible for the management console to initiate passive link protection with a timeout in a state where there is no SOL/Storage Redirection/KVM/CIRA/CILA session by calling   SetLinkPreference() and setting link preference to Intel ME.  This manually set link protection can be cancelled by calling this same API and setting link preference to host.  It is not possible to cancel the automatic link protection set by the Intel ME when a session is open using this API.  This only cancels link protection set by the management console.  Only the override API can cancel the automatic link protection.  We provide this option for a special case which would require link protection when there is no session but we do not know of such a use case at this time.

Working with Old Management Consoles

When an old management console (one written to control platforms running Intel AMT versions 6.0 through 8.0) controlling platforms running Intel AMT 6.0 versions through 8.0 sets link preference to Intel ME, the host loses network connectivity.
Old management consoles will still work properly with newer platforms (those running Intel AMT version 8.1 and later).
When an old management console controlling platforms running Intel AMT version 8.1 and later sets link preference to ME, link protection is automatically set to Passive mode (the host retains its WLAN connection as long as it is healthy; if the connection is broken (e.g., if the platform is reset), the Intel AMT takes control of the link).
Link protection is canceled only when link preference is set to back to host or when the timeout ends (and not when the session ends).

To summarize:

 

Intel AMT Version of Controlled Platform

Link Preference Setting

Impact

6.0 through 8.0

ME

Host loses network connectivity

6.0 through 8.0

Host (when previously set to ME)

Host regains network connectivity

8.1 and later

ME

Link protection automatically set to Passive (host retains its WLAN connection as long as it is healthy; if the connection is broken (e.g., if the platform is reset), the Intel AMT takes control of the link). End of session does not cancel link protection.

8.1 and later

Host

Link protection canceled

 

The link protection can be cancelled by calling CancelLinkProtection().  When this occurs, the WLANLinkProtectionLevel propert changes to override.  In this state, automatic link protection will not be applied and manual link protection set by SetLinkPreference() is denied as well.

Link control during KVM Redirection

Initiating a redirection session with the Release 6.0 through Release 8.0 KVM feature does not cause the ME to take control of the WLAN automatically. A KVM session using the host driver will continue to use the host driver until commanded explicitly to change Link Preference to ME. If the driver is shut down or the platform transitions to an Sx state or initiates a restart, then control will also pass to the Intel ME. ISV applications that use KVM need to manage the link preference settings for smooth operation across restarts, remote reboots, and other transitions.

Release 8.1 introduces link protection which removes the need to manually control the WLAN connection for a KVM session.

Monitoring link ownership

There are conditions that cause Intel AMT to change control of the wireless interface. Applications that set link preference need to monitor the AMT_EthernetPortSettings.LinkControl property. For example, the following conditions could change the link control:

   The local user overrides the link preference setting (there is a button in the IMSS application that does this).

   The local user triggers a remote call for help action via the IMSS or other local software.

Additional features may require such changes in the future. Therefore, applications should monitor this setting periodically to verify that the current setting is what the application expects.

See Also:

   Link Preference and its Impact on KVM Over Wireless

   Redirection and the Link Preference Feature

   Link Preference and Control

   Set/Get Link Preference and Control

Copyright © 2006-2022, Intel Corporation. All rights reserved.