vCSA Web Management Network error

A few days ago I installed two additional NICs in my server that handle the virtual machine for vCenter Server Appliance (vCSA).

After the NICs installation, the Management web interface for vCSA was showing some strange error (see image below).


vCenter Server Appliance


vCenter Server Appliance

I added two images to show you that the error is almost the same and not browser related.

Next I went online and tried to find a way to fix this issue. Among other stuff I also updated the vCSA, but unfortunately nothing helped.

Finally after a lot of research I found the trouble to be caused not by the VMware code, but something in SUSE Linux OS (on which vCSA is built on). Apparently I had to manually add the new NICs configuration in SUSE:

vi /etc/sysconfig/networking/devices/ifcfg-eth2

Add the follwing lines:


Then add a symbolic link in the right place:

ln -s /etc/sysconfig/networking/devices/ifcfg-eth2 /etc/sysconfig/network/ifcfg-eth2

You need this configuration for each one of your NICs. Of course you need to adapt the configuration for your NICs (eth1, eth2…)

It looks better now:

vCenter Server Appliance

There may be an easier way to fix this problem, but for me, the above solution worked just fine. If you encounter this error and fix it in another way, please feel free to let me know.

Cisco makes its Nexus 1000v virtual switch less virtual

Cisco Nexus 1000vCisco Systems is making its virtual switch, the Nexus 1000v, a little less virtual.

The Nexus 1000v virtual switch replaces the vSwitch embedded in VMware hypervisor software and aims to give network administrators more control and visibility into the switching that takes place between virtual machines on a virtual host server. To date, however, the Nexus 1000v has existed as a virtual machine — a turn-off for network administrators who are accustomed to being able to see and touch their physical network devices.

“I think a lot of network administrators were leery about having [Nexus 1000v] as a virtual appliance because it’s something that’s beyond their control,” said Eric Siebert, senior system administrator with restaurant chain Boston Market and a TechTarget contributor. “Traditionally, the virtual administrators have control over [any virtual machines on a host server].… I think the Nexus 1010 gives them the option to have that type of control in a physical chassis.”

Read more on…

Cisco, EMC unveil data center joint venture

Cisco and EMC this week unveiled their anticipated collaboration, which will provide integrated products and services for customers building private cloud computing infrastructures.

The partnership, which also includes virtualization software vendor VMware, is set up in two parts: one is a Virtual Computing Environment coalition to develop the new products; the other is a joint venture, called Acadia, to train customers and partners on how to install and use the products.

Cisco and EMC are lead investors in Acadia, while VMware and Intel are minority investors. Acadia will have its own CEO, which the companies are searching for, and an initial staff of 130. Acadia’s main mission will be to accelerate product sales and deployment, perform initial operating and then transfer operations to customers or partners.

“It will be a repository of knowledge transfer and best practices,” said EMC CEO Joe Tucci, during a Webcast announcing the coalition and joint venture.

The collaboration between the three companies is targeting a market the companies say — citing data from McKinsey and Company — exceeds $350 billion annually. Half of that amount is spent on capital expenses — product acquisition — and half on operating expenses.

Roughly 70% or more of those costs are allotted to maintaining existing infrastructures, leaving 30% or less for new technology purchases. The companies also say that approximately $85 billion can be addressed with data center virtualization and private cloud technology by 2015.

Read the full article on

Cisco: DoS protection using TCP Intercept

Every now and then, all network engineers have to deal with some kind of network attack.  Usually, the attack does not target the network devices, but the machines that provide services (e.g. www, database hosting…), because it’s more easy to find on the Internet a script that is probing port 80 for example, which by the way any kiddie can use, than to corrupt BGP in order to act as man-in-the-middle. Anyway, in front on the machine being attacked, there is a network device and even if the network component is not the target it can be affected (e.g. high traffic encounter during a denial-of-service attack). So, beside the fact that we have to protect the network components, we have the duty (at least moral) to help the team that is managing the servers to mitigate the attack.

For those of you who are not familiar I will explain shortly what is a Denial-of-Service (DoS) attack. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, web hosting and so on. One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. This extreme external communications requests can be achieved using ICMP flood, peer-to-peer attack, teardrop attack, nuke, application level floor and many other (too many…) methods and the purpose of this is the consuming of resources on the target machine so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

On method to prevent DoS attacks is to limit on the network device ( network router) the amount of connection which is allowed to pass to a server by using  TCP Intercept. The TCP intercept feature helps prevent SYN-flooding attacks by intercepting and validating TCP connection requests. In intercept mode, the TCP intercept software intercepts TCP synchronization (SYN) packets from clients to servers that match an extended access list. The software establishes a connection with the client on behalf of the destination server, and if successful, establishes the connection with the server on behalf of the client and knits the two half-connections together transparently. Thus, connection attempts from unreachable hosts will never reach the server. The software continues to intercept and forward packets throughout the duration of the connection.

The main steps to enable TCP Intercept are:

1. Define an IP extended access list
Enable TCP intercept
3. Fine tune TCP intercept parameter

The TCP intercept can operate in either active intercept mode or passive watch mode. The default is intercept mode.
In intercept mode, the software actively intercepts each incoming connection request (SYN) and responds on behalf of the server with an ACK and SYN, then waits for an ACK of the SYN from the client. When that ACK is received, the original SYN is set to the server and the software performs a three-way handshake with the server. When this is complete, the two half-connections are joined.

In watch mode, connection requests are allowed to pass through the router to the server but are watched until they become established. If they fail to become established within a definite interval, the software sends a Reset to the server to clear up its state.

In the following topology we have the Server ( and the possible Attacker ( In the middle we have the router called R1 which is reponsible to mitigate the attack to port 80 on the Server. For this I would chose to apply the following configuration:

access-list 101 permit tcp any host eq 80

ip tcp intercept mode intercept
ip tcp intercept list 101
ip tcp intercept max-incomplete high 150
ip tcp intercept max-incomplete low 100
ip tcp intercept drop-mode oldest

Some explanation for the line above. We create an access-list matching the traffic from anywhere to the Server. We set the TCP intercept mode to intercept (this is not need actually, because it’s the default mode; I put it here just for the sanity of the example). When the connections are over 150 (…max-incomplete high 600) the router will start to drop connections starting with the oldest ones (..drop-mode oldest). As soon as the connection will be under 100, the router will cease to drop the connections. This are just values used for this example.

To check the TCP intercept you can use the following commands on the Cisco router:

show tcp intercept connections
show tcp intercept statistics

To check a live example of what you should see if your TCP Intercept configuration is working properly please click on the image below. The test is done in Dynamips environment with 2 VMware machines (client and server) using Ubuntu and a Cisco 3640 series router.

Cisco TCP Intercept

VMware launches vSphere

VMware vSphere is the next evolutionary step in IT computing; enabling customers to bring the power of cloud computing to their IT infrastructures. Building on the power of VMware® Infrastructure, VMware vSphere dramatically reduces capital and operating costs, and increases control over IT infrastructures while preserving the flexibility to choose any OS, application and hardware.

Build on a proven virtualization platform to provide the foundation for internal and external clouds, using federation and standards to bridge cloud infrastructures—creating a secure private cloud. Organizations of all sizes can achieve the full benefits of cloud computing, delivering the highest levels of application service agreements with the lowest total cost per application workload.

Available in several different editions, VMware vSphere delivers targeted benefits to small business and mid-size and enterprise business customers.

Brought to you by and FirstDigest