≡ Menu

Cisco VIRL: KVM acceleration is not available

Visco VIRL sometimes throw the following error stating KVM acceleration is not available on hosts running ESXi.

KVM acceleration is not available

INFO: Your CPU does not support KVM extensions
KVM acceleration can NOT be used

You can also run the kvm-ok command to find the status of KVM accleration.

This is due to a missing setting on ESXi Guest OS and the following parameter needs to be added VM’s .VMX configuration file.

Please make sure the VM is shut down before making the change.

vhv.enable = “TRUE”

You can also add this parameter to /etc/vmware/config of the host, but it is not imperative you should do it.

IANA ROOT DNS Object-Group

The following object-group consists the latest IANA ROOT DNS Servers which can be used on the Cisco ASA firewalls.

object-group network IANA-ROOT-DNS
 description IANA Root DNS Servers (IPv4/IPv6)
 network-object host
 network-object host 2001:503:ba3e::2:30
 network-object host
 network-object host 2001:500:84::b
 network-object host
 network-object host 2001:500:2::c
 network-object host
 network-object host 2001:500:2d::d
 network-object host
 network-object host
 network-object host 2001:500:2f::f
 network-object host
 network-object host
 network-object host 2001:500:1::803f:235
 network-object host
 network-object host 2001:7fe::53
 network-object host
 network-object host 2001:503:c27::2:30
 network-object host
 network-object host 2001:7fd::1
 network-object host
 network-object host 2001:500:3::42
 network-object host
 network-object host 2001:dc3::35

[click to continue…]

When it comes to firewall rules, there are a number of things I follow as best practice. To start with, you need to make sure you have all the necessary information in place before writing your firewall rules.

Ask yourself the following questions… If you don’t have the answers, go back to the drawing board and get all the necessary information.

  • Do you have all the necessary ports required for the firewall?
  • Do you have all the IP/Subnet information?

Make the ACLs short and sweet

It is always a best practice to avoid using IP addresses in ACLs.

  • Make sure that the ACLs are intuitive to anyone who is not familiar with your network.
  • You should be able to understand how the firewalling is done by reading the ACLs.

[click to continue…]

Remove or Move Interface from VSAN Database

This will guide you through adding and removing interfaces from VSAN Database. Even though I have tested this on Cisco MDS 9124, the process is virtually the same on the Cisco Nexus platforms with a slight difference on interface names.

When you issue the command show VSAN membership will tell you which VSAN member an interface is part of.

Interfaces are usually in VSAN 1 being the default and it can be moved to other VSAN by using the following commend.

vsan database
 vsan 100 interface fc1/1

If you want to remove an interface from a particular VSAN, you need to move it back to VSAN 1.

Changing Linux Interface Numbering

T he following method is useful when you have cloned a Linux VM and end up with a interface other than eth0. This usually happen when you are cloning or creating a VM from template with interface name eth0 and the cloned copy will have eth1 and not eth0 as the interface name. According to VMware, this is by design and can only be fixed by the following method.

Start up the VM and open up the following file with your favourite text editor and find the interface you want to remove.


[click to continue…]

Allowing Specific DNS Servers on ASA Firewall

The following post shows how to specifically allow specific DNS servers on a Cisco ASA firewall. In this example, I am using Google DNS to be allowed through the firewall.

object-group service DNS-PORTS
 service-object udp destination eq domain 

object-group network GOOGLE-DNS
 network-object host
 network-object host

access-list ACL_in extended permit object-group DNS-PORTS NETWORK object-group GOOGLE-DNS

Copyright © Nish Vamadevan 2002-2015. All Rights Reserved. Terms and Policies.