eth0 is being mapped to the wrong port on Security Analytics appliances

book

Article ID: 168314

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

The eth0 port in Security Analytics should be assigned to the standard physical NIC port. The configuration information for the hardware purchased from a third-party vendor will not match that which is bought directly from Blue Coat. The software label for the NIC port may not be what is expected by the Security Analytics software. This may cause the eth0 management port to be assigned to a fiber NIC.  Eth0 should be assigned to the same location each time and be the standard to improve consistency and supportability.

Cause

The location for the eth0 port may not be assigned to the expected physical NIC port due to the BIOS configuration of the hardware. The installation process for Security Analytics has lookup tables for a variety of different baseboards but cannot anticipate every possible configuration. When it discovers an unknown configuration, it makes no changes to meet the standards. The eth0 port will not be assigned to the expected physical NIC port.

Resolution

You will need to match the MAC or hardware "address" that corresponds to the physical NIC port to the interface label you want for each eth0 through eth9 interface.  For example, the following image shows what the physical mapping should be on a Security Analytics 10G appliance (Dell R720xd). (Also applicable to Dell R730xd).

User-added image


The challenge is knowing which address belongs to each physical port.  The sample below is from /etc/udev/rules.d/70-persistent-net.rule for a Dell R720xd. There are two types of controllers listed,
I350 Gigabit and the 82599ES_SF2 10 Gigabit.  A typical Dell R720xd for Security Analytics has eight 1GB ports and 2 10GB fiber ports as shown above.

In the address from the example,  ATTR{ADDRESS.EN_US}=="bc:30:5b:ef:b3:63", notice that the leading octet/number is bc for the internal 1GB ports on the baseboard and a0 for the PCI based 1GB and 10GB ports.  These may change over time, but the internal NIC ports leading octet/number will be different than the PCI based NIC ports.


Look at the last number of each "address".  Notice that the eth0 interface has the highest value of the four that begin with bc.  Port 4 is assigned the highest number. Security Analytics designates labels port 4 as eth0 in the software and documentation.  

To make the changes necessary, there are two files to change when the eth0 port needs to be changed: 

/etc/udev/rules.d/70-persistent-net.rules
/etc/sysconfig/network-scripts/ifcfg-eth0


For the address you want assigned to eth0, change the NAME to eth0.  Change the next lowest address to eth1, next lowest to eth2 and lowest to eth3. Then for the 1GB PCI card, change the NAMEs to eth4-7.  The two 10GB fiber ports should be eth8 and eth9, with the lowest final number in the address to be eth8 and the highest to be eth9.

The last step is to modify the ifcfg-eth files.  The /etc/sysconfig/network-scripts/ifcfg-ethX files must be changed to match.  See the sample below.  Keep a copy of the 70-persistent-net.rule file available or displayed to use as a reference.  Change the HWADDR address to match the address line from /etc/udev/rules.d/70-persistent-net.rule for the NAME="eth0".  They must match perfectly.  Do this for each of the ifcfg-eth0 through ifcfg-eth9 files.  The final step is to reboot.

Sample for  /etc/udev/rules.d/70-persistent-net.rule for a Dell R720xd

# This file was automatically generated by the solera_enet_config.py script

# Tue Oct 14 12:37:25 2014

# Intel Corporation I350 Gigabit Network Controller

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{ADDRESS.EN_US}=="bc:30:5b:ef:b3:63", ATTR{TYPE.EN_US}=="1", KERNEL=="eth*", NAME="eth0"

# Intel Corporation I350 Gigabit Network Controller

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{ADDRESS.EN_US}=="bc:30:5b:ef:b3:62", ATTR{TYPE.EN_US}=="1", KERNEL=="eth*", NAME="eth1"

# Intel Corporation I350 Gigabit Network Controller

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{ADDRESS.EN_US}=="bc:30:5b:ef:b3:61", ATTR{TYPE.EN_US}=="1", KERNEL=="eth*", NAME="eth2"

# Intel Corporation I350 Gigabit Network Controller

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{ADDRESS.EN_US}=="bc:30:5b:ef:b3:60", ATTR{TYPE.EN_US}=="1", KERNEL=="eth*", NAME="eth3"

# Intel Corporation I350 Gigabit Network Controller

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{ADDRESS.EN_US}=="a0:36:9f:0a:d8:13", ATTR{TYPE.EN_US}=="1", KERNEL=="eth*", NAME="eth4"

# Intel Corporation I350 Gigabit Network Controller

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{ADDRESS.EN_US}=="a0:36:9f:0a:d8:12", ATTR{TYPE.EN_US}=="1", KERNEL=="eth*", NAME="eth5"

# Intel Corporation I350 Gigabit Network Controller

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{ADDRESS.EN_US}=="a0:36:9f:0a:d8:11", ATTR{TYPE.EN_US}=="1", KERNEL=="eth*", NAME="eth6"

# Intel Corporation I350 Gigabit Network Controller

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{ADDRESS.EN_US}=="a0:36:9f:0a:d8:10", ATTR{TYPE.EN_US}=="1", KERNEL=="eth*", NAME="eth7"

# Intel corporation 82599ES_SF2 10 Gigabit Network Controller

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{ADDRESS.EN_US}=="a0:36:9f:0e:83:20", ATTR{TYPE.EN_US}=="1", KERNEL=="eth*", NAME="eth8"

# Intel corporation 82599ES_SF2 10 Gigabit Network Controller

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{ADDRESS.EN_US}=="a0:36:9f:0e:83:22", ATTR{TYPE.EN_US}=="1", KERNEL=="eth*", NAME="eth9"

Sample /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO="static"
HWADDR=BC:30:5B:EF:B3:63
ONBOOT=yes
TYPE=Ethernet
NM_CONTROLLED=no
IPADDR=10.0.1.53
NETMASK=255.255.255.0
GATEWAY=10.0.1.1
PEERDNS=no
IPV6INIT=yes
IPV6ADDR=
IPV6ADDR_SECONDARIES=
IPV6_AUTOCONF=yes
IPV6_ROUTER=no
IPV6_PRIVACY=no


Sample ifconfig eth0

eth0      Link encap:Ethernet  HWaddr BC:30:5B:EF:B3:63  
          inet addr:10.0.1.53  Bcast:10.0.1.255  Mask:255.255.255.0
          inet6 addr: fe80::be30:5bff:feef:b363/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:327680 errors:0 dropped:608 overruns:0 frame:0
          TX packets:285168 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:97445331 (92.9 MiB)  TX bytes:23948577 (22.8 MiB)


Additional tools to assist in finding which port is assigned to which eth? label.

To blink a NIC port assigned to eth0 run, ethtool -p eth0.  To stop the blinking press Ctrl+C.  To determine if a cable is connected and a has a link, run ethtool eth0.  Look for the "Link detected:" line at the end.  It will be 'yes' or 'no' depending whether the port has a good link.

 

Workaround

Call Security Analytics Product Support for assistance.

Attachments