Solved

Hyper-v 2008R2 subnet isolation between host and guest OS

Posted on 2011-02-26
2
1,196 Views
Last Modified: 2012-08-14
Hello all!

I am going to show my networking ignorance to some degree here. I have a 2008R2 server running Hyper-v. This, obviously, in turn hosts a virtual environment. The host system has multiple network cards and on one nic communicates with a consumer linksys router. This router provides the host system with dchp, dns, and gives access to the internet. What I am wanting to do is to completely seperate the guest virtual environment from the physical (host's) while giving the virtualized guest environment internet access. Hyper-v uses a secondary nic in the host computer that the guest systems use. The virtual environment will host its own ad, dns and dhcp servers. For lab purposes, I do not want the physical system to communicate with the host system's dns or dhcp. I know this can be accomplished via subnetting, but I am a little limted without a vlan router. I would also like the host system to be able to access systems from in the virtual environment via direct routes, but I do not want the default subnet (let's say new laptops that join the wireless router's default subnet) to easily communicate with the virtual.

What additional hardware do I need to purchase? Is this even possible? I currently have 1 linkysys wrt54 wireless router and one cisco pix 501. My preference would be to use consumer level hardware, but if a single router with vlan capability will accomplish this, at a reasonable price, then I am open to that as well.

My linksys router is configured with a class C subnet. The router is configured as follows...
192.168.1.1
255.255.255.128

Subnet ID 0: Is the non virtual environment.
Subnet ID 1: Will be the virtual environment
0
Comment
Question by:ToddRod_Taylor
2 Comments
 
LVL 4

Expert Comment

by:lcappelli
ID: 34989510
Here is a little networking primer then; Routers do not make vlans, switches do.

VLAN is a layer 2 technology on switches. A computer on 1 vlan can not see the traffic and the broadcasts of computers on differing vlans. 2 computers on vlan 1 can talk to each other but not with a computer on vlan 2, for example.

What the routers (layer 3 devices) do is to actually allow the vlans to communicate via routing. The router is made a member of both vlans and allows traffic across, or blocks t if you wish.

A switch can have built in routing capability and is called a layer 3 switch. Or you can add a switch port module to a router.

You can accomplish vlan  with an inexpensive switch, I have a netgear switch with 48 ports that you access its vlan and other port setting via a browser. It should do the trick of keeping your traffic seperate. If you want both networks to access the internet but they are on seperate subnets and you have 1 default gateway, you must route them someway.

a quick look and I found a $119 switch that can do vlan.

http://www.netgear.com/business/products/switches/prosafe-plus-switches/JFS524E.aspx

Put the network you want on the internet onto the same vlan with the isp router you have and you will have internet access for that lan.
0
 
LVL 17

Accepted Solution

by:
James Haywood earned 500 total points
ID: 35018249
you dont need to use VLANs for this. To give you a quick heads up on Hyper-V networking see this

http://cobracommunications.co.uk/2010/09/11/hyper-v-networking/

You can have the host on a single NIC communicating with the router (I personally wouldn't as I like my hosts isolated)

The VMs can be connected to the outside world using an External Virtual Network on the 2nd NIC you mentioned. As long as the host does not share this V.Network there will be no conflicts.

For the host and VMs to talk create an Internal Virtual Network using a different address range than both external connections. This way any device joining the virtual network will not talk directly to the host but only to the VMs as you needed.

Hope this helps
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now