Link to home
Create AccountLog in
Avatar of beaconlightboy
beaconlightboy

asked on

Hyper-V Internal VM Routing

I have a 7 node 2008 R2 cluster.  one of the boxes is currently hosting our web based EMR solution.  I know you can create internal Networks between the VM's but I have not messed with that.  I would like to create an internal network so that the traffic from our IIS front end can hit the SQL backend that resides on the same host box.

I presume i create an internal network int he hyper-v manager and then add some static routes.  Is this correct?  if so, whats the entry for routing a single IP.  Anyone doing this and have some examples?

thanks.
Avatar of IanTh
IanTh
Flag of United Kingdom of Great Britain and Northern Ireland image

in vmware there is a vds virtual distributed switch for multiple nodes in the same lan
hyper-v v3 has this see
http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns955/ns963/solution_overview_c22-687087.html
Avatar of beaconlightboy
beaconlightboy

ASKER

Surely there is a simpler way?  I'm also on 2008R2 with no plans to upgrade to Server 2012 in the near future.
Yes, you can create a Private network in Hyper-V Network Manager, make both servers IIS and SQL multi-homed with NICs in that Private network and use route command to direct the traffic. However, this is a bad design because it opens security holes by bypassing the perimeter firewall. I presume, your IIS is in a DMZ, outside of the local network, right, and it must communicated through a firewall.

The better design will be to keep the IIS isolated in the DMZ and route the traffic to SQL though the firewall.

If, on the other hand, both IIS and SQL are in the same IP subnet, you don’t need a separated private network. Just make sure that both IIS and SQL are connected to the same Virtual network switch (virtual network adapter) to have 10Gbps between them.
both servers are on the same subnet and same host box.  The sytsem is on our internal cloud, and we utilize a dual layer system via NAT to access IIS thru the firewall.  

Can you clarify "Just make sure that both IIS and SQL are connected to the same Virtual network switch (virtual network adapter) to have 10Gbps between them."

how does having them on the same switch without routing work?  don't i need a routing rule?  I also don't want to break the IIS server's communication with the domain and end users.  It has to know to route SQL stuff over the private network and all other traffic externally.
ASKER CERTIFIED SOLUTION
Avatar of Svet Paperov
Svet Paperov
Flag of Canada image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
So, since they both share the same Teamed LAN NIC presented to all virtual machines on the hostbox, they are already doing this?
Correct.
well how about that.  Got the whole shabang setup but overlooked the obvious. hehe.

Thanks for the clarification.