Solved

Network adapter priority in 2012 R2 Hyper-V Virtual Switches / VMs

Posted on 2013-11-20
6
2,133 Views
Last Modified: 2014-11-12
Hello all,

I've recently installed our new servers which run Windows Server 2012 R2 using Hyper-V host.
There are 2 VM's both also running Server 2012 R2.

Networking is setup as:
-Public VM Interface (10.25.x.x)
-Internal Only VM Interface (192.168.1.x)
-Management Interface on Hyper-V Host (10.25.x.x)
Note: The Public VM Interface is using NIC Teaming (2 x 1GB NICs) and also Management Interface is in a Team of 2.

The problem i'm having is trying to force the VMs to use the "Internal Only VM Interface" for traffic between the Hyper-V Host and the VM.
(This is due to backup server running on the Hyper-V host trying to transfer data always using the physical switch on external interface).
So far the Hyper-V host refuses to use the Internal interface, always going over the Public VM Interface, unless I manually DISABLE the Public VM NIC inside the virtual machine.
This then forces the Hyper-V host and VM to use the Internal VM interface (massively faster, around 3 x !)

So far i've tried:
-Changing the binding order on the VM and on the Hyper-V host with the Internal Only VM interface at the top)
-Setting "Metric" manually on each adapter in the VM and also Hyper-V host with 5 for the Internal and 10 for the Public
-Rebooted VM
-Ran "nbtstat -R", "ipconfig /flushdns", "netsh interface ip delete arpcache" on both host and VM

When I run "nbtstat -c" on the Hyper-V host, it correctly shows that it is using the Internal Only VM interface (192.168.1.x), but still transfers files over network at the slower speed.

Any ideas would be very welcome!
0
Comment
Question by:chrismanncalgavin
  • 4
  • 2
6 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
From a logical standpoint, I understanding wanting to control which MIC traffic goes out from, and MIC binding order SHOULD impact that,

From a practical standpoint though, it should make no difference. Hyper-V creates an extensible switch either way, and the hypervisor will only push traffic out the physical MIC (acting as an uplink port on the virtual switch) if it decides it can't reach the VM (including the "host" OS, which is actually a management VM) another way. In other words, it still uses ARP, etch to make that decision.

So if you are seeing a performance difference AND you are seeing that traffic on your physical NIC, it sounds like you have a subnet setup issue so the hypervisor assumes it must push packets out of the virtual switch.

So with that in mind, I'd even questing if you need the two virtual switches. Like I said, if configured properly , there'd be no performance difference. The only reason to set up multiple v-switches between VMs if is you have some security issue where you need to keep the host VM from seeing that traffic or, in the EXTREMELY rare instance, you are actually saturating all 10GB of the virtual switch and need do some sort of multipath load balancing. Otherwise you could just team the virtual NICs =.
0
 
LVL 8

Author Comment

by:chrismanncalgavin
Comment Utility
Hi, thanks for the comments.

What I want to confirm is, should the management interface for Hyper-V ALWAYS be on a different subnet to the VM's to achieve this?
Surely there's other people who put the Hyper-V host in the same subnet as VMs but using different adapters in the same manner I have?
(whether that is best practice or not).
They are currently on the same subnet for ease of management.

I just tested something out and I put the management interface on a seperate subnet, this appeared to work and forced the file transfer to use the Internal Only switch / network for traffic between the host and the guest VMs (resulting in 3 x the speed).

What I would rather find out is if there can we a way to operate the way I have intended with Hyper-V host on same subnet as VMs?
Main reason is the easy of management as mentioned and also the connection to our UPS on the same subnet.
Note: We only have a single subnet at our company plus a small DMZ.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
The separate subnet is purely a security/risk tolerance decision. Some smaller environments will be fine with that. Some won't.

what is a bigger factor though is that the management NIC(s) should NOT have any VMs attached (so no virtual switch) and VM NICs should not be allowed for management (so that box would be unchecked in the virtual network setup.) This makes he topology (both virtual and physical) much easier to understand and packet paths easy to follow. Even if everything is on the same subnet.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 8

Author Comment

by:chrismanncalgavin
Comment Utility
Thanks. Just to confirm that is exactly how I have things configured.

The Management NIC is purely used for this purpose (although on same subnet as VMs), the VM NIC is dedicated to Hyper-V Virtual Switch for VMs.
Also the VM switch DOES NOT have the option "Allow Management Operating System To Share This Adapter" ticked, as per recommendations.

Still no luck yet.
0
 
LVL 8

Accepted Solution

by:
chrismanncalgavin earned 0 total points
Comment Utility
In the end the only solution I could find was to set the Windows Firewall settings on each VM to restrict required traffic for certain applications (Yosemite Server Backup) to only use the 192 subnet (VM Only Internal Network).
This is a temporary fix until the backup software company release an update to allow me to bind the software to specific NIC.

Thanks again
0
 
LVL 8

Author Closing Comment

by:chrismanncalgavin
Comment Utility
The solution took at a lot of research and testing on my behalf and in the end was quite different to the suggestions in the comments made.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now