?
Solved

Network adapter priority in 2012 R2 Hyper-V Virtual Switches / VMs

Posted on 2013-11-20
6
Medium Priority
?
2,485 Views
Last Modified: 2014-11-12
Hello all,

I've recently installed our new servers which run Windows Server 2012 R2 using Hyper-V host.
There are 2 VM's both also running Server 2012 R2.

Networking is setup as:
-Public VM Interface (10.25.x.x)
-Internal Only VM Interface (192.168.1.x)
-Management Interface on Hyper-V Host (10.25.x.x)
Note: The Public VM Interface is using NIC Teaming (2 x 1GB NICs) and also Management Interface is in a Team of 2.

The problem i'm having is trying to force the VMs to use the "Internal Only VM Interface" for traffic between the Hyper-V Host and the VM.
(This is due to backup server running on the Hyper-V host trying to transfer data always using the physical switch on external interface).
So far the Hyper-V host refuses to use the Internal interface, always going over the Public VM Interface, unless I manually DISABLE the Public VM NIC inside the virtual machine.
This then forces the Hyper-V host and VM to use the Internal VM interface (massively faster, around 3 x !)

So far i've tried:
-Changing the binding order on the VM and on the Hyper-V host with the Internal Only VM interface at the top)
-Setting "Metric" manually on each adapter in the VM and also Hyper-V host with 5 for the Internal and 10 for the Public
-Rebooted VM
-Ran "nbtstat -R", "ipconfig /flushdns", "netsh interface ip delete arpcache" on both host and VM

When I run "nbtstat -c" on the Hyper-V host, it correctly shows that it is using the Internal Only VM interface (192.168.1.x), but still transfers files over network at the slower speed.

Any ideas would be very welcome!
0
Comment
Question by:chrismanncalgavin
  • 4
  • 2
6 Comments
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 39663322
From a logical standpoint, I understanding wanting to control which MIC traffic goes out from, and MIC binding order SHOULD impact that,

From a practical standpoint though, it should make no difference. Hyper-V creates an extensible switch either way, and the hypervisor will only push traffic out the physical MIC (acting as an uplink port on the virtual switch) if it decides it can't reach the VM (including the "host" OS, which is actually a management VM) another way. In other words, it still uses ARP, etch to make that decision.

So if you are seeing a performance difference AND you are seeing that traffic on your physical NIC, it sounds like you have a subnet setup issue so the hypervisor assumes it must push packets out of the virtual switch.

So with that in mind, I'd even questing if you need the two virtual switches. Like I said, if configured properly , there'd be no performance difference. The only reason to set up multiple v-switches between VMs if is you have some security issue where you need to keep the host VM from seeing that traffic or, in the EXTREMELY rare instance, you are actually saturating all 10GB of the virtual switch and need do some sort of multipath load balancing. Otherwise you could just team the virtual NICs =.
0
 
LVL 8

Author Comment

by:chrismanncalgavin
ID: 39665253
Hi, thanks for the comments.

What I want to confirm is, should the management interface for Hyper-V ALWAYS be on a different subnet to the VM's to achieve this?
Surely there's other people who put the Hyper-V host in the same subnet as VMs but using different adapters in the same manner I have?
(whether that is best practice or not).
They are currently on the same subnet for ease of management.

I just tested something out and I put the management interface on a seperate subnet, this appeared to work and forced the file transfer to use the Internal Only switch / network for traffic between the host and the guest VMs (resulting in 3 x the speed).

What I would rather find out is if there can we a way to operate the way I have intended with Hyper-V host on same subnet as VMs?
Main reason is the easy of management as mentioned and also the connection to our UPS on the same subnet.
Note: We only have a single subnet at our company plus a small DMZ.
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 39667403
The separate subnet is purely a security/risk tolerance decision. Some smaller environments will be fine with that. Some won't.

what is a bigger factor though is that the management NIC(s) should NOT have any VMs attached (so no virtual switch) and VM NICs should not be allowed for management (so that box would be unchecked in the virtual network setup.) This makes he topology (both virtual and physical) much easier to understand and packet paths easy to follow. Even if everything is on the same subnet.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 8

Author Comment

by:chrismanncalgavin
ID: 39667585
Thanks. Just to confirm that is exactly how I have things configured.

The Management NIC is purely used for this purpose (although on same subnet as VMs), the VM NIC is dedicated to Hyper-V Virtual Switch for VMs.
Also the VM switch DOES NOT have the option "Allow Management Operating System To Share This Adapter" ticked, as per recommendations.

Still no luck yet.
0
 
LVL 8

Accepted Solution

by:
chrismanncalgavin earned 0 total points
ID: 39689785
In the end the only solution I could find was to set the Windows Firewall settings on each VM to restrict required traffic for certain applications (Yosemite Server Backup) to only use the 192 subnet (VM Only Internal Network).
This is a temporary fix until the backup software company release an update to allow me to bind the software to specific NIC.

Thanks again
0
 
LVL 8

Author Closing Comment

by:chrismanncalgavin
ID: 39702861
The solution took at a lot of research and testing on my behalf and in the end was quite different to the suggestions in the comments made.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question