Hyper-V 2016 Server and NIC Teaming

I am setting up a new Hyper-V 2016 server. The physical machine has 6 network ports. I read that it is best practice to have one network port dedicated to remote management of the Hyper-V Host, so that leaves me with 5 ports. I have 2 subnets - a LAN and a DMZ. Some of the VMs that will live on this server will be in the LAN, and some will be in the DMZ.

So in the Network Adapter control panel I have the following:

- Onboard NIC 1
- Onboard NIC 2

- Slot 1 Port 1
- Slot 1 Port 2
- Slot 1 Port 3
- Slot 1 Port 4

I am thinking it would be best to team 2 of the NICs to be used for the LAN. Then take 2 more and use that for the DMZ.

So in Server Manager I enabled NIC Teaming and then I created 2 switch-independent dynamic Teams, as follows:

Slot 1 Port 1 \
               |---- LAN
Slot 1 Port 2 /

Slot 1 Port 3 \
               |---- DMZ
Slot 1 Port 4 /

Open in new window

After creating the teams, The 4 individual NICs are in a sense no longer used. IPv4 is unchecked in each of their Properties windows, and they are part of the team.

First question:

1. Can I re-use the IPs I had manually assigned to these 4 NICs? Are are they still necessary? (I am not hurting for IPs. I am just curious if they are now available to me as long as those NICs are part of a Team)

Next, I am going to install the Hyper-V role. During the installation of Hyper-V, the wizard says "One virtual switch will be created for each network adapter you select". In the list, I see the 2 teams I created ("LAN" and "DMZ") but interestingly I ALSO see the individual NICs here in the list.

2. Why would the individual NICs appear here? If I select them and the wizard creates a virtual switch, does my NIC team break?

3. Should I select the teamed NICs only?

4. So later on let's say I create my first hyper-v vm, assign the teamed NIC called 'LAN' to it, and install Windows. When I log into that VM, I assume I will only have one network adapter. But is the throughput of this adapter "teamed" meaning 2gb instead of 1gb?

...or... Should I NOT team the NICs on the Hyper-V host, and INSTEAD, assign the same 2 NICs to each VM and then inside the VM, do the teaming?

What's the best practice way to take advantage of multiple NICs on a physical host so that each of the VMs get the maximum network throughput? Team the NICs on the Hyper-V Host? Or instead, team the NICs inside of each VM?
LVL 11
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
1) Yes. If IPs were assigned to the physical NICs and have not been assigned to VMs or other systems, they are free. The physical NICs are strictly acting as layer-2 devices, with caveats.  

2) Because they are still NICs and the wizard doesn't know what your intentions are.  People complain when MS takes away too many options "I don't want dummy proof. I want to be able to do things without being blocked."  So yes, they are there.  Don't select them.  In fact, I don't usually set up virtual switches during the hyper-v role setup.  You can do so after the fact with much more granularity.

3) See #2.  I recommend not selecting any NICs at this point.

4) You don't assign NICs to VMs. So the very first sentence of your question is already wandering off base.  You assign NICs to virtual switches. Which are much like physical switches.  Then you "plug in" virtual machines (one or more) into the virtual switch.  And yes, it will only have one NIC by default (depending on what you set up in the VM.)  But you could have two virtual switches on two networks, then install two virtual NICs into a VM, and connect each virtual NIC to each virtual switch, and your VM is now multi-homed.  So *don't* think of assigning physical NICs, or even teamed NICs to VMs.  Think of them as upstream ports on a switch.  And the switch can have many many VMs plugged into it.

As for your other question, it depends.  SMB Multichannel will use both NICs.  Many protocols won't.  This isn't anything to do with Hyper-V, but has to do with how Windows does teaming.  By choosing "switch independent" you are accepting some of the limitations of that choice.  Computers sending to your machine, whether host or VM or whatever, only has one MAC address, so inbound is generally going to be 1GB.  Outbound will generally be less than 2GB (overhead) but will use both NICs.  But as mentioned, some protocols are team aware and can figure that out. so YMMV.

As for best practices, it *really* depends.  There are cases where hyper-converged topologies makes sense. There are cases where, for security, splitting into several teams makes sense. And there are some rare cases where teaming in the guest makes sense.  I've had to do all three depending on the goal. There  *is* no right answer given the information provided.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
I have two very thorough EE articles on all things Hyper-V:

Some Hyper-V Hardware and Software Best Practices
Practical Hyper-V Performance Expectations

In order of preference:

Option 1:
Management Team: NIC 0 & NIC 1 Port 0
vSwitch Dedicated: NIC 0 & NIC 1 Ports 1+ (all)

Set up trunked ports and VLAN to DMZ.

Option 2:
Management Team: NIC 0 & NIC 1 Port 0
Production vSwitch Dedicated: NIC 0 & NIC 1 Port 1
DMZ vSwitch Dedicated: NIC 1 Ports 2 & 3

Cable as necessary.

EDIT: Dedicated = Not shared with host OS.
ecarboneAuthor Commented:
With respect to your Option 2:

Management Team: NIC 0 & NIC 1 Port 0
Production vSwitch Dedicated: NIC 0 & NIC 1 Port 1
DMZ vSwitch Dedicated: NIC 1 Ports 2 & 3

If I understand you correctly, you're saying take one port from the first multi-port network card, and one port from the SECOND multi-port network card, and team those together to add redundancy. Is that correct?

Can these network cards be from different manufacturers? How about one built-in NIC (Intel Gigabit 2P I350-t LOM) paired with one of the ports on a 4-port add-in card (Broadcom NetXtreme)? OK to create a team with 2 different brands?

Option 1 sounds best, as that would give me up to all 4 ports for either network (LAN or DMZ) and I believe I could even specify minimum QoS for each. But this type of setup requires some work on the switches so maybe at a later date I'll get a network consultant to come in and help me set this up. So for now I'll go with Option 2.

With respect to my first question ("Can I re-use the IPs I had manually assigned to these 4 NICs") - seeing as IP4 is disabled on the individual NICs that become part of the Team, I just went back and removed my static IPs from each NIC before creating the Team. This way if the Team is ever removed, I won't have a sudden IP conflict mystery. Thanks for the clarification.

Also I took your advice (Phil's too) and opted to NOT create the vSwitch during Hyper-V initial setup wizard. I went ahead and created them after.

Regarding question 4 - thanks for the clarification. I am starting to understand how it works now:
- Physical NICs are assigned to a Team
- The Team is assigned to a Virtual Switch
- And coming from the other direction ... Virtual NICs inside each VM are connected to the Virtual Switch.
ecarboneAuthor Commented:
Thank you Cliff and thank you Philip for helping me get up to speed on Hyper-V.
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
If I understand you correctly, you're saying take one port from the first multi-port network card, and one port from the SECOND multi-port network card, and team those together to add redundancy. Is that correct?

Can these network cards be from different manufacturers?
Does not matter. Just make sure to disable Virtual Machine Queues for any Broadcom based Gigabit NIC ports.

I'd just run with option 1 and trunk/VLAN the switches for the ports the vSwitch team members were connected to. That's much easier than managing and routing cables to the correct switch(es).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
NIC Teaming

From novice to tech pro — start learning today.