Thursday, December 4, 2008

Dedicating a physical NIC for Management with HyperV

Here is an item that comes up in enterprises. Dedicating Hyper-V management traffic to a single physical NIC. This generally also includes disabling the Host access to an External Network Switch.

BTW - the Microsoft recommended configuration is a dedicated Host management NIC that is not associated with a virtual switch.

I have pulled this from a real example that I helped some with and have tried to protect the innocent.

My assumptions in this example:

Two NICs – ‘HP NC373i Multifunction Gigabit Server Adapter’ and ‘HP NC373i Multifunction Gigabit Server Adapter #2’

You are not local to the servers

In Network Connections you should see the following Device Names:

  • HP NC373i Multifunction Gigabit Server Adapter
  • HP NC373i Multifunction Gigabit Server Adapter #2

Microsoft Virtual Network Switch Adapter

An External virtual network exists that is named "InternalEthernetPort" and it is using NIC 1

What we need to do is:

1) make sure that 'HP NC373i Multifunction Gigabit Server Adapter #2' is not bound to a virtual switch

a. In the Hyper-V Virtual Network Manager there should only be one Virtual Network

i. It should be named “InternalEthernetPort”

ii. It should be of type External

iii. It should be bound to physical NIC ‘HP NC373i Multifunction Gigabit Server Adapter’

2) make sure that 'HP NC373i Multifunction Gigabit Server Adapter #2' is enabled and on the foo.bar.com network

a. This should show the Hyper-V host as multi-homed as it would have two NICs on the same network. And may produce an alert. It should have two IP addresses on the foo.bar.com network.

3) Connect to the Hyper-V host on the second NIC - 'HP NC373i Multifunction Gigabit Server Adapter #2'

4) Disable the Hyper-V virtual NIC that is attached to “InternalEthernetPort”.

a. Do this through Network Connections - Control Panel -> Network and Sharing -> Manage Network Connections

b. Find the NIC whose Device Name begins with “Microsoft Virtual Network Switch Adapter”

c. Select -> Right click -> disable

i. I am sure that you can predict what would happen if the order was wrong, or the wrong NIC was selected.


The end result should be:

  • VM network traffic is using switch “InternalEthernetPort” which is using physical NIC ‘HP NC373i Multifunction Gigabit Server Adapter’
  • Host management network traffic is using physical NIC ‘HP NC373i Multifunction Gigabit Server Adapter #2’
  • This should maximize the host management throughput.

    Oh, as a side note - Server 2008 R2 with Hyper-V makes this a lot easier and less complicated…

7 comments:

BrianEh said...

Here is how this works with the R2 update: http://blogs.msdn.com/virtual_pc_guy/archive/2009/01/19/hyper-v-r2-changes-to-external-networks.aspx

Much easier indeed.

RobWW said...

If NIC#1 is assigned an IP for managing Hyper-V Server witht he remote MMC (192.168.0.2), do I assign NIC#2 a static IP or do I do that through the VM?

I have an SBS 2008 VM and I added a legacy adapter. The adapter uses 'New Virtual Network' which is bound to NIC#2. I can assign an IP in Legacy Adapter, but what do I do with the network settings for NIC#2 on the physical box, Hyper-V Server? Thanks

BrianEh said...

What do you do with NIC #2 on the physical box? - nothing.

When an external virtual network is created and bound to a physical nic of the host - the host no longer communicates _directly_ over that physical NIC.

But - this is where the confusion comes in - the host is given a virtual NIC (just like a VM gets) that is attached to the external virtual network switch.

It is this second virtual NIC that needs to be disabled, as it causes all of the problems ( for the host only ) in regards to strange network traffic patters, lost pings, lost return messages, etc.

r055wal said...

I need the child (SBS 2008)to be able to ping the parent, WS08 Hyper-V, so I can install USB over Ethernet. Should my NICS be configured any differently? Right now NIC#1 is not being used and NIC#2 is attached to the Microsoft Virtual Switch. The parent cannot ping the child so USB over Ethernet fails. Thanks.

BrianEh said...

If the parent is serving the USB device, and the VM and the parent management NIC are ont eh same network, you have a conduit tot he parent (host) and don't need to do anything different.
If the Parent managment network and the VM are on different networks (such as subnet or VLAN) then you would use this extra NIC on the parent for the VM to reach the parent over the network (or set out a route to the parent at the router or firewall level - the traditional network layer)

Unknown said...

A question so simple, that should be so easy to answer - and yet I feel left in the depths of confusion. Could you not just have given us one image that shows what to do...

Why is it I still don't have a clue what you're talking about. When you say 'virtual network' that doesn't exist. There is a 'Virtual network switch' is this what you mean? If so please be specific.

There is a Virtual Switch Manager... and a Virtual SAN manager - is it either of these you are referring to?

I would love to say "thanks for the help" but everything is so vague I haven't got a clue what you're going on about....

BrianEh said...

First of all, this post you are commenting on dates back to the first release of Hyper-V, At that time it was a "virtual Network", only with the release of 2012 did it become a "Virtual network switch" - to reduce customer confusion.

I am not going to go back through 6 years of posts and modify the names as a product changes. Just like I am not going to re-do my WMI posts now that the namespace has changed.

And, I never give point and click answers. I try to give the why and wherefore, and expect readers to read what is on the screen. (sorry for responding to the sarcasm in the query for help).

A virtual switch is the thing you need to create to connect your VMs to something. It could be privet (for VMs only), Internal (VMs and the management OS), or External (it links to a physical MIC and thus patches to the LAN).

So, yes, you would use the 'virtual switch manager' to create a 'virtual switch'. If you want to create a virtual HBA for storage traffic (Host Bus Adapter) used by SANs, then you use the 'virtual SAN manager'.