Live Migration and private network

Similar Messages

• Mixing public and private networks on the same switch

  Hello Everyone,
  I know this may get some security engineers in frenzy but wanted to know if there is a safe way to mix public and private networks on the same switch. 
  We have many remote offices that we want to add public wifi and a couple of other services that would be completely outside of our internal network.  Each office has a 3750 with plenty of open ports.  How can I safely create a vlan for public access on these switches which currently have our internal network on.  I have read that people are doing this to save on the cost of purchasing a dedicated switch.  Some people are using access lists and one person mentioned creating a private vlan for the public network.  I looked up private vlan and it seemed bit confusing.
  Is this recommended?  If not what would be the safest way to do this?
  Thanks Everyone

  Disclaimer
  The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
  Liability Disclaimer
  In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
  Posting
  How "safe" is relative.  If your running just one VLAN on a switch, that's would be the safest (basically the same as mixing traffic on the same wire - separation is done else where).
  If you multiple VLANs on a switch, then you need to determine how likely someone might figure out a way to breach the VLAN barriers.  (This isn't so easy on newer switches.)  If the VLAN isolation is breeched, then you need to examine what does that imply from a security perspective (for example can someone now inject or receive other VLAN traffic).
  For most purposes, I don't see mixing public and private VLANs, alone, on the same switch as much of a risk.  More of a concern is what can be reached on either VLAN and how well it's protected.

• Migration over private network - Non-Cluster

  Hello everyone...
  I have a hyper-v cluster (3 nodes), and a second stand-alone hyper-v host; all of which is managed by SCVMM 2012 R2.  The VMM server, and all hyper-v hosts are connected to a 10gbs private network.
  When doing a live migration between nodes in the cluster; everything is being transferred over the 10gbs network.
  When doing a live migration between one of the cluster nodes and the stand-alone host, it uses the public LAN.
  All machines can ping each other on the 10gps network, so it isn't a connectivity issue.  (I am using that network to do backups as well.)
  On the stand-alone host, I have "use the following IP subnets" set to the subnet of the private network.
  All machines are running Windows Server 2012 R2.
  Any suggestions on how I can do the migration using the 10gps network?
  Thanks!

  Hi Sir,
  >>I have a hyper-v cluster (3 nodes), and a second stand-alone hyper-v host; all of which is managed by SCVMM 2012 R2.  The VMM server, and
  all hyper-v hosts are connected to a 10gbs private network.
  >>When doing a live migration between one of the cluster nodes and the stand-alone host, it uses the public LAN.
  If I understand correctly , you may need to check the link layer between the cluster node's live migrate IP and that stand-alone host's LM IP .
  I want to know the detail of the network topology between cluster and stand-alone host because you mentioned "it uses the public lan" .
  Best Regards,
  Elton Ji
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] .

• Live Migration and Remote Desktop (Terminal Services)

  From what I've read about live migration, it seems that network connections are maintained after the migration is complete.  If I am migrating a terminal server, will the user sessions be maintained or will they need to reconnect?
  Eric Logsdon
  Eric Logsdon Cooperative Technologies, Inc.

  We currently have multiple Citrix servers housed on Hyper-V clusters and have at time migrated a VM with anywhere between 10- 40 users on it without any noticeable interruption of service.  From my experience it works as expected, but Citrix has
  session reliability which helps through periodic network interruptions.  Testing certain apps will be the key.  Also, to be safe, moving a fullly loaded Terminal Server in the middle may not be the prime time when you want to do this on a regular
  basis.  In my 24/7 organization the addition of live migration has moved my maintenance window from 1am - 3am to 7pm - 10pm.
  Rob McShinsky (www.VirtuallyAware.com)
  VirtuallyAware - Experiences in a Virtual World (Microsoft MVP - Virtual Machine)

• Webforms, Firewall and Private Network

  Hello,
  We have following configuration:
  Server: Formsserver 6i patch 13 on Sun solaris
  Client: WindowsXP with Jinitiator 1.3.x
  Connect-Mode: https
  Our configuration works with ClientPC which are
  not in a private network.
  If you have a ClientPC in a prvt network with a private ip-address is a communication with a formsserver possible?
  ClientPC (with private ip-address) <> Firewall
  <> Internet <> Firewall <> Formsserver
  The ports for calling the applet and the
  communication between applet and formsserver are
  opened.
  Jinititaor is configured with the proxy https-port.
  We get following errors:
  Java Console: SSL handshake failed SSl connection closed graceful
  the applet terminates with: FRM-92050
  Could it be that the webforms applet sends
  the private ip address to the formsserver,
  which tries to establish a connection to a
  non real ip-address???
  Is there a workaround?
  thx for any help

  You should be able to do this however it may be that it is the web server which needs to be "tweeked".
  Can you do something like <machinename>/forms60/f60servlet - this will at least ping the java servlet - if you can't even do this then its probably not Forms which is the problem but the app server set up.
  Regards
  Grant Ronald
  Forms Product Management

• WLC 4400 Not authetnicating between GUEST and Private networks

  Hello,
  I have a problem. I have a WLC 4400 and the problem i´m encountering is that when a user authetnicates to the private network, and then tryies to autheticate to the Guest network, it just stays there, it doens't do anything. Same way around, if you authenticate tothe Guest network, and change to the private network, it just sits there. I pointing that the problem is with Authentication, but not sure if i´m correct.
  Can anyone help me?? what ifnormation will i need to retreive from the WLC to see where the problem lies??
  I will get the debug mac addr <client-MAC-address           xx:xx:xx:xx:xx:xx> and repeat the issue in order to see if i get anything from the client.
  Thanks for the help
  Tony

  Thanks for the help.
  Actually the problem was that the WLC had a wrong time and also we had on our DHCP a 24 hour lease, so we were running low on IP´s.
  Change the lease for 8 hours and set the time correctly and the issue got solved.
  Thanks.

• WRT110 Public and private network

  I originally set up my router on an XP desktop configuring it as a public network.  Later I decided to set up a home network with a laptop using Vista.  The laptop setup advised me that the setup should be a private network in order to work.  The internet works fine, but the computers cannot find each other even though I can see them on the laptop network.  Do I need to change the router setup to a private network on the XP desktop?  If so, how do I do that?  Or is something else going on here?

  As you told that you are able to see your computer on your Laptop, but you are not able to access them. Have you enable File Sharing on other computer, Is there any Firewall or Antivirus on your Computer Disable it and try accessing your computer on the Network.

• Macbook, Leopard, USB CDMA modem and private network

  Hi,
  I have been searching all over for an answer and not found anything that works yet.
  I am using a USB modem to access internet on my macbook. I also am connected to a private WAN network. I connect via my ethernet port to a PC running Mikrotik RouterOS which is my gateway to the WAN.
  The router IP is 192.168.0.2.
  The WAN uses the IP range 172.19...
  I have set my ethernet port a manual IP of 192.168.0.5 with 192.168.0.2 (the routerOS gateway) as the gateway.
  If I connect one of these, the other does not work, I assume because whichever is connected first becomes the default route. I have tried changing the service order under advanced network preferences with no luck.
  I also tried adding a route : route add -net 172.19.0.0 -interface eth0
  Neither of these worked. Any ideas?
  Thanks in advance.

  Any changes via the route command are transient and will go away when the machine reboots.
  You have several options for making the route persistent - have the OS run a script at startup that adds the route.
  Your best option would be to save your routes setup in a shell script (such as /usr/local/bin/addroutes) and add a launchd script to launch that at boot time, like:
  /usr/local/bin/addroutes
  #! /bin/sh
  /sbin/route add -net 172.19 192.168.0.2
  /Library/LaunchDaemons/local.customroutes.plist
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
    <key>Label</key>
    <string>local.customroutes</string>
    <key>ProgramArguments</key>
    <array>
      <string>/usr/local/bin/addroutes</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>LaunchOnlyOnce</key>
    <true/>
  </dict>
  </plist>
  The first file, /usr/local/bin/addroutes has the commands to execute while the .plist file runs the script at boot time.

• How to create a private network for OCFS2 in OVS 2.2.1

  Does anyone know how to create a separate netwok for ocfs2 and leave the regular vm traffic on the main network.
  I have done the following
  - configured 3 vm servers connected fia fibre channel to a SAN
  - Bonded 2 network cards on each server to provide 1 bridge on each. (172 network)
  - Installed a 3rd network card in each server and configured on a 10 network with a separate switch.
  so my servers are called bart, lisa, flanders
  I can communicate between them effectively and the VM manager on a different server can talk to them all.
  I have also configured entries for bart2, lisa2, flanders2
  which are on the 10 network. I can ping and talk between these successfully.
  I can't however configure the cluster.conf to use the bart2, lisa2, flanders2 as it has a problem with the names not matching the local name of the machine.
  Im not sure if changing the server name will affect the VM agent.

  Basically, Oracle VM uses the IP address you specify when adding the Oracle VM server to configure OCFS2 and Live
  Migration. So you should use the private ip when adding the server.
  Then, the "regular" VM guests network traffic will be on the network/bridge/bond the guest itself belongs to.
  Maybe this old thread would be interesting for you to read:
  Live Migration and private network
  HTH

• When setting up converged network in VMM cluster and live migration virtual nics not working

  Hello Everyone,
  I am having issues setting up converged network in VMM.  I have been working with MS engineers to no avail.  I am very surprised with the expertise of the MS engineers.  They had no idea what a converged network even was.  I had way more
  experience then these guys and they said there was no escalation track so I am posting here in hopes of getting some assistance.
  Everyone including our consultants says my setup is correct. 
  What I want to do:
  I have servers with 5 nics and want to use 3 of the nics for a team and then configure cluster, live migration and host management as virtual network adapters.  I have created all my logical networks, port profile with the uplink defined as team and
  networks selected.  Created logical switch and associated portprofle.  When I deploy logical switch and create virtual network adapters the logical switch works for VMs and my management nic works as well.  Problem is that the cluster and live
  migration virtual nics do not work.  The correct Vlans get pulled in for the corresponding networks and If I run get-vmnetworkadaptervlan it shows cluster and live migration in vlans 14 and 15 which is correct.  However nics do not work at all.
  I finally decided to do this via the host in powershell and everything works fine which means this is definitely an issue with VMM.  I then imported host into VMM again but now I cannot use any of the objects I created and VMM and have to use standard
  switch.
  I am really losing faith in VMM fast. 
  Hosts are 2012 R2 and VMM is 2012 R2 all fresh builds with latest drivers
  Thanks

  Have you checked our whitepaper http://gallery.technet.microsoft.com/Hybrid-Cloud-with-NVGRE-aa6e1e9a for how to configure this through VMM?
  Are you using static IP address assignment for those vNICs?
  Are you sure your are teaming the correct physical adapters where the VLANs are trunked through the connected ports?
  Note; if you create the teaming configuration outside of VMM, and then import the hosts to VMM, then VMM will not recognize the configuration. 
  The details should be all in this whitepaper.
  -kn
  Kristian (Virtualization and some coffee: http://kristiannese.blogspot.com )

• Cluster node reboot and Quick Migration of VMs instead of Live Migration...

  Hi to all,
  how can one configure a Windows Server 2012 multi-node failover cluster, that vms are migrated per Live Migration and NOT per Quick Migration, if one node of the failover cluster will be rebooted.
  Thanks in advance
  Joerg

  Hi Aidan,
  only for the record:
  We get the requested functionality - Live migrate all VMs on reboot without first pausing the cluster- when we do the following:
  Change the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PreshutdownOrder
  from the default
  vmms
  wuauserv
  gpsvc
  trustedinstall
  to
  clussvc
  vmms
  wuauserv
  gpsvc
  trustedinstall
  Now the cluster service stops at first, if we Trigger a reboot and all VMs migrate as configured per MoveTypeThreshold cluster setting.
  Greetings
  Joerg

• Host server live migration causing Guest Cluster node goes down

  Hi 
  I have two node Hyper host cluster , Im using converged network for Host management,Live migartion and cluster network. And Separate NICs for ISCSI multi-pathing. When I live migrate the Guest node from one host to another , within guest cluster the node
  is going down.  I have increased clusterthroshold and clusterdelay values.  Guest nodes are connecting to ISCSI network directly from ISCSI initiator on Server 2012. 
  The converged networks for management ,cluster and live migration networks are built on top of a NIC Team with switch Independent mode and load balancing as Hyper V port. 
  I have VMQ enabled on Converged fabric  and jumbo frames enabled on ISCSI. 
  Can Anyone guess why would live migration cause failure on the guest node. 
  thanks
  mumtaz 

  Repost here: http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/threads
  in the Hyper-V forum.  You'll get a lot more help there.
  This forum is for Virtual Server 2005.

• Live Migration in OVM 3.0.2

  When I try to live migrate a guest vm, I don't get any target server options; here is the output I'm seeing in the AdminServer.log file:
  ...<Default CPU Parameters- en: true, threshold: 1.00>
  ...<Default Net Parameters- net: 2801-HF, en: true, threshold: 1.00>
  ...<Default Net Parameters- net: 10.2.6.0, en: true, threshold: 1.00>
  ...<Default Net Parameters- net: 10.2.7.0, en: true, threshold: 1.00>
  ...<Server: server01.test.com, cpu utilization: 0.88%>
  ...<Server: server01.test.com, network: 2801-HF, rx mBytes: 0, tx mBytes: 0>
  ...<Server: server01.test.com, network: 10.2.7.0, rx mBytes: 0, tx mBytes: 0>
  ...<VM/Server: vm-test/server02.test.com, speed 2666.8, cpus 1, util -1.0%>
  However, if I remove the vnic from the guest vm, I am able to live migrate and this is what I see in AdminServer.log:
  ...<Default CPU Parameters- en: true, threshold: 1.00>
  ...<Default Net Parameters- net: 2801-HF, en: true, threshold: 1.00>
  ...<Default Net Parameters- net: 10.2.6.0, en: true, threshold: 1.00>
  ...<Default Net Parameters- net: 10.2.7.0, en: true, threshold: 1.00>
  ...<Server: server01.test.com, cpu utilization: 0.87%>
  ...<Server: server01.test.com, network: 2801-HF, rx mBytes: 0, tx mBytes: 0>
  ...<Server: server01.test.com, network: 10.2.7.0, rx mBytes: 0, tx mBytes: 0>
  ...<VM/Server: vm-test/server02.test.com, speed 2666.8, cpus 1, util -1.0%>
  ...<CompatibleServers for VM vm-test: [server01.test.com]>
  ...<Server: server01.test.com- simCpuUsed 371.5, VM: vm-test- cpuUsed -26.7>
  ...<Server: server01.test.com- serverCpuLimit 36268.5, newServerCPU 344.8>
  ...<Server/Network server01.test.com/2801-HF: serverNetLimit 38250.0, newServerRx 0, newServerTx 0>
  ...<Server/Network server01.test.com/10.2.7.0: serverNetLimit 38250.0, newServerRx 0, newServerTx 0>
  ...<Server/Network server01.test.com/10.2.6.0: serverNetLimit 38250.0, newServerRx 0, newServerTx 0>
  ...<Fit map for VM: vm-test, on server: server01.test.com- cpuFit:true, memFit:true, netFit:true, fitFactor:0.931>
  I've seen the log throw out compatibility errors when the 2801-HF network wasn't present on each server; however, I've fixed that issue. Since I can live migrate without a VNIC present, I thought it might be another network issue, yet I'm not even seeing "com.oracle.ovm.mgr.business.CompatibilityChecker" being ran when a guest has a VNIC.

  Both servers have the same bridge device configured (checked by running ifconfig -a on each server), if that's what you mean being defining a VNIC. While the guest vm is configured with a VNIC, I am able to offline the guest vm, migrate it, and then online it again on the second server without any issues. I was assuming any type of network difference (like a lack of a VNIC being defined on both servers) would have shown up in the AdminServer.log file under the execution of "com.oracle.ovm.mgr.business.CompatibilityChecker".
  Thanks for the quick response.

• Using mobile hotspur but to create private network not to share 3G connecti

  Hello all
  I just upgraded from the AT&T iPhone 4 to the Verizon iPhone 4. I want to know is there a way I can use the hotspur but not for routing other clients to 3G? I want to get one of those EyeFi SD cards to put
  In my SLR and be able to upload them wirelessly to my iPhone so I don't need a cable. Thank You!!

  That message simply means that you have fixed IP addresses assigned to the nodes instead of DHCP addressses.  You can configure a cluster using either fixed or DHCP IP addresses.  If you use DHCP, the cluster will obtain a DHCP address.
  Since you posted this to the Hyper-V forum, I will assume that you are creating a cluster for Hyper-V.  If so, it is recommended to have more than two networks.  It is recommended to have NICs for host management, cluster shared volumes, live migration,
  and virtual machine access - at a minimum.  And that is if you are not using networked storage, which will require another two networks.  How you provide those can be accomplished in a variety of ways.
  Here is a really useful checklist of things you should review as you are attempting your first deployment (better to get it right from the begining) -
  http://blogs.technet.com/b/askpfeplat/archive/2013/03/10/windows-server-2012-hyper-v-best-practices-in-easy-checklist-form.aspx
  Here is another blog explaining networking within Hyper-V.  It was written for 2008, but the basics remain the same -
  http://blogs.technet.com/b/jhoward/archive/2008/06/16/how-does-basic-networking-work-in-hyper-v.aspx
  Good luck, and have fun!
  .:|:.:|:. tim

• Hyper-V Live Migration Compatibility with Hyper-V Replica/Hyper-V Recovery Manager

  Hi,
  Is Hyper-V Live Migration compatible with Hyper-V Replica/Hyper-V Recovery
  Manager?
  I have 2 Hyper-V clusters in my datacenter - both using CSVs on Fibre Channel arrays. These clusters where created and are managed using the same "System Center 2012 R2 VMM" installation. My goal it to eventually move one of these clusters to a remote
  DR site. Both sites are connected/will be connected to each other through dark fibre.
  I manually configured Hyper-V Replica in the Fail Over Cluster Manager on both clusters and started replicating some VMs using Hyper-V
  Replica.
  Now every time I attempt to use SCVMM to do a Live Migration of a VM that is protected using Hyper-V Replica to
  another host within the same cluster,
  the Migration VM Wizard gives me the following "Rating Explanation" error:
  "The virtual machine virtual machine name which
  requires Hyper-V Recovery Manager protection is going to be moved using the type "Live". This could break the recovery protection status of the virtual machine.
  When I ignore the error and do the Live Migration anyway, the Live migration completes successfully with the info above. There doesn't seem to be any impact on the VM or it's replication.
  When a Host Shuts-down or is put into maintenance, the VM Migrates successfully, again, with no noticeable impact on users or replication.
  When I stop replication of the VM, the error goes away.
  Initially, I thought this error was because I attempted to manually configure
  the replication between both clusters using Hyper-V Replica in Failover Cluster Manager (instead of using Hyper-V Recovery Manager).
  However, even after configuring and using Hyper-V Recovery Manager, I still get the same error. This error does not seem to have any impact on the high-availability of
  my VM or on Replication of this VM. Live migrations still occur successfully and replication seems to carry on without any issues.
  However, it now has me concern that Live Migration may one day occur and break replication of my VMs between both clusters.
  I have searched, and searched and searched, and I cannot find any mention in official or un-official Microsoft channels, on the compatibility of these two features. 
  I know vMware vSphere replication and vMotion are compatible with each otherhttp://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.replication_admin.doc%2FGUID-8006BF58-6FA8-4F02-AFB9-A6AC5CD73021.html.
  Please confirm to me: Are Hyper-V Live Migration and Hyper-V Replica compatible
  with each other?
  If they are, any link to further documentation on configuring these services so that they work in a fully supported manner will be highly appreciated.
  D

  This can be considered as a minor GUI bug. 
  Let me explain. Live Migration and Hyper-V Replica is supported on both Windows Server 2012 and 2012 R2 Hyper-V.
  This is because we have the Hyper-V Replica Broker Role (in a cluster) that is able to detect, receive and keep track of the VMs and the synchronizations. The configuration related to VMs enabled with replications follows the VMs itself. 
  If you try to live migrate a VM within Failover Cluster Manager, you will not get any message at all. But VMM will (as you can see), give you an
  error but it should rather be an informative message instead.
  Intelligent placement (in VMM) is responsible for putting everything in your environment together to give you tips about where the VM best possible can run, and that is why we are seeing this message here.
  I have personally reported this as a bug. I will check on this one and get back to this thread.
  Update: just spoke to one of the PMs of HRM and they can confirm that live migration is supported - and should work in this context.
  Please see this thread as well: http://social.msdn.microsoft.com/Forums/windowsazure/en-US/29163570-22a6-4da4-b309-21878aeb8ff8/hyperv-live-migration-compatibility-with-hyperv-replicahyperv-recovery-manager?forum=hypervrecovmgr
  -kn
  Kristian (Virtualization and some coffee: http://kristiannese.blogspot.com )