Routing of Network Traffic Between VLANs on a Hyper-V Virtual Switch

I am trying to discover how network traffic generated by reads and writes to RDVH User Profile Disks is routed through my network.  I have a pool of Hyper-V
desktop vm’s in their own VLAN (vlan1) with their own NIC bound to a Hyper-V Virtual Switch. On the same server I have another management NIC for the OS on a different VLAN (vlan2) and finally on another server I have a virtual machine which hosts the User
Profile Disks. The VM that hosts the User Profile Disks is on the same VLAN as the management NIC for the OS (vlan2).
When tracing the flow of network traffic to and from the User Profile Disk VM it all comes through the vlan2 NIC on the server where the virtual
desktop VMs reside and nothing comes through the vlan1 NIC on this server.  I would have expected the traffic to the virtual desktop VMs to come in  through the desktop VMs VLAN NIC (vlan1).
This leads me to two possibilities as to how the desktop vm’s on vlan1 get their  data to and from the User Pofile Disk vm on vlan2 without routing.
The desktop vm’s Hyper-V Virtual Switch automatically routes the User Profile Disk traffic from vlan1 to vlan2 internally using a virtual switch learning algorithm
Hyper-V itself handles all reads and writes to the User Profile Disks and since that is using the management NIC for the OS it is already on vlan2 and so the network traffic never leaves vlan2.
Any comments on the reason for traffic taking the path it does (as outlined above) as opposed to being layer-3 routed from VLAN1 to VLAN2?

Thanks for your reply Brian. I think your last paragraph above is what I have set up:
If you simply forward one VLAN to one physical NIC and the VMS on the corresponding External Virtual Switch simply end up on that VLAN without Hyper-V doing anything at all - but this dedicats one physical NIC per VLAN.
The Virtual Machines NIC that the vSwitch is patched to and the NIC for the OS are on different VLANS (both NICs are plugged into un-tagged ports on my switch).
The vNICs on the VM's are not tagged to a VLAN (The VLAN ID\ 'Enable virtual LAN identification' box is unticked)
My vSwitch is set up as connected to 'External Network' and isnt shared with the management network.
What I am trying to get at is how would network traffic on the VLAN my vm's are on get to the VLAN that the NIC for the OS is on without going through the router (even though a routable path is available)  ?
Is it possible the 'learning algorithm' referneced in a Technet article below is involved here (sorry I cant post links)?
For the virtual machine to communicate with the management operating system, there are two options. One option is to route the network packet through the physical network adapter and out to the physical network, which then returns the packet back to
the server running Hyper-V using the second physical network adapter. Another option is to route the network packet through the virtual network, which is more efficient. The option selected is determined by the virtual network. The virtual network includes
a learning algorithm, which determines the most efficient port to direct traffic to and will send the network packet to that port. Until that determination is made by the virtual network, network packets are sent out to all virtual ports.
Thanks,
Andrew

Similar Messages

  • Which is the correct way to filter/block traffic between vlans?

      Hi all. My question is: Which is the correct way to filter/block traffic between vlans?
    i have a more than 15 vlans. I want to block traffic between them except 2 vlans.
    source vlan 3 deny destination vlan 4
    #access-list 100 deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
    and the oposite:
    #access-list 101 deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
    I have to do this for all VLANs, ono by one. Is that right?
    Thanks.

    There are a couple of ways to achieve that. I assume that you have a Layer3-Switch. There I would configure one ACL per vlan-interface and allow/deny the traffic as you want. Sadly, the Switches don't support object-groups yet, so you have to use the IP-networks here. Only allow/deny traffic based on networks or hosts. Don't even try to be very granular with permit/denys based on ports. Because the switch-ACLs are not statefull you'll run into problems for the return-traffic if you woulf do that. And the return-traffic of course has to be allowed also.
    Another way: with the help of 802.1x you can deploy port-based ACLs for every user. That takes some time for planning, but is one of the most powerful solutions.
    For more control you could remove the L3-interface from your L3-switch and move that to your router or firewall. These devices support stateful filtering and you can control your traffic much tighter tehn with ACLs on the switch.
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • How to route traffic across subnets when one NIC is a hyper-V virtual switch?

    Having a bit of a problem with a hyper-V environment which does not seem to route network traffic on two different subnets between each other.
    If it were a purely physical server with two NICs and a gateway set traffic would automatically be forwarded between the two different subnets.
    However when one of those NICs is a hyper-V virtual switch this simple routing no-longer seems to work and no traffic gets forwarded between subnets?
    Situation is:
    Hyper-V server with two NICs
    NIC 1 = 192.168.0/24 - main Internal company network.
    NIC 2 (hyper-V virtual switch.) = 192.168.1/24 - connects to ADSL internet router
    Virtualized Domain Controller.
    One or two virtualiszed NICs as necessary
    How then does traffic get routed between these two subnets?  If RRAS has to be configured to do this where is the best place to do it, on the hyper-V host or on the virtualized domain controller?
    Thanks,

    Hi ,
    You can create an internal virtual switch and configure an IP for it (I assume it is 192.168.1.2/24) .
    After you enable RRAS in hyper-v host  there will be two gateways for different subnets  .
    " NIC 2 (hyper-V virtual switch.) = 192.168.1/24 - connects to ADSL internet router "
    The problem is here ,if  these VMs need to access internet .
    So , these VMs can not configure their gateway same as the IP of internal virtual switch , you may set VM's gateway as the ADSL internet router's IP meanwhile add a static route entry for every VM .
    Please refer to the Syntax :
    route add -p 192.168.0.0 mask 255.255.255.0 192.168.1.2
    Hope this helps
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Share network traffic between 2 parallel wireless bridges - What kit?

    Dear All,
    I'm a technology professional, but mainly in electronic design rather than high end networking. Hence my request for your advice.
    I wish to specify some items of kit that I can ask a networking professional to fit and configure to solve my particular application.
    I would like to use (and already have in place) two parallel wireless bridges between 2 buildings. One is on 2.4GHz and the other is on 5GHz. In my simple testing so far (of each link in turn), they both work brilliantly. So far, these are in place just for test purposes, but soon I will be required to make the system "live".
    The reason I'm doing this is to split network traffic over both links (to possibly get enhanced bandwidth) but to mainly build in redundancy should one link fail.
    What kit is required to do this (apart from the 4 access points configured as bridges)?
    I imagine I may need a load balancing device(s) or possibly something more suitable for this task.
    I'd like the solution to be very transparent to the rest of the system, I'd like it to "look" like it's a simple wireless bridge (but really it's a highly robust dual bridge). I hope my waffle makes sense.
    Any thoughts?
    Best regards,
    L.O.

    You can certainly copy the addresses from one machine to the other - the contact files are held in user/Library/Application Support/AddressBook. Copy all files into the same respective location on the other machine (they will overwrite any existing contacts).
    If you want the address books kept in sync, take a look at SyncTogether or SeeCard Rendezvous.
    Matt

  • Network traffic between zones in the same Global zone

    Hi,
    I would like to know if the traffic between different zones that shares the same nic within the global zone goes to the switch they are are connected to and comes back, or remains within the global zone?
    Example:
    Local zone apache IP 10.0.0.2
    Local zone oracle IP 10.0.0.3
    Global zone IP 10.0.0.4
    When Local zone apache contact Local zone oracle does the traffic go to the switch and then to Local zone oracle or just remains internal the Global zone?
    Regards,
    Younis

    s-wilson wrote:
    If the zone is on a different subnet from the global, the traffic would have to be routed back.That's not correct. As long as it is a shared-ip zone, traffic does not leave the box.
    This is no different that a single-zone host that has interfaces on two subnets.
    Darren

  • Maximising throughput of a team in converged networking scenario using Hyper-V virtual switch

    Hi,
    Recently I have been looking into the converged network scenario, I have read quite a few resources about this but I am struggling to make sense of maximising the bandwidth I have available.
    I understand that a single TCP stream can only go down 1 physical NIC, so even if I had a team of 6 x 1Gbps NICS – the team would be 6Gbps, but I will never have a single transfer go faster than 1 Gbps. I’m pretty sure that’s right, how I understood it anyway.
    To make a converged network, I need to team adapters together, then make a virtual switch, and make virtual NIC’s off of that virtual switch. Each vNIC I can assign for different purposes,
    such as ISCSI, data sync and backup traffic. In the diagram below I have shown this configuration, each green pNIC is only 1Gbps, on my blue vNICs I use the minimum weighting configuration.
    In my example below, I have 1 ISCSI vNIC, if a physical NIC failed then I understand that to mean that the bandwidth won’t reduce for ISCSI because a single stream can only go down one
    NIC anyway, the team will reduce to 5Gbps. No vNIC will go faster than 1Gbps.
    If this is correct, then how would I increase bandwidth to the disk system using ISCSI, is it simply a case of creating an additional vNIC for ISCSI traffic, adding it to the same team
    and configuring MPIO so the traffic will eventually end up through different pNICS? In my mind, MPIO can’t round robin ISCSI data to more physical NICs because the ISCSI and MPIO only know about the vNIC, I assume it is the team that ultimately handles the
    placement of the stream onto the pNICS.
    Do I simply do the same for Data Sync and Backup traffic?
    I’m not too concerned about the VMNET team, I am mostly focused on getting the best out of the core cluster resources I have. I haven’t shown the physical switches to the right of the diagram,
    but these are already configured to accept the VLAN traffic on the ports and the same is all configured for the other half of the solution.
    Just a little confused over the whole thing on how I could potentially achieve the 6Gbps I have at my disposal. In this configuration and testing so far, it seems quite difficult for me
    to exceed about 1.5-2Gbps combined across all the vNICS (in this particular test server I am limited to 1 physical disk so it’s hard to gauge the performance, the disk will take probably about 200MB/2Gbps maximum, that’s with ISCSI (file copying) and data
    Sync going on between two servers at the same time.
    many thanks for your help
    Steve

    Hi,
    Recently I have been looking into the converged network scenario, I have read quite a few resources about this but I am struggling to make sense of maximising the bandwidth I have available.
    I understand that a single TCP stream can only go down 1 physical NIC, so even if I had a team of 6 x 1Gbps NICS – the team would be 6Gbps, but I will never have a single transfer go faster than 1 Gbps. I’m pretty sure that’s right, how I understood it anyway.
    To make a converged network, I need to team adapters together, then make a virtual switch, and make virtual NIC’s off of that virtual switch. Each vNIC I can assign for different purposes,
    such as ISCSI, data sync and backup traffic. In the diagram below I have shown this configuration, each green pNIC is only 1Gbps, on my blue vNICs I use the minimum weighting configuration.
    In my example below, I have 1 ISCSI vNIC, if a physical NIC failed then I understand that to mean that the bandwidth won’t reduce for ISCSI because a single stream can only go down one
    NIC anyway, the team will reduce to 5Gbps. No vNIC will go faster than 1Gbps.
    If this is correct, then how would I increase bandwidth to the disk system using ISCSI, is it simply a case of creating an additional vNIC for ISCSI traffic, adding it to the same team
    and configuring MPIO so the traffic will eventually end up through different pNICS? In my mind, MPIO can’t round robin ISCSI data to more physical NICs because the ISCSI and MPIO only know about the vNIC, I assume it is the team that ultimately handles the
    placement of the stream onto the pNICS.
    Do I simply do the same for Data Sync and Backup traffic?
    I’m not too concerned about the VMNET team, I am mostly focused on getting the best out of the core cluster resources I have. I haven’t shown the physical switches to the right of the diagram,
    but these are already configured to accept the VLAN traffic on the ports and the same is all configured for the other half of the solution.
    Just a little confused over the whole thing on how I could potentially achieve the 6Gbps I have at my disposal. In this configuration and testing so far, it seems quite difficult for me
    to exceed about 1.5-2Gbps combined across all the vNICS (in this particular test server I am limited to 1 physical disk so it’s hard to gauge the performance, the disk will take probably about 200MB/2Gbps maximum, that’s with ISCSI (file copying) and data
    Sync going on between two servers at the same time.
    many thanks for your help
    Steve

  • Create Hyper-V virtual switch with VLAN tagging

    Hello All,
    I would like to create virtual network switch on a physical NIC of the Hyper-V host in Powershell.
    I use "New-VMSwitch" with "-AllowManagementOS $true" and the virtual switch will be ready. I would like to use "Enable virtual LAN identification for management operating system"
    and tag a VLAN to the virtual switch. Can you please help me with an example how to do it in Powershell?

    Start with this walk-through.
    http://www.vnotebook.ca/2013/11/configuring-management-vlan-in-hyper-v.html
    tags are bound to adapters.  A switch must have minimum of one adapter.
    ¯\_(ツ)_/¯

  • Hyper-V virtual switch connecting to different wireless router than mine, and stops the Hyper-V session from working

    hi,
    I have hyper v running on windows 8.1 pro laptop and have 2 virtual switches configured. the ethernet connection works great all the time. 
    The wireless has problems with wireless networks. half pics up my home network as i want and the other half picks up a wireless network in range which is not mine.
    How do i fix this, as when this happens i cannot use the virtual machine to connect to the network or the internet
    My home wireless network is the KamelsHome which you see is connected thus the laptop works. But as you can see the VEthernet (Wireless) is picking up a NETGEAR88.
    Screenshot attached
    Anyone help please??

    Hi Dominic,
    Would you pleaes let me know if you have removed the wireless profile and then to see if the issue persists?
    How to Delete or Forget Wireless Network Profiles in Windows 8.1
    http://www.7tutorials.com/how-delete-forget-wireless-network-profiles-windows-81
    Have a nice day!
    Regards,
    Steven Song
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • How to determe Streams tcp/ip network traffic between database nodes.

    We are needing to determine network bandwidth requirements for optimizing streams replication performance between database instances that are NOT located within the same data center.
    How can I determine the rough # of bits per sec of tcp/ip traffic generated by the streams replication propogation process?

    This is the information I got from our dev environment, not too much activity here, so is total time in seconds? so if I take total_bytes/total_time I get bytes per second right?
    QNAME : VERITYUSR_CAP_Q
    DESTINATION : NEWS.J513.BLOOMBERG.COM
    TOTAL_TIME : 11487
    TOTAL_NUMBER : 400329
    TOTAL_BYTES : 5290
    MAX_NUMBER : 400329
    MAX_BYTES : 5290
    AVG_NUMBER : 400329
    AVG_SIZE : 0.01321413

  • Direct network connection between MacBook and a PC with a switch

    I have a MacBook in my home and a PC. There is a router connected to the internet in a house nearby. A cable comes from there to my house. At my house I have an 8-port 100 Mb switch. The PC is connected to the switch with a cable. There is a DLink 2000AP connected to the switch, so I am connected to the network wirelessly. All the cabling in my house is good, I mean both the PC and the wifi access point have got very good cable connecting to the switch. But the switch is connected to the router in the other house with a very bad cable (I suspect it is just some kind of phone cable). this cable seems o be enough for the internet but not for 100 Mb network.
    Now I have a big hard drive connected to the PC, I made it shared, so I can mount it on my MacBook. But the problem is that the speed of transferring data between the Macbook and PC is really low (around 0.5 MB/s). I suspect that it is because when sending data the Mac sends it first to the router which has got such bad cable and then only to the PC. In this way the data comes through the bad cable twice. But if I could set it up in such a way that the data goes only through the switch (without going to the router), then no data would go throught the bad cables to the router and everything will be very fast. so, my humble question would be whether it is possible to say to computers or router that the info should be set via switch and not the router.
    Thanks a lot for your help.

    You are correct Since you do not have your wireless network set up for a machine-to-machine connection, all data is going to your wireless access point, then up the bad cable to the router, back down the bad cable to your other computer. To quote an old cliche, this chain is only as strong as its weakest link.
    You can connect, via ethernet cables, the Mac and the PC directly through a switch or hub. This should by-pass the need of the data to go up through the router. However, my experience is that sometimes the computers can get confused with this type of setup, not knowing what route to take.
    Maybe someone else has a better solution, other than replacing the line to the router with a much better cable or a point-to-point wireless solution.
    Jeff

  • Server 2012 R2: How do I set VLAN data for the Host Virtual Switch (via PowerShell)?

    I need to modify the Host (NOT the VM's) VMSwitch VLAN settings via Powershell for automation purposes.
    In Server 2012 (NOT R2), this can be done via modifying
    MSVM_VLANEndPointSettingData
    However, it seems in Server 2012 R2, that class is gone. I've manually searched through the MSVM classes, and it seems that the Host VMSWitch VLAN settings are stored
    in MSVM_EthernetSwitchPortVlanSettingData. Unfortunately, I have no way of tying that class to a specific VMSwitch.
    Any know how to do this on Server 2012 R2?

    Hi,
    I found some similar issue with your case, however this forum is not focus on the develop related issue,
    Therefore I suggest you more about the develop question please post to the MSDN forum.
    The related information:
    Problem with CPU load and WMI errors when Hyper-V is installed?
    http://social.technet.microsoft.com/Forums/windows/en-US/4eca1f42-8630-48b4-85fa-e9569445d832/problem-with-cpu-load-and-wmi-errors-when-hyperv-is-installed
    The third party solution:
    How to: Fix error 0x80041010 on Windows 8.1 + Hyper-V
    http://www.seankilleen.com/2013/11/how-to-fix-error-0x80041010-on-windows.html
    MSDN forum Developer Network
    http://social.msdn.microsoft.com/Forums/en-US/home?forum=WAVirtualMachinesVirtualNetwork&filter=alltypes&sort=lastpostdesc
    Thanks for your understanding and support.
    Hope this helps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Using Xserve to route traffic between LANs

    A couple of years ago Camelot posted a response on how to set up an Xserve to route network traffic between the Xserve's internal NICs (http://discussions.apple.com/thread.jspa?threadID=1193839&tstart=127). In that situation, both LANs were 192.168.x.x. Can this same technique be used where one LAN is 192.168.x.x and the other LAN is 172.16.x.x or do the first two octets have to be the same for this to work? Addresses on the 172.16 are dished out from a Cisco PIX501 which I don't control. The Xserve has a fixed IP of 172.16.128.241 (DHCP with manual address) on en0. The 192.168 LAN is on en1 and the XServe does the DHCP for that side. NAT is on with IP forwarding. I can get to systems on the 172.16 LAN from the 192.168 LAN but not vice versa.
    Xserve is running Server 10.5.4

    Can this same technique be used where one LAN is 192.168.x.x and the other LAN is 172.16.x.x or do the first two octets have to be the same for this to work?
    You can route between any connected networks. There doesn't have to be any common elements in the IP address subnets.
    I can get to systems on the 172.16 LAN from the 192.168 LAN but not vice versa.
    You say you're running NAT on this system. NAT is not needed (or, in fact, desired) since it's designed for one way traffic (e.g. traffic from LAN 1 is translated to an address in LAN2 before forwarding). To have traffic flow the other way you need to setup port forwarding, which isn't practical for a large number of machines.
    My earlier suggestion doesn't suggest enabling NAT at all, just IP Forwarding. IP Forwarding should work both ways provided the relevant devices in each LAN know where to route the traffic (e.g. devices in the 192.168.x.x LAN need to have a route that sends traffic for 172.16.x.x to the 192.168.x.x address of the XServe).

  • Routing multicast between vlans thru VRF's

    Team,
    Need a help / Suggestion on the VRF to route the multicast traffic between the vlans
    The problem is something like this
    We have a source residing on the Vlan X on the Catalyst 4503 and the clients will be on the Vlan Y on the 6509(on a VSS mode). As of now, clients from different Vlans on the 4503 will join the multicast group by sending the igmp joining massage (we have multicast routing and PIM configured on the vlan interfaces on the 4503). [ REFER ATTACHED DIAGRAM ]
    Now the requirement is the client on the different Vlan on the 6509 should receive multicast OR join the multicast group on 4503
    a) We have L3 connectivity between the 4503 <> 6509 (and a VSS configuration on 6509)
    b) I was given understanding that through VRF-lite feature this can be achieved (without PIM configured), If the source & destination on the different switches is it ok to achieve it ?
    c) What configuration is required to route the multicast traffic from 4503 to 6509 using the VRF-lite
    d) Also, Please brief me about VRF-lite technology and let me know how different it is from VRF- MPLS & VPN
    Please revert me if need any more information
    Any inputs / suggestion in this regard is highly appreciated
    Thank you in advance
    Shash

    try to use sparse or better yet, PIM sparse-dense-mode and set a RendevousPoint as the root of the shared tree, or AutoRP if you can.
    this may provide better results than dense-mode.
    see this link for more info:
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca794.html#wp1001103

  • How to enable traffic between VPN clients in Windows Server 2012 R2?

    Hello, 
    I installed Remote Access role with VPN.
    IPv4 Router is enabled: http://snag.gy/UAMY2.jpg
    VPN clients should use static ip pool: http://snag.gy/REjkB.jpg
    One VPN user is configured to have static ip: http://snag.gy/TWwq0.jpg
    VPN server uses Windows Authentication and Windows Accounting.
    With this setup, VPN clients can connect to server, get ip addresses and can see server via server's vpn ip. Server can connect to VPN clients too (Using client's vpn ips). But VPN clients can't communicate with each other.
    For example, VPN server has ip 192.168.99.5
    VPN Client 1 - 192.168.99.6
    VPN Client 2 - 192.168.99.7
    I am able to ping 192.168.99.5 from both clients, and able to ping 192.168.99.6 and 192.168.99.7 from server via remote desktop. But I am not able to ping 192.168.99.7 from client 1 and 192.168.99.6 from client 2.
    If I trace route from 192.168.99.6 to 192.168.99.7 - I can see that packets goes to server (192.168.99.5) and next hop - request timeout.
    What else should I configure to allow network traffic between VPN clients?

    Hi,
    To better analyze this issue, would you please post the routing tables on the two VPN clients? You can run "route print" at the command prompt to get the routing table.
    Best regards,
    Susie
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Difference between VLAN

    Hi,
    whats the difference between layer 2 VLAN and Layer 3 VLAN.
    regards
    Neo

    Here's the IEEE 802.1 defintion of VLAN. This is basically your layer 2 VLAN.
    • Provides for the logical grouping of stations (MAC Service Access Points - MSAPs) and/or switch ports, allowing communications as if all stations/ports are on the same physical LAN segment. This includes stations/ports that are physically located on different LANs or segments within the physical boundary of an 802.1D Bridged LAN. A single Bridged LAN may include multiple VLAN “segments”.
    With that said, as the previous poster mentioned, for a host on a VLAN to communicate with a host on another VLAN you need a layer 3 device (router). Often, this is done by a layer 3 switch (like 3550, 6500 etc.). On a layer 3 device you have to create a logical interface, vlan interface on a switch or sub-interface if you are doing router-on-a-stick, to route traffic between VLANs. This is basically your layer 3 VLAN (interface) if you like to call it that way.
    HTH,
    Sundar
    *Please rate all helpful posts.

Maybe you are looking for