Network problem within Hyper-V (DNS)

• Tuesday, December 16, 2008 12:18 PM

   

   
  

  0
  Quick info

  We have a small environment, with one physical server, hosting 4 virtual servers, within Hyper-V. We experience network problems, ie. the connection drops occasionally, causing damaged network packets. This is especially a problem for the DNS server, as it is sometimes unable to lookup DNS names on the Internet. Only network traffic through Hyper-V is causing problems, traffic between the physical server and a hardware gateway works fine.

  Further, more detailed Info

  The physical server has no problems pinging the gateway 10.0.1.1. Further, NSLOOKUP to an Internet DNS server always succeeds, with fast responses.

  Only traffic to/from virtual servers, cause problems; Running ping on the DC/DNS server at 10.0.1.9, makes most pings to the gateway at 10.0.1.1 succeed, but some fail. I’ve also runned NSLOOKUP, locally on the virtual DC/DNS server, where I discovered, that all name lookup attempts, to the DNS server, for which the DNS server is authoritative, always replies fast. However, when the DNS server has to forward a query to other DNS Servers on the Internet, problems sometimes occurs.

  In NSLOOKUP, every time a DNS query fail, repeating the same query one or two times, makes the lookup succeed. I have dumps from NSLOOKUP showing this:

  --

  > www.microsoft.fr.
  Server:  xxx.intern.xxx.dk
  Address:  10.0.1.9

  ------------
  SendRequest(), len 34
      HEADER:
          opcode = QUERY, id = 30, rcode = NOERROR
          header flags:  query, want recursion
          questions = 1,  answers = 0,  authority records = 0,  additional = 0

      QUESTIONS:
          www.microsoft.fr, type = A, class = IN

  ------------
  DNS request timed out.
      timeout was 2 seconds.
  timeout (2 secs)
  SendRequest failed
  ------------
  SendRequest(), len 34
      HEADER:
          opcode = QUERY, id = 31, rcode = NOERROR
          header flags:  query, want recursion
          questions = 1,  answers = 0,  authority records = 0,  additional = 0

      QUESTIONS:
          www.microsoft.fr, type = AAAA, class = IN

  ------------
  ------------
  Got answer (61 bytes):
      HEADER:
          opcode = QUERY, id = 31, rcode = NOERROR
          header flags:  response, want recursion, recursion avail.
          questions = 1,  answers = 1,  authority records = 0,  additional = 0

      QUESTIONS:
          www.microsoft.fr, type = AAAA, class = IN
      ANSWERS:
      ->  www.microsoft.fr
          type = CNAME, class = IN, dlen = 15
          canonical name = m110.pictime.fr
          ttl = 86398 (23 hours 59 mins 58 secs)

  ------------
  *** Request to xxx.intern.xxx.dk timed-out
  > www.microsoft.fr.
  Server:  xxx.intern.xxx.dk
  Address:  10.0.1.9

  ------------
  SendRequest(), len 34
      HEADER:
          opcode = QUERY, id = 32, rcode = NOERROR
          header flags:  query, want recursion
          questions = 1,  answers = 0,  authority records = 0,  additional = 0

      QUESTIONS:
          www.microsoft.fr, type = A, class = IN

  ------------
  ------------
  Got answer (77 bytes):
      HEADER:
          opcode = QUERY, id = 32, rcode = NOERROR
          header flags:  response, want recursion, recursion avail.
          questions = 1,  answers = 2,  authority records = 0,  additional = 0

      QUESTIONS:
          www.microsoft.fr, type = A, class = IN
      ANSWERS:
      ->  www.microsoft.fr
          type = CNAME, class = IN, dlen = 15
          canonical name = m110.pictime.fr
          ttl = 86393 (23 hours 59 mins 53 secs)
      ->  m110.pictime.fr
          type = A, class = IN, dlen = 4
          internet address = x.x.x.x
          ttl = 1193 (19 mins 53 secs)

  ------------
  Non-authoritative answer:
  ------------
  SendRequest(), len 34
      HEADER:
          opcode = QUERY, id = 33, rcode = NOERROR
          header flags:  query, want recursion
          questions = 1,  answers = 0,  authority records = 0,  additional = 0

      QUESTIONS:
          www.microsoft.fr, type = AAAA, class = IN

  ------------
  ------------
  Got answer (117 bytes):
      HEADER:
          opcode = QUERY, id = 33, rcode = NOERROR
          header flags:  response, want recursion, recursion avail.
          questions = 1,  answers = 1,  authority records = 1,  additional = 0

      QUESTIONS:
          www.microsoft.fr, type = AAAA, class = IN
      ANSWERS:
      ->  www.microsoft.fr
          type = CNAME, class = IN, dlen = 15
          canonical name = m110.pictime.fr
          ttl = 86393 (23 hours 59 mins 53 secs)
      AUTHORITY RECORDS:
      ->  pictime.fr
          type = SOA, class = IN, dlen = 36
          ttl = 1195 (19 mins 55 secs)
          primary name server = edison.pictime.fr
          responsible mail addr = root.pictime.fr
          serial  = 2008110707
          refresh = 600 (10 mins)
          retry   = 600 (10 mins)
          expire  = 3600000 (41 days 16 hours)
          default TTL = 1200 (20 mins)

  ------------
  Name:    m110.pictime.fr
  Address:  193.238.151.9
  Aliases:  www.microsoft.fr

  -- 

  My discoveries indicate, that the DNS server works correctly, but networking through Hyper-V is unstable.

  When executed on on one of the other virtual machines, pings to the hardware gateway at 10.0.1.1 work fine. NSLOOKUPs towards Internet DNS servers work fine. However, DNS queries against the local DNS Server at 10.0.1.9 sometimes fail. Again, it seems that the local DNS server has problems forwarding DNS queries to the Internet.

  Yesterday I tried these steps, without luck:

  - Changed the virtual NIC on the virtual server running DNS. I removed the synthetic Hyper-V NIC, with IP 10.0.1.10, and added a Legacy Network Adapter, with a new address of 10.0.1.9. And of course modified the DNS server address on the remaining virtual servers.

  - upgraded the drivers for both the Intel NICs and the Broadcom NICs.

  - Disabled Large Send Offload v2 (IPv4) on the physical Intel NIC
   

  …but same behavior as before.

  The setup is this:

   Physical setup.

  One physical server:
  a Dell Power Edge 2950, running Windows Server 2008 x64 with Hyper-V. No antivirus.
  NIC information:
  This physical server has 6 NICs (4 Intel Pro/1000 PT Dual Port Server Adaptors, and 2 Broadcom BCM5708c NetXtreme II GigE). Only one of the 6 NICs are in use, it’s one of the Intel NICs, the Intel NIC #4, connected to a hardware firewall/NAT router, that connects to the Internet.
  IP addresses:
  - The Intel NIC that’s in use: 10.0.1.5 (this address has actually been taken over by one of Hyper-Vs virtual NICs)
  - The hardware firewall/NAT router: 10.0.1.1. This is the only network connection from the physical server.

  Virtual environment within Hyper-V:

  4 virtual servers:
  running Windows Server 2008 x64. Each has one virtual NIC. All virtual NICs are connected to the only physical NIC that’s in use.

  Hyper-V has created two virtual NICs, on the host server, only one of these is in use. The one in use, is connected to the physical NIC #4, that’s connected to the gateway router.

  IP addresses for virtual machines:
  10.0.1.9: Domain Controller, DNS Server, TS License server
  10.0.1.11: SQL server
  10.0.1.12: Exchange 2007
  10.0.1.13: Terminal Server
  
  It seems like people experienced problems like this with the beta releases. But we have the problem in the finan version. Anyone with a clue on how to resolve this problem? We have send the problem to Microsoft Support but all they did was to tell us that it was not a bog but a configuration error and they invoiced us. So it seems like we are doing something wrong here. But what?

  • Reply
  • Quote