2 nics- one for host & one for virtual machine
- still trying to figure this one out with the bits and pieces I find searching around on here and on blog posts. this seems like it would be a common setup for people but I can't find an exact answer.
on host:
NIC#1 - (enabled) set to static IP, subnet & gateway
NIC#2- (enabled or disabled??) set with only Virtual Network Switch protocol
ExternalEthernetPort/ Virtual Network Adapter - (enabled or disabled?) set to (static?) but it throws an error message saying I'm using the same default gateway as NIC#1.
I want to have the host on one NIC and the virtual machine on another NIC. I don't know if I'm doing this correctly and if the Virtual Network Adapter on the host needs to be dynamic or static, enabled or disabled, and if dynamic- do I specify the IP address on the NIC once recognized inside the virtual machine.- Edited byjawz101 Thursday, May 21, 2009 7:50 PMd
Answers
This is not the easiest thing to wrap a brain around. You are not alone in your confusion.
Let's begin with a clean slate...
You have one Host with two NICs. NIC A (local area connection) and NIC B (local area connection 2). (you did not create a virtual network when the Hyper-V role was added)
You see these represented in Network Connections.
If you have not added any virtual networks then the 'device name' for both of these NICs is (generally) the name of the driver (ie. Broadcom..., HP..., etc.)
Now, create an External Virtual Network, Select NIC B, and complete the wizard.
If you return to Network Connections you will see:
NIC A (local area connection) with the same description
NIC B (local area connection 2) - you will find that the only binding is the virtual network switch protocol
Local Area Connection 3 - this is new and the Device Name will begin with "Microsoft Virtual Network Switch Adapter.."
The NIC to disable is Local Area Connection 3. As this is the 'extra' or second management interface that you got back by creating the External Virtual Network.
This NIC is not the physical NIC but a port in the virtual network switch that is in turn connected to the physical NIC.
Brian Ehlert (hopefully you have found this useful)- Marked As Answer byMike Sterling [MSFT]MSFT, OwnerWednesday, May 27, 2009 6:51 PM
- This goes to the basic operations of physical vs. virtual NICs with Hyper-V. How many physical NICs are in your system? If 2+ then, you can simply selectto have one NIC not used by Hyper-V and use that interface for your Management of the physical host system, as it were.
Guessing here - it sounds like you probably have a single NIC and the 2 NICs you refer to above are the physical and virtual representation of the same physical NIC in your system. Please understand that the installation and configuration of Hyper-V has created a virtual representation of your physical NIC and this is the interface that is available within Hyper-V Manager to connect an "External" network to.
Hope this makes sense...a good place to refresh your understanding of Hyper-V networking is Ben's blog: http://blogs.msdn.com/virtual_pc_guy/archive/2008/01/08/understanding-networking-with-hyper-v.aspx
--Ryan
Ryan Sokolowski | MCT, MCITP x3, MCTS x8, MCSE x2, CCNA, CCDA, BCFP- Marked As Answer byMike Sterling [MSFT]MSFT, OwnerWednesday, May 27, 2009 6:51 PM
- Proposed As Answer byRyan Sokolowski Thursday, May 21, 2009 7:51 PM
Hi,
Add to BrianEh's statement.
Let's talk about the environment if you only have one physical NIC. (I think most of us only have one NIC with the computer if they don't buy a additional one)
The easiest way to let the VM access the outside is to create an External Virtual Network. You should bind a physical NIC to it if you want to create an External Virtual Network.
The normal physical NIC will have some protocols such as TCP/IP. After you bind the External Virtual Network to the physical NIC, the physical NIC will become a Virtual Switch only with Microsoft Virtual Network Switch Protocol. It’s an expected behavior, please DO NOT modify it.
At the same time, you will find a Local Area Connection 2 appear in your Network Connections, it’s a system spawned Virtual Network Adapter. The virtual network adapter now has all of the standard protocols and services bound to it instead.(It will has the IP address of the physical NIC which bind to the External Virtual Network.) The Hyper-V host machine will use this Virtual Network Adapter to communicate with the outside.
If you have a second physical NIC(we recommend that you use a dedicate NIC for Hyper-V management if you have two or more physical NICs). You can disable the above system spawned Virtual Network Adapter, and then use the second physical NIC for the host communication.
In addition, I also include some articles about Hyper-V networking, it may be helpful for you:
Understanding Networking with Hyper-V
http://blogs.msdn.com/virtual_pc_guy/archive/2008/01/08/understanding-networking-with-hyper-v.aspx
How does basic networking work in Hyper-V?
http://blogs.technet.com/jhoward/archive/2008/06/16/how-does-basic-networking-work-in-hyper-v.aspx
Vincent Hu
- Marked As Answer byMike Sterling [MSFT]MSFT, OwnerWednesday, May 27, 2009 6:51 PM
All Replies
- This goes to the basic operations of physical vs. virtual NICs with Hyper-V. How many physical NICs are in your system? If 2+ then, you can simply selectto have one NIC not used by Hyper-V and use that interface for your Management of the physical host system, as it were.
Guessing here - it sounds like you probably have a single NIC and the 2 NICs you refer to above are the physical and virtual representation of the same physical NIC in your system. Please understand that the installation and configuration of Hyper-V has created a virtual representation of your physical NIC and this is the interface that is available within Hyper-V Manager to connect an "External" network to.
Hope this makes sense...a good place to refresh your understanding of Hyper-V networking is Ben's blog: http://blogs.msdn.com/virtual_pc_guy/archive/2008/01/08/understanding-networking-with-hyper-v.aspx
--Ryan
Ryan Sokolowski | MCT, MCITP x3, MCTS x8, MCSE x2, CCNA, CCDA, BCFP- Marked As Answer byMike Sterling [MSFT]MSFT, OwnerWednesday, May 27, 2009 6:51 PM
- Proposed As Answer byRyan Sokolowski Thursday, May 21, 2009 7:51 PM
- I have 2 physical network cards and a 3rd virtual network adapter.
on host:
nic1, enabled, set to static for host machine
nic2, enabled, set with virtual switch checked
virtual nw adapter, disabled, (external in hyperv network settings), set to dynamic IP and disabled
on vm:
virtual bus network adapter, enabled & set to static IP The default behavior when you create an external virtual network is to give your host a virtual nic back for taking the physical nic away for the virtual switch. (thank goodness this is easier to understand in R2!!)
Take a look and see if this helps:
http://itproctology.blogspot.com/2008/12/dedicating-physical-nic-for-management.html
Brian Ehlert (hopefully you have found this useful)- @BrianEh
yeah. that's the link I've been trying to follow. it's still confusing me
I'd like R2 but I understand it's going to cost additional money for that upgrade when its finally released This is not the easiest thing to wrap a brain around. You are not alone in your confusion.
Let's begin with a clean slate...
You have one Host with two NICs. NIC A (local area connection) and NIC B (local area connection 2). (you did not create a virtual network when the Hyper-V role was added)
You see these represented in Network Connections.
If you have not added any virtual networks then the 'device name' for both of these NICs is (generally) the name of the driver (ie. Broadcom..., HP..., etc.)
Now, create an External Virtual Network, Select NIC B, and complete the wizard.
If you return to Network Connections you will see:
NIC A (local area connection) with the same description
NIC B (local area connection 2) - you will find that the only binding is the virtual network switch protocol
Local Area Connection 3 - this is new and the Device Name will begin with "Microsoft Virtual Network Switch Adapter.."
The NIC to disable is Local Area Connection 3. As this is the 'extra' or second management interface that you got back by creating the External Virtual Network.
This NIC is not the physical NIC but a port in the virtual network switch that is in turn connected to the physical NIC.
Brian Ehlert (hopefully you have found this useful)- Marked As Answer byMike Sterling [MSFT]MSFT, OwnerWednesday, May 27, 2009 6:51 PM
Hi,
Add to BrianEh's statement.
Let's talk about the environment if you only have one physical NIC. (I think most of us only have one NIC with the computer if they don't buy a additional one)
The easiest way to let the VM access the outside is to create an External Virtual Network. You should bind a physical NIC to it if you want to create an External Virtual Network.
The normal physical NIC will have some protocols such as TCP/IP. After you bind the External Virtual Network to the physical NIC, the physical NIC will become a Virtual Switch only with Microsoft Virtual Network Switch Protocol. It’s an expected behavior, please DO NOT modify it.
At the same time, you will find a Local Area Connection 2 appear in your Network Connections, it’s a system spawned Virtual Network Adapter. The virtual network adapter now has all of the standard protocols and services bound to it instead.(It will has the IP address of the physical NIC which bind to the External Virtual Network.) The Hyper-V host machine will use this Virtual Network Adapter to communicate with the outside.
If you have a second physical NIC(we recommend that you use a dedicate NIC for Hyper-V management if you have two or more physical NICs). You can disable the above system spawned Virtual Network Adapter, and then use the second physical NIC for the host communication.
In addition, I also include some articles about Hyper-V networking, it may be helpful for you:
Understanding Networking with Hyper-V
http://blogs.msdn.com/virtual_pc_guy/archive/2008/01/08/understanding-networking-with-hyper-v.aspx
How does basic networking work in Hyper-V?
http://blogs.technet.com/jhoward/archive/2008/06/16/how-does-basic-networking-work-in-hyper-v.aspx
Vincent Hu
- Marked As Answer byMike Sterling [MSFT]MSFT, OwnerWednesday, May 27, 2009 6:51 PM
- can the hyperv developers post some blog and video tutorial on NIC configurations? These random blog entries and saying R2 makes it easier makes it difficult to troubleshoot. Hypervisor networking shouldn't be this troublesome and frankly the ease of these networking scenarios in R2 should be available for 2008sp2 users.
It feels like I jumped on the 2008 bandwagon too soon.
Hopefully this is read as constructive criticism- and no, I haven't got my initial post fixed. Even a YouTube tutorial would help. The IT proctology blog is the most descriptive but I still can't get it to work. - holy carp I finally got it. thanks Brian
I was disabling Local Area Connection 2 not Local Area Connection 3 (virtual nw switch adapter)
If you return to Network Connections you will see:
NIC A (local area connection) with the same description
NIC B (local area connection 2) - you will find that the only binding is the virtual network switch protocol
Local Area Connection 3 - this is new and the Device Name will begin with "Microsoft Virtual Network Switch Adapter.."
The NIC to disable is Local Area Connection 3. As this is the 'extra' or second management interface that you got back by creating the External Virtual Network. - The easiest way to understand what is gong on is to delete all of your virtual network switches.
Then look at Network Connections and document what you see.
do ipconfig /all and document what you see.
If you have two physical NICs, you will see two NICs in Network Connections
Now, create one External Virtual Network, and link it to one Physical NIC.
Now, you see three NICs in Network Connections.
One of the NICs from the previous view has only the Virtual Network Switch Protocol enabled, and a new NIC contains an IP address from DHCP.
It is this new NIC that you want to disable.
In R2, instead of hunting down and disabling a Network Connection, it is a simple check box in the virtual network manager. The end result is the same.
Yes, this is confusing. And the change did not make it in time for the SP2, but it did make it into R2.
But, like I outline, the easiest way to really understand is to begin with no virtual networks at all.
Brian Ehlert (hopefully you have found this useful) - Yep you got it.
And a divine fish to boot ;-)
Glad it is all sorted out now.
Brian Ehlert (hopefully you have found this useful) - Brian
On my Hyper-V host, I entered a "null" gateway for the Virtual Network Switch Adapter, i.e. left it blank. In Network Connections, it is shown as Access to Local only, whereas the physical nic not used by the Virtual Switch has a default gateway and shows as Access to Local and Internet. The Virtual Switch does not show connectivity, since it is only bound to Virtual Network Switch Protocol.
It seems that internal communication, that is, from host to virtual client, uses the virtual adapter, bypassing the external switch.
Would not disabling it force internal communication to go external? That is, wouldn't it go out one physical nic, to the external switch, and back in the other physical nic?
Brian - Nulling the gateway is similar to disabling the NIC.
The situation that happens is that the Host becomes multi-homed. Not in a good way, but in a bad way.
Two NICs on the same subnet.
I did tons of multi-homing back in the NT days, prior to VLAN tagging being affordable. We subnetted, physically divided traffic, etc. All kinds of tricks. Then folks stopped doing it, and then VLAN tagging became affordable and common. Now, inadvertently, multi-homing is back.
The other thing that happens is that the Host is exposed on two interfaces, even if you remove the gateway on the extra NIC, threrfore multi-homing it in a 'good' way.
All removing the gateway does is dictate which NIC the traffic from Parent partition leaves from. It can still come into both, but will only exit the NIC with the gateway. (when two NICs exist on the same subnet).
You have two ways in, one way out.
This is where instead of nulling the gateway on the extra, just disable it. Then you reduce the attack surface, and remove all confusion.
In the IP world a packet is only accepted when it comes from the source accepted. If it goes in on NIC A and comes out on NIC B, the origional sender looks at it and says "that ain't right" and throws it away. So you get communication losses as a result.
Brian Ehlert (hopefully you have found this useful) - I have now disabled the virtual nic.
Now a see, on the physical switch to which they are connected, a flurry of activity on both physical nics. Since none of the other connections, including the uplink, is involved, I con only conclude that packets are going out one port and in the other, when Hyper-V host communicates with client.
Actually, I unbound all protocols except the two Link Layer ones. At first, I unbound those too, but it seemed that I couldn't connect at all from Hyper-V host to virtual clients.
How can networking be configured so that internal, virtual communications remain internal?
Brian - I re-enabled IPv4 and the other protocols that had been used on the virtual nic.
The external activity died as the server correctly routed packets for virtual clients internally.
I would recommend keeping IP, etc. enabled on the virtual nic. Just make sure you "null" the gateway. Just don't enter a default gateway.
