none
Hyper-V core SR-IOV NIC configuration

    Question

  • I am working with a Dell Poweredge R320 server with the latest BIOS. It has virtualization and SR-IOV enabled. I am using an Intel I350-t4 4 port SR-IOV capable NIC. Hyper-V seems pretty happy with it. all Powershell commands show that all is well.

    My understanding of SR-IOV isn't the greatest, but from what I've read, it sounds like it will provide direct access to a NIC to a selected VM. The end goal is that I am wanting to assign a port specifically to a windows 10 Professional VM.

    In the Virtual Switch Manager, I do the following...

    • Create a new virtual switch.
    • Select a port on my SR-IOV NIC.
    • Check External network.
    • Check Enable SR-IOV.

    Questions.

    1. Should I select Allow Management Operating System to share this network adapter?
    2. If I do, should I also enable the virtual LAN identifier?
    3. If I enable using a virtual LAN identifier, should I also enable it on the NIC that is used on the VM?

    Thanks

    Tuesday, November 6, 2018 4:56 PM

Answers

  • Per a response from Tim.

    Reply:

    "So a port is directly assigned to a VM as intended."

    No, the port is created as a virtual switch and you have a virtual NIC in the VM that is connected to that virtual switch.  If you don't have any other VMs connected to that switch, you could say that port is 'dedicated' to the VM that does have a virtual NIC on that virtual switch, but there is nothing to prevent creating another VM that has a virtual NIC to that virtual switch, thereby sharing that port with another VM.  This is the way networking works in Hyper-V.

    "Some traffic from applications running in the VM to the physical network is being dropped by HyperV which is problematic"

    Check with your NIC vendor.  Not all NICs support SR-IOV.  You may need to ensure that you have configured the NIC according to the vendor's specifications.


    tim

    Tim, thank you for the insight. My NIC is an Intel i350-T4 which is an SR-IOV capable NIC.

    I went ahead and spun up a 2nd guest VM on my test Hyper-V server and found that I could assign the same NIC port to 2 different VMs. Both guest VMs list an Inter(R) I350 Virtual Function device under network adapters.

    I would have expected having Allow Management Operating System to share this network adapter deselected would have limited it's use to a single guest VM.

    I will consider my original question as answered and wait for Microsoft to be in touch on the case that I opened. My companies product tat is being tested runs well in an ESXi environment but cannot be made to run in the Hyper-V environment. Yet... I was hoping that utilizing an SR-IOV capable NIC would have solved our connectivity issues.

    • Marked as answer by bakerjw123 Friday, November 9, 2018 2:51 PM
    Friday, November 9, 2018 2:51 PM

All replies

  • Hello,

    If you have a dedicated NIC for the host management, then you do not need to share the network adapter. Use virtual LAN identification if you would like to isolate network traffic - you need to configure VLAN's on the physical network.


    Microsoft Certified Professional

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click Answered "Vote as helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster. ]

    Tuesday, November 6, 2018 8:06 PM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, November 8, 2018 2:34 PM
    Moderator
  • The answer provided was helpful.

    With Allow Management Operating System to share this network adapter deselected, the HyperV Host no longer reports the NIC port when doing an IPConfig. The guest VM to which it is assigned does see the NIC port, reponds to a ping and device manager in the VM shows an I350 Virtual Function device. So a port is directly assigned to a VM as intended.

    Some traffic from applications running in the VM to the physical network is being dropped by HyperV which is problematic as SR-IOV operation in an ESXi environment does not do this. I have an open support ticket with Microsoft to address the problem.

    Thanks

    Friday, November 9, 2018 9:03 AM
  • Per a response from Tim.

    Reply:

    "So a port is directly assigned to a VM as intended."

    No, the port is created as a virtual switch and you have a virtual NIC in the VM that is connected to that virtual switch.  If you don't have any other VMs connected to that switch, you could say that port is 'dedicated' to the VM that does have a virtual NIC on that virtual switch, but there is nothing to prevent creating another VM that has a virtual NIC to that virtual switch, thereby sharing that port with another VM.  This is the way networking works in Hyper-V.

    "Some traffic from applications running in the VM to the physical network is being dropped by HyperV which is problematic"

    Check with your NIC vendor.  Not all NICs support SR-IOV.  You may need to ensure that you have configured the NIC according to the vendor's specifications.


    tim

    Tim, thank you for the insight. My NIC is an Intel i350-T4 which is an SR-IOV capable NIC.

    I went ahead and spun up a 2nd guest VM on my test Hyper-V server and found that I could assign the same NIC port to 2 different VMs. Both guest VMs list an Inter(R) I350 Virtual Function device under network adapters.

    I would have expected having Allow Management Operating System to share this network adapter deselected would have limited it's use to a single guest VM.

    I will consider my original question as answered and wait for Microsoft to be in touch on the case that I opened. My companies product tat is being tested runs well in an ESXi environment but cannot be made to run in the Hyper-V environment. Yet... I was hoping that utilizing an SR-IOV capable NIC would have solved our connectivity issues.

    • Marked as answer by bakerjw123 Friday, November 9, 2018 2:51 PM
    Friday, November 9, 2018 2:51 PM
  • Hi,

    I'm glad that the information here is helpful to you, and you can address the original issue to a right direction.

    Based on my experience, deselect the option "Allow Management Operating System to share this network adapter", it simply will isolate the management host to VMs' external Virtual Switch environment, the host can't communicate with these VMs connecting the external network. 

    Here's a blog discussed Hyper-V networking and this option for your reference. Hope this helps.

    https://www.altaro.com/hyper-v/virtual-networking-configuration-best-practices/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.


    Highly appreciate your effort and technical. If you have any question or concern, please feel free to let me know.

    Thanks for your sharing and support.

    Best regards,

    Michael  


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Sunday, November 11, 2018 10:05 AM
    Moderator
  • "I would have expected having Allow Management Operating System to share this network adapterdeselected would have limited it's use to a single guest VM."

    De-selecting that option prevents the host OS from using the created virtual switch.  It does not say anything about any other virtual machines being prevented from using that virtual switch.


    tim

    Monday, November 12, 2018 3:13 PM