none
VLAN Tags and Hyper-V Switches RRS feed

  • Question

  • Does the Hyper-V 2012 Virtual Switch support forwarding VLAN-tagged packets to a guest OS with the VLAN tags intact?  In other words, can I have a single virtual NIC handle multiple VLANs by doing the VLAN filtering inside the guest OS?

    I would like to run a guest OS that sits on multiple VLANs, and while I could create and delete virtual NICs which are assigned to a single VLAN, it would be much more flexible in my environment to have Hyper-V simply forward frames with the VLAN (802.1q) tags intact so that the guest OS can see the tags and deal with them appropriately.  (looking at running a virtual router that sits across multiple VLANs).

    I can't see any obvious way to do this.  I thought that leaving the VLAN tag for the guest off would cause packets to be forwarded unfiltered, but that appears to not be the case.  Does anyone know how to enable forwarding tagged frames through a virtual switch/NIC to a guest OS?

    Thanks!

    Monday, April 15, 2013 10:02 PM

All replies

  • Yes - I just set this up today as a mater of fact...  This functionality is not exposed via the UI but here's an example of how to configure it via PowerShell.

    Add-VMNetworkAdapter -SwitchName Switch -VMName "VmName" -Name "TrunkNic"
    Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "100,101" -VMName "VmName" -VMNetworkAdapterName "TrunkNic" -NativeVlanId 1

    Monday, April 15, 2013 10:43 PM
  • Wow, thanks.  

    Tried it, but no dice.  Does it depend on any particular settings on the physical NIC?  As near as I can tell, no traffic is leaving or entering the VM connected to the trunk.  I tested from a VM attached to the same virtual switch, as well as looking at wireshark on the team of physical adapters that the VSwitch sits on top of.  

    I'm attempting to run Vyatta, just FYI, and have a basic configuration with three vifs on top of eth0.  I would expect to at least be able to ping from the Vyatta VM over to the Win8 VM attached to the same VSwitch (and appropriately tagged at the Hyper-V NIC level).

    Any ideas?

    Monday, April 15, 2013 11:32 PM
  • Hi,

    >  Does it depend on any particular settings on the physical NIC?

    No special settings on the physical NIC, but not every NIC support VLAN tagging. You should generally not set the VLAN ID at the physical NIC, it should be set on either the Virtual Switch or the individual Virtual Machine’s configuration. The VLAN ID on the Virtual Switch is what the Host or Parent Partition uses. The VLAN ID setting on the individual Virtual Machine’s settings is what each VM will use.

    For more information please refer to following MS articles:

    Understanding Hyper-V VLANs
    http://blogs.msdn.com/b/adamfazio/archive/2008/11/14/understanding-hyper-v-vlans.aspx
    VLAN Tricks with NICs - Teaming & Hyper-V in Windows Server 2012
    http://blogs.technet.com/b/keithmayer/archive/2012/11/20/vlan-tricks-with-nic-teaming-in-windows-server-2012.aspx#.UWznBmawrX0
    Set-VMNetworkAdapterVlan
    http://technet.microsoft.com/en-us/library/hh848475(v=wps.620).aspx

    Hope this helps!

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     

     


    Lawrence

    TechNet Community Support

    Tuesday, April 16, 2013 5:57 AM
    Moderator
  • So a couple of things here:

    - I'm using the Intel i350-T4 server-grade NICs.  I know they support VLAN tagging, as I can put them in monitor mode and see the VLAN tags in wireshark.

    - I don't want to set a VLAN ID at the physical NIC, the VSwitch, or the VM NIC.  I want 802.1q-tagged packets to make it all the way to the guest OS's TCP stack.  If I set static VLAN IDs somewhere, that wouldn't happen.

    I'll take a look at your links, but I think we're talking about two different things.  I can already put a specific virtual NIC on a specific VLAN, and that works just fine.  I'm actually trying to avoid doing that...

    Tuesday, April 16, 2013 2:04 PM
  • Michael,

    I am using the same Intel NIC with the latest ProSet drivers installed - so I agree with you I know it should work.  What are you using in the guest to take advantage of the tag'ed packets?  I am using Windows 2012's inbox NIC teaming so I actually have two interfaces into the guest both with in trunk mode and I have set the AllowTeaming option as well.

    Also worth verifying that your physical switch port configuration is correct - just the other day I accidently specified untagged vs tagged on a switch config and it took me hours to realize the mistake :).

    Tuesday, April 16, 2013 3:59 PM
  • Hmm, yes, it probably should.

    I'm using Vyatta as the guest.  Trying to experiment with virtualized routing and figure out if/how it works in a Hyper-V infrastructure.  Vyatta/linux (on dedicated, non-virtual hardware) handles this just fine using Intel NICs, so I'm confused as to why this would be an issue with the virtual NIC.

    As a test to verify switch configuration, etc., (yes, I've lost hours to that same problem...doh!) I dropped a Windows 8 VM with an explicitly tagged NIC (say VLAN 101) onto the same virtual switch as the Vyatta box that was set in trunk mode per your previous post.  I could ping out to the net on VLAN 101, but could not ping the Vyatta box, so that suggests the physical switch is configured properly.  I then attempted to turn off the VNIC tag and turn on VLAN 101 in the Windows 8 guest side, but it appears there's no VLAN setting in the Microsoft virtual NIC driver on the guest side, so that test was a bust.

    At any rate, everything seems properly configured, so I'm curious as to why a) it doesn't work, and b) I'm not seeing packets on the win8 side with 802.1q tags on them when I have the VLAN box for the VNIC unchecked in Hyper-V.

    Appreciate any insights you can offer.

    Tuesday, April 16, 2013 7:26 PM
  • On my test server I had to specify the VLAN on the physical adapter (all adapters are teamed) when connected to a 802.1q port. I haven't actually created any vswitches yet but I am surprised by Lawrence's comment as I thought I would need the VLAN specified on the physical adapter AND the vswitch\VMs. Easy to get confused here. :)
    Friday, April 19, 2013 2:11 AM
  • Michael,

    On the Linux guest are you using the emulated adapter or do you have the synthetic adapter and related Linux integration components installed?  I could definitely see how this could be an issue with the emulated adapter/driver (I don't think the DEC21x ever supported VLANs) or possibly with the Linux integration components driver.  The test you where attempting with the Windows 8 VM is a great one to help narrow this down - if you have a Windows Server 2012 VHD you might try using that and then creating a one NIC network team - the team allows you to create multiple adapters with different VLAN tags.

    -Taylor

    Friday, April 19, 2013 11:41 PM
  • Sorry to revive an old thread - but i have successfully confirmed Vyatta router can work with VLAN Trunking if you follow these steps.

    http://www.vyatta.org/node/29440

    the issue is with the integration services - so this post explains how to inject updated components for integration services. 

    Saturday, February 22, 2014 1:15 AM