none
Adding promiscuous mode in server 2012 hyper-v

    Question

  • I am running a esxi lab within hyper-v and the vms within this do not want to connect to the network. I have been told that I need to enable promiscuous mode on the virtual switch and I can't find the option anywhere. I cannot get guest OSes to connect to the network under the vmware vsphere. 

    Is there any way to enable this? Please respond. Thank you. 

    Friday, February 01, 2013 9:19 PM

Answers

  • The Hyper-V Virtual Switch does not support promiscuous.

    The best that Server 2012 offers is vNIC ACLs - one of which does allow traffic to be mirrored.  But flat out promiscuous is not possible.

    Aidan covers it here: http://www.aidanfinn.com/?p=12634


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.
    Disclaimer: Attempting change is of your own free will.

    Friday, February 01, 2013 10:20 PM
    Moderator
  • 

    pen the XML file for your VM.

    I am not sure where best to try this.  The first place I would suggest is under the <global_settings> node.  Add the line:

    <allow_promiscuous_mode type="boolean">TRUE</allow_promiscuous_mode>

    THIS WORKED!

    Friday, February 08, 2013 8:13 AM

All replies

  • The Hyper-V Virtual Switch does not support promiscuous.

    The best that Server 2012 offers is vNIC ACLs - one of which does allow traffic to be mirrored.  But flat out promiscuous is not possible.

    Aidan covers it here: http://www.aidanfinn.com/?p=12634


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.
    Disclaimer: Attempting change is of your own free will.

    Friday, February 01, 2013 10:20 PM
    Moderator
  • Nope - I take that back.  The built in ACLs are only allow, block, and measure.

    It is some of the third parties that take this farther with their switch extensions.

    Sorry about that.


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.
    Disclaimer: Attempting change is of your own free will.

    Friday, February 01, 2013 10:23 PM
    Moderator
  • so we can't run hypervisors within a hyper-v hypervisor with networking?

    Promiscuous mode is required in order to achieve my result. Is there any other way? 

    Switch extensions:

    Can you point me to some switch extensions that would work?

    Friday, February 01, 2013 11:01 PM
  • Another hypervisor as a VM within Hyper-V?

    Or, Hyper-V as a VM on top of another hypervisor?

    You can run Hyper-V Server as a VM on Hyper-V Server - but you cannot boot any of the second level VMs - you could only use it for development (essentially).

    There is no need for promiscuous - unless there is a particular hypervisor that requires that.


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.
    Disclaimer: Attempting change is of your own free will.

    Friday, February 01, 2013 11:16 PM
    Moderator
  • I have server 2012 as the host OS running Hyper-V

    The "guest OS" is VMWare Vsphere

    The "Guest" "Guest" OS is Windows 8

    The "guest" "guest" OS can not connect to the network. It connects as "unidentified network" and does not have internet connectivity and shows up as "limited"

    Saturday, February 02, 2013 12:17 AM
  • Hi,

    Hyper-V technology does not support Hypervisor nesting, although you can nest Hyper-V inside VMware, or nest VMware inside Hyper-V. But this kind of configurations is beyond our support policy.

    Thanks for your understanding.

    For you scenario, you may set external network for guest OS VMWare Vsphere; in the guest OS, create an internal NIC for guest guest SO Windows 8. Create a network bridge between guest OS NIC and virtual guest guest NIC.

    Try that and give us feedback for further troubleshooting.

    For more information please refer to following MS articles:

    Microsoft server software and supported virtualization environments
    http://support.microsoft.com/kb/957006
    Hyper-V: Virtual Networking Survival Guide
    http://social.technet.microsoft.com/wiki/contents/articles/151.hyper-v-virtual-networking-survival-guide-en-us.aspx
    Bringing Hyper-V to “Windows 8”
    http://blogs.msdn.com/b/b8/archive/2011/09/07/bringing-hyper-v-to-windows-8.aspx

    Hope this helps!

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     


    Lawrence

    TechNet Community Support

    Monday, February 04, 2013 3:17 AM
    Moderator
  • Hi,

    I would like to confirm what is the current situation? Have you resolved the problem or do you have any further progress?

    If there is anything that we can do for you, please do not hesitate to let us know, and we will be happy to help.


    Lawrence

    TechNet Community Support

    Wednesday, February 06, 2013 2:34 AM
    Moderator
  • Thanks for checking on me. :)

    I have not resolved this. I have tried all the software options I have. :(

    Would this work better with a dedicated network device?


    • Edited by RemixedCat Wednesday, February 06, 2013 10:12 AM
    Wednesday, February 06, 2013 10:11 AM
  • Hi,

    > I have tried all the software options I have

    You have tried the network bridge solution?

    You can assign a dedicated network for Hyper-V guest, the VMWare Vsphere server, then the server should has external network connection. In the VMWare Vshpere server create an internal network for its guest Hyper-V VM, in the VMware Vshpere server create network bridge between its external network and internal network (the virtual network adapter created for guest VM).

    Assign internal network for guest guest Hyper-V, the Hyper-V VM should get external network connection from the bridge network.


    Lawrence

    TechNet Community Support

    Thursday, February 07, 2013 3:34 AM
    Moderator
  • I am able to get as far as to get an IP from my router to the esxi/vsphere VM but no DNS/internet connectivity works. 

    I am able to ping my router, however no DNS resolves. 

    Thursday, February 07, 2013 8:09 AM
  • 

    pen the XML file for your VM.

    I am not sure where best to try this.  The first place I would suggest is under the <global_settings> node.  Add the line:

    <allow_promiscuous_mode type="boolean">TRUE</allow_promiscuous_mode>

    THIS WORKED!

    Friday, February 08, 2013 8:13 AM
  • Hi,

    Thanks for sharing your experience!

    You experience and solution can help other community members facing similar problems.

    Thanks for your contribution to Windows Server Forum!

    Have a nice day!


    Lawrence

    TechNet Community Support

    Monday, February 11, 2013 6:44 AM
    Moderator
  • No problem! 

    Glad to help!

    Monday, February 11, 2013 5:58 PM
  • Lawrence,

    I have Hyper-V 2012.  I would like to have a Cisco port mirror/span sent into a server in Hyper-V so I can capture data and create flow records.  I have a dedicated hardware nic on the host server that I have configured in the Hyper-V switch as a separate network and attached this def to the server in Hyper-V.  So far I do not see all the traffic I do with a real separate box (test laptop).  Can you point me in the correct direction.

    Thanks


    Ron

    Tuesday, February 19, 2013 5:10 PM
  • Hi,

    i had to enable this mode for another program and i red all the answers here and all i can tell you is that they are all wrong.

    apparently, promiscuous mode for vmware is "mac address spoofing" for hyper-v.

    worked for me and it should work for you.

    Regards,

    Udi M! 

    • Proposed as answer by Udi Mo Thursday, August 28, 2014 12:25 PM
    Thursday, August 28, 2014 12:25 PM
  • Can you show any proof that Hyperv supports promiscuous mode, as the rest of the internet knows this differently than what you are stating in this comment.
    Thursday, August 28, 2014 12:32 PM
  • The two features are technically not identical, that is why MSFT states that Hyper-V does not support promiscuous. Which is used for network sniffing devices.

    MAC address spoofing was developed to allow two VMs to share the same MAC. Specifically for NLB load balancing.

    This is the MSFT statement.

    Glad it worked for you. What was your application?


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.

    Thursday, August 28, 2014 12:46 PM
    Moderator
  • i have a vm running windows 2008 r2 on windows 2012 r2 hyper-v.

    i have installed softether vpn and part of a configuration is to create a bridge between the program to the vm. the bridge setup required me to enable  promiscuous mode.

    i have tried the solution which suggested to edit the xml and it didn't work.

    only after reading the instructions of softether which stated that promiscuous mode is mac address spoofing to hyper-v i had managed to operate the vpn server and get the networking to work.

    try it your self and let me know if i was right.

    Regards,

    Udi M.

    Thursday, August 28, 2014 12:48 PM
  • hi all,

    sorry if i insulted anyone and it was not my intention.

    the  solution to the question asked at first was the solution that i proposed as far as i concern.

    maybe i am wrong with all the definitions and maybe i explained myself the wrong way.

    the bottom line is that all the variables and all the names thrown here appeared in my problem and got solved when enabling mac address spoofing in the hyper-v's VM

    Regards,

    Udi M. 

     

    • Proposed as answer by Pants79 Monday, December 29, 2014 8:34 PM
    Thursday, August 28, 2014 12:54 PM
  • No offense taken.

    Just want to make sure that the technical details are clear. These posts linger for years, so just want the details in place so someone can judge for themselves.


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.

    Thursday, August 28, 2014 12:58 PM
    Moderator
  • No worries Udi Mo,

    the reason I wanted to notify you that if you start saying that Hyperv 2012 (or earlier or future versions) supports promiscuous mode, google will index this topic, and from tomorrow everybody will spread the obviously not true statement that Hyperv supports promiscuous mode.

    Just to make the message clear: running a VM on Hyperv, you CANNOT implement network-sniffing kind of applications on that VM. That is for sure.

    Thursday, August 28, 2014 1:01 PM
  • I can confirm that this work for my problem. I had a problem getting Linux bridging working within a VM. Turned on Mac Address spoofing and BAM my LXC containers can network with machines outside the Hyper Visor.

    Thanks , i was pulling my hair out after a day of troubleshooting and getting nowhere.

    Edit: I just had to make sure this worked.I've disabled all the portwarding stuff and port mirroring in the VM and the VMswitch which did not work anyway and putting "Address spoofing" in the VM makes my Linux bridge work within a VM.

    My LXC containers make use of a bridge within a Linux VM to communicate with the outside world and whatever I tried I could not get it to work. Port mirroring on the VMswitch etc. etc. etc. nothing.

    Now they pull their address from the DHCP server like a regular machine on the network.

    Thank you very much, this has cost me day in troubleshooting I was about ready to install just another VM to get around this issue. Now I can use LXC like I want to. :)

    This is disabling the checkbox mid ping and re-enabling it again:

    Pinging 192.168.2.22 with 32 bytes of data:
    Reply from 192.168.2.22: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.22: bytes=32 time=1ms TTL=64
    Reply from 192.168.2.22: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.22: bytes=32 time<1ms TTL=64
    Request timed out.
    Request timed out.
    Request timed out.
    Reply from 192.168.2.22: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.22: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.22: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.22: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.22: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.22: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.22: bytes=32 time<1ms TTL=64


    • Edited by Pants79 Monday, December 29, 2014 8:33 PM
    Monday, December 29, 2014 8:22 PM
  • Glad i could help and give something back to the community.
    Wednesday, December 31, 2014 1:02 PM
  • Well, there is something that has just been published on a technet blog:

    http://blogs.technet.com/b/networking/archive/2015/01/06/setting-up-port-mirroring-to-capture-mirrored-traffic-on-a-hyper-v-virtual-machine.aspx

    Is this something that changes the entire outcome of this long-running thread, or there is nothing new in the article, and the opening issue of this entire thread is still unresolved?

    Tuesday, January 06, 2015 6:22 PM
  • Port mirroring and promiscuous are technically different things.

    Also, port mirroring is set at the virtual switch, which means it is between VMs that reside on the same Hyper-V Server only.  And you apply the rules.

    Promiscuous simply listens to everything that crosses the wire, catching it all as it passes by.  Not taking only those packets that are forwarded.

    mirroring has also been discussed in this thread.  And it may provide a solution for some.  But it will not work for a general network sniffer that wants to see everything.

    Also, "MAC address spoofing" solves a related issue for some folks as well.  It is a different thing, but it all depends on the application.


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.

    Tuesday, January 06, 2015 6:55 PM
    Moderator