Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, January 16, 2017 3:32 AM
Hi all,
i'm trialing Hyper-v 2016, enabled Hyper-v in one of the VMs and also enabled MAC address spoofing on the NIC.
The issue is, even though the Hyper-v VM got MAC spoofing enabled however the nested VM cannot access network.
When I look at the network status of the VM using Hyper-v manager I don't see the MAC address of the nested VM either, seams like the MAC of the nested VM is not learnt
Any suggestions?
All replies (13)
Monday, January 16, 2017 8:21 AM
It works in my lab.
Following steps are what I did in my lab.
- Turn off the VM, which is called virtual Hyper-V host, and running the following command on the physical Hyper-V host.
Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
- Enable MAC address spoofing on the NIC of virtual Hyper-V host by running the following command on the physical Hyper-V host.
Get-VMNetworkAdapter -VMName <VMName> | Set-VMNetworkAdapter -MacAddressSpoofing On
- Create an external switch on Hyper-V manager of the virtual Hyper-V host, and connect the virtual network adapter of the nested VM to the external switch
Hope this information is helpful for you.
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, January 16, 2017 10:30 AM
Thanks Andy,
I already did exactly the same however, VM doesnt see the network
I'm using native VLAN, there's no vlan tagging is nested virtualisation limited to tagged vlan for the nested VM?
Monday, January 16, 2017 1:31 PM
Hello,
No, there is no limit to tagged VLAN for nested VM.
Have you ever checked the network connectivity between physical Hyper-V host and virtual Hyper-V host by using ping tool?
Also, please check the ip settings on both Physical Hyper-V host and virtual Hyper-V host by using the following command.
ipconfig /all
It would be greatly appreciated if you could share output of the following commands running on physical HyperV host.
Get-VMNetworkAdapter -VMName <VM Name> -Name <VirtualNetworkAdapterName> | fl *Get-VMNetworkAdapterVlan -VMName <VM Name> -VMNetworkAdapterName <VirtualNetworkAdapterName> | fl *
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, January 17, 2017 1:03 AM
Its very odd, the virtual hyper-v "LQTG8NSY8Y7R0DW" can access network, spoofing is also enabled but there's no network on the nested VM
Get-VMNetworkAdapter
VMCheckpointId : 00000000-0000-0000-0000-000000000000
VMCheckpointName :
ClusterMonitored : True
MacAddress : 00155D08FE04
DynamicMacAddressEnabled : True
AllowPacketDirect : False
IsLegacy : False
IsSynthetic : True
IPAddresses : {}
DeviceNaming : On
IovWeight : 0
IovQueuePairsRequested : 1
IovInterruptModeration : Default
PacketDirectNumProcs : 0
PacketDirectModerationCount : 64
PacketDirectModerationInterval : 1000000
IovQueuePairsAssigned : 0
IovUsage : 0
VirtualFunction :
MandatoryFeatureId :
MandatoryFeatureName : {Ethernet Switch Port VFP Settings}
PoolName :
Connected : True
SwitchName : Management
AdapterId : C1A60304-24B0-41A9-8FDD-2D2845C1A98A
TestReplicaPoolName :
TestReplicaSwitchName :
StatusDescription : {OK}
Status : {Ok}
IsManagementOs : False
IsExternalAdapter : False
Id : Microsoft:59AB1266-BB1D-4157-9CC5-0BCE8031814F\C1A60304-24B0-41A9-8FDD-2D2845C1A98A
SwitchId : 984948ac-83e8-4c1a-9402-2ac2ae9196b1
AclList : {}
ExtendedAclList : {}
IsolationSetting : VMNetworkAdapterIsolationSetting
RoutingDomainList : {}
VlanSetting : VMNetworkAdapterVlanSetting
BandwidthSetting : VMNetworkAdapterBandwidthSetting
CurrentIsolationMode : Vlan
MacAddressSpoofing : On
DhcpGuard : Off
RouterGuard : Off
PortMirroringMode : None
IeeePriorityTag : Off
VirtualSubnetId : 0
DynamicIPAddressLimit : 0
StormLimit : 0
AllowTeaming : Off
VirtualSubnetId : 0
DynamicIPAddressLimit : 0
StormLimit : 0
AllowTeaming : Off
FixSpeed10G : Off
VMQWeight : 100
IPsecOffloadMaxSA : 512
VrssEnabled : False
VrssEnabledRequested : True
VmmqEnabled : False
VmmqEnabledRequested : False
VmmqQueuePairs : 0
VmmqQueuePairsRequested : 16
VmqUsage : 0
IPsecOffloadSAUsage : 0
VFDataPathActive : False
VMQueue :
BandwidthPercentage : 0
IsTemplate : False
Name : Management
VMId : 59ab1266-bb1d-4157-9cc5-0bce8031814f
VMName : LQTG8NSY8Y7R0DW
VMSnapshotId : 00000000-0000-0000-0000-000000000000
VMSnapshotName :
CimSession : CimSession: .
ComputerName : LABHV01
IsDeleted : False
Get-VMNetworkAdapterVLAN:
OperationMode : Untagged
AccessVlanId : 0
NativeVlanId : 0
AllowedVlanIdList : {}
AllowedVlanIdListString :
PrivateVlanMode : 0
PrimaryVlanId : 0
SecondaryVlanId : 0
SecondaryVlanIdList :
SecondaryVlanIdListString :
ParentAdapter : VMNetworkAdapter (Name = 'Management', VMName = 'LQTG8NSY8Y7R0DW') [VMId =
'59ab1266-bb1d-4157-9cc5-0bce8031814f']
IsTemplate : True
CimSession : CimSession: .
ComputerName : LABHV01
IsDeleted : False
Tuesday, January 17, 2017 3:57 AM
Hello,
Thanks for sharing the output of the commands. After walking through the output information, I can't find any clues causing this problem.
Please help confirm that the following prerequisites are meet for deploying nested virtulization.
A Hyper-V host running Windows Server 2016 or Windows 10 Anniversary Update.
A Hyper-V VM running Windows Server 2016 or Windows 10 Anniversary Update.
A Hyper-V VM with configuration version 8.0 or greater.
An Intel processor with VT-x and EPT technology.
Plus, can you turn on the nested VM, and running the following command on the nested VM to check the IP settings.
ipconfig /all
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, January 17, 2017 5:37 AM
Andy
Both virtual hyper-v and nested VM are 2016.
VT-x is enabled otherwise, how could I run a nested VM at the first place
ipconfig on the nested VM shows the right IP. In fact, virtual host can ping the nested VM and the otherway around, however nested VM cannot ping anything outside its virtual environment. i.e the gateway which is a Cisco router in this case.
Tuesday, January 17, 2017 6:00 AM
On an another note, the switch on the physical blade is managed by a network controller.
Would that make any difference?
Tuesday, January 17, 2017 7:49 AM
Hello,
How many virtual network adapters on virtual Hyper-V host?
What's the type of virtual switch 'Management', is it external, internal or private?
Is the nested VM in the same subnet as Physical Hyper-V host, can the nested VM ping through Physical Hyper-V host?
Could you please run the following command on both physical and virtual Hyper-V host.
Get-VMSwitch | fl *
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, January 17, 2017 10:37 PM
Hi Andy,
Switches both on virtual host and the physical host are external. There's one NIC on the virtual host, both virtual and physical host can ping each other on a same subnet. physical host can access internet but virtual host using the same subnet cannot even reach the gateway.
Get-VMSwitch on the virtual Hyper-v host
Name : PublicSwitch
Id : 97b8f268-413d-497d-89e5-7d45cb1ef7d6
Notes :
Extensions : {Microsoft Windows Filtering Platform, Microsoft Azure VFP
Switch Extension, Microsoft NDIS Capture}
BandwidthReservationMode : Absolute
PacketDirectEnabled : False
EmbeddedTeamingEnabled : False
IovEnabled : False
SwitchType : External
AllowManagementOS : True
NetAdapterInterfaceDescription : Microsoft Hyper-V Network Adapter
NetAdapterInterfaceDescriptions : {Microsoft Hyper-V Network Adapter}
IovSupport : False
IovSupportReasons : {Ensure that the system has chipset support for SR-IOV and
that I/O virtualization is enabled in the BIOS., To use
SR-IOV on this system, the system BIOS must be updated to
allow Windows to control PCI Express. Contact your system
manufacturer for an update., SR-IOV cannot be used on this
system as the PCI Express hardware does not support Access
Control Services (ACS) at any root port. Contact your
system vendor for further information., This network
adapter does not support SR-IOV.}
AvailableIPSecSA : 0
NumberIPSecSAAllocated : 0
AvailableVMQueues : 0
NumberVmqAllocated : 0
IovQueuePairCount : 0
IovQueuePairsInUse : 0
IovVirtualFunctionCount : 0
IovVirtualFunctionsInUse : 0
PacketDirectInUse : False
DefaultQueueVrssEnabledRequested : True
DefaultQueueVrssEnabled : False
DefaultQueueVmmqEnabledRequested : False
DefaultQueueVmmqEnabled : False
DefaultQueueVmmqQueuePairsRequested : 16
DefaultQueueVmmqQueuePairs : 0
BandwidthPercentage : 10
DefaultFlowMinimumBandwidthAbsolute : 1000000000
DefaultFlowMinimumBandwidthWeight : 0
CimSession : CimSession: .
ComputerName : LQTG8NSY8Y7R0DW
IsDeleted : False
Get-VMSwitch on the physical Hyper-v host
Name : Management
Id : 984948ac-83e8-4c1a-9402-2ac2ae9196b1
Notes :
Extensions : {Microsoft VMM DHCPv4 Server Switch Extension, Microsoft Windows Filtering
Platform, Microsoft Azure VFP Switch Extension, Microsoft NDIS Capture}
BandwidthReservationMode : Weight
PacketDirectEnabled : False
EmbeddedTeamingEnabled : True
IovEnabled : False
SwitchType : External
AllowManagementOS : True
NetAdapterInterfaceDescription : Teamed-Interface
NetAdapterInterfaceDescriptions : {Cisco VIC Ethernet Interface}
IovSupport : False
IovSupportReasons : {This network adapter does not support SR-IOV.}
AvailableIPSecSA : 0
NumberIPSecSAAllocated : 0
AvailableVMQueues : 0
NumberVmqAllocated : 0
IovQueuePairCount : 0
IovQueuePairsInUse : 0
IovVirtualFunctionCount : 0
IovVirtualFunctionsInUse : 0
PacketDirectInUse : False
DefaultQueueVrssEnabledRequested : True
DefaultQueueVrssEnabled : False
DefaultQueueVmmqEnabledRequested : False
DefaultQueueVmmqEnabled : False
DefaultQueueVmmqQueuePairsRequested : 16
DefaultQueueVmmqQueuePairs : 0
BandwidthPercentage : 100
DefaultFlowMinimumBandwidthAbsolute : 0
DefaultFlowMinimumBandwidthWeight : 1
CimSession : CimSession: labhv01.lab.local
ComputerName : LABHV01
IsDeleted : False
Thursday, January 19, 2017 9:51 AM
Hello,
I noticed the description for physical NIC is Cisco VIC Ethernet Interface, which is a component of Cisco UCS.
So, I guess the Windows Server 2016 was deployed on Cisco UCS platform. If so, I would recommend to consult the vendor manufactor for the Cisco UCS related settings with Hyper-V.
In addition, I also noticed that you configured Switch-Embedded Teaming on the physical host, have you ever set truninking or VLAN tagging on the physical NIC or virtual Switch?
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, January 20, 2017 2:12 AM
Hi Andy,
Yes, you're right. The lab is running in a Flexpod environment using s Cisco UCS blade.
The vNIC does have multiple VLANs on it however the management vlan is set as default (native vlan) so no tagging on the server level needed.
Like I said, the virtual Hyper-v host can talk to network but the nested VM cant.
Monday, January 23, 2017 7:01 AM
Hello Milad,
Since nested virtulization needs to leverage Mac address spoofing for networking, Cisco UCS may have the technology which can prevent the network from ARP-Spoofing attack. This can cause the network failure of nested VM. You can verify it by consulting the Cisco UCS documentation.
On the other hand, Hyper-V provides another option for networking with nested VM, which relies on Network Address Translation(NAT). This approach is best suited for cases where MAC address spoofing is not possible.
You can refer to the following article for the details.
https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, December 4, 2017 11:50 AM
Hi,
anyone found the solution for this?
i believe mcmilad is running SDNv2, and nested virtualization network is not supported with VMM 2016.
meanwhile, VMM 1711 is adding the support of this. but SDNv2 is the same on VMM 2016 and VMM 1711. what's stopping VMM 2016 adding this features?
https://docs.microsoft.com/en-us/system-center/vmm/sdn-guest-clusters?view=sc-vmm-1711