Hyper-V Network Configuration

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,
Possible silly question coming up, as I only have a little experience with Hyper-V!

I've just started studying for the 70-640 Active Directory 2008 exam, and was after a bit of advice on Hyper-V. I want to set up my home lab of 3-4 servers (as suggested in the MS Training Kit), but I want to do it virtually on a laptop. I have Windows 8 with Hyper-V installed and have installed my first 2008 R2 server.

I'd like to know what would be the best networking setup for this? As it stands, I've set up an external virtual switch, bound to my laptop's WiFi connection, and shared with the VMs, so they are currently getting IP addresses in the same range as my laptop.

This works and gives me internet access etc, but in the Training Kit it tells me to give them 10.0.0.x addresses, specifying a gateway etc.

Is there any way I'd be able to freely assign IP's in the 10.0.0.x range to my VM's and maintain internet access via my laptops physical NIC? Would I need to set up a VLAN or something?


Thanks all,
Adam

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Ok just a quick update here after rooting around on the internet!


I've configured things as described in this guide:

Words, Ideas, and Things: Hyper-V Internal Virtual Network and Internet Access


As it seemed to be pointing in the same direction as I was. Basically you create an INTERNAL type virtual switch and then enable internet connection sharing on the laptop's WiFi adapter.

All I've done differently is to change the IP address of the Internal Virtual Adapter to 10.0.0.1 (the subnet given in the Training Kit book), then applied IP settings to the VM as follows:

IP: 10.0.0.11
Subnet: 255.255.255.0
Gateway: 10.0.0.1
DNS: 10.0.0.1



This seems to be working, at least, I have internet access from my VM. I just wondered if anyone can see any problems here as I work through the Training Kit?

Thanks again
Adam

 

I've got it rigged up slightly differently, this is from memory as I'm at work:

Currently got two Virtual Switches setup in Hyper-V:

#1 - set to External and shared with the host machine, call it VSwitch1
#2 - set to Internal and not shared with host machine, call it VSwitch2


So, I've got a VM called DC1, and lets say at least one other called SRV2.

DC1 has both VSwitch1 and VSwitch2 bound to it.
SRV2 has only VSwitch2 bound to it.

Internally the VSwitch1 adaptor on DC1 is manually set to an IP of 192.168.25.250 where my home router, and ergo gateway is on 192.168.25.254 externally.
Internally any adaptors that are VSwitch2 and bound to servers are configured with manual IP addresses in the range 192.168.35.X

So DC1 has two adaptors, VSwitch1 on 192.168.25.250 & VSwitch2 on 192.168.35.250 as an example.

Routing and Remote Access is then installed on DC1 and configured to allow routing though the VSwitch1 adaptor.

DHCP is configured to hand out the internal IP of DC1's VSwitch2 adaptor as the gateway, ergo 192.168.35.250.

Any client OS's then get this as the gateway, it's statically set on my servers. DC1 handles all external routing for this particular internal network.

The benefit of doing the R&RA internally instead of on the host is that you can setup as many separate internal virtual networks that you want with their own IP ranges, and each one just needs a single IP on your real network range. I like to keep things separate and not play with my host too much.

 

Thanks for the help mate!

I think I understand what you've got set up there. That would definitely be the better way to handle multiple virtual subnets I think. I suppose they're both sort of doing the same thing but as you say, one inside the VM and one on the host.

Can I ask, did you follow the setup detailed in the Training Kit and if so did you use the IP config it suggests? The thing I don't quite get yet is, the book says to configure your first server as:

IP: 10.0.0.11
Subnet . 255.255.255.0
Gateway: 10.0.0.1
DNS: 10.0.0.11

This just seems odd as, whether physical or virtual, at this stage there is no such gateway with an IP 10.0.0.1, and the DNS server is itself? Presumably the book assumes were not using Internet access at this stage or am I just missing something blindingly obvious?!

 

In all honesty I never follow the IP details set down in the books, I setup my own and play that way.

I'm presuming the test lab setup from the book isn't actually expecting to get internet access. DNS as itself is fine if it's running the DNS Server service.

 

I was literally just working on this and got to the point of installing AD DS on the server, which of course installs the DNS role as a requirement!

Which means DNS is handled by the server VM itself, and the IP config suggested in the book does work, with Internet access, with my current set up.

I thought I was missing something, but obviously just wasn't at that stage yet!

In any case I've learnt I good chunk about Hyper-V in the process so thanks again for all the help !

Adam

 

OK, I'm sorry to resurrect this thread, but thought it might be better than starting a new one since the info is all here....

I've hit the DNS section of my Training Kit which asks for the setup of three servers on a different subnet to the ones I already have. I've sort of cobbled a way to do this using Hyper-V, but wanted to check as I've learned as I went along!

What I already had in place is:

An Internal Hyper-V virtual switch (vSwitch1), manually set to an IP of 10.0.0.1 on the host, then sharing setup on the host's WiFi NIC to this vSwitch.
A server, SERVER01, vSwitch1 bound to it, with a manual IP of 10.0.0.11, gateway of 10.0.0.1, and DNS of itself (DNS role is installed).

This allows SERVER01 to access the internet through my host's WiFi adapter. When multiple subnets came along, I was considering switching over to Gsteer's setup with an external adapter instead, but I would like my VMs to access the internet wherever my laptop is, so configuring a gateway in my home router's range would limit that without changing IP addresses. Sharing the host's NIC allows my VMS to connect wherever I have Wifi on the host


So what I have now added to this setup is:

Created a second Internal Virtual Switch (vSwitch2) with manual IP address of 20.0.0.1 on the host, bind this as a second NIC to SERVER01, with a manual IP of 20.0.0.11 inside the VM. What I'm not sure of here is the gateway and DNS settings to use inside the VM? At the moment I have it as GW blank and DNS 10.0.0.11 (SERVER01's vSwitch1 IP)
Install a server, say SERVER02, with only vSwitch2 bound to it. Set it a manual IP in the 20.0.0.x range, and it's gateway as 20.0.0.11. At the moment I have it's DNS set to OpenDNS.
Configure Routing and Remote Access on SERVER01 in NAT & LAN routing mode, with vSwitch1 defined in the NAT section as a public interface with NAT enabled.

SERVER02 now has internet access (as long as SERVER01 is running) and appears to be in the 20.0.0.x subnet. I just wondered if I'd made any glaring errors here or if I should be good to work with this setup?

Thanks again

 

I'm at work atm so can't spend much time looking at this, I'll respond properly later...but just as an initial heads up don't use a 20.0.0.0 range - this isn't an allowable private IP range so you'd want to use something else like 10.0.10.0 instead.

 

Ah, great stuff, thanks, I'll get that changed in the meantime!

 

Ack - just remembered that I was mean to reply to this - looong week. Will do so when I get home greenstarthree!

 

Haha no worries mate, I know the feeling!

It's working how I thought it would so far, the second subnet have internet access as long as the server with RRAS installed (which is in the first subnet) is running.
I've worked a little through the DNS chapter with this setup and haven't hit any problems yet, apart from DNS being one of my weaker subjects, but that's another issue and just means I've plenty of reading to do in the meantime!

Cheers

 

For some reason I couldn't map it out in my head earlier but now I've diagrammed it you've actually got a similar extended setup to one I was running albeit with different ranges/subnets!

IIRC I had running

[vSwitch1 192.168.25.X Range] - External - shared with host.
[vSwitch2] - Internal using 192.168.35.0/27 ranges on the boxes

DC1 - [vSwitch1] + [vSwitch2] + RRAS
DC2 - [vSwitch2]
etc etc - [vSwitch2's]

RouterA [vSwitch2 x2] - this was an XP box with RRAS routing between two subnets on 192.168.35.0/27 ranges
Couple of boxes behind here.

So the same as you, as long as DC1 was up my route to the outside world was good.

As mine is a desktop box though I've since added in a secondary NIC which is used by the VMs instead of sharing my main one with the host box - but this hasn't changed my VMs internal setups, just the physical adapter they are using.

 

Excellent, thanks a lot for the help. Good to hear I was a least on the right track!
It's so far so good with this setup. I suppose I could set up a little XP VM an use that as my router as opposed to one of my server VMs, but for the minute I use that server more than any other so it's powered up almost all the time.

Now then, DNS.....

Cheers all!

 

OK, I started to get some issues with the setup I was using (long startup times from the second subnet servers), and as I wanted to go through the exercises in the DNS chapter again, I decided to start again and try something different, which appears to work in the same way, but seems 'tidier'...!

Current setup is now:

Hyper V Switches:
1. An Internal vSwitch with an IP of 192.168.137.1. This shares the laptop (host) WiFi NIC's internet connection
2. A Private vSwitch for the first subnet range of 10.0.0.x
3. A Private vSwitch for the second subnet range of 10.0.10.x

The private switches don't create an additional NIC on the host, and instead are only available to the VMs, which keeps the host tidy.

Created a VM dedicated to routing, which has all three vSwitches connected. Inside this VM, I've configured the first connection with an IP of 192.168.137.254, gateway of 192.168.137.1, and OpenDNS servers.
The other two connections are configured inside this VM with IPs of 10.0.0.1 and 10.0.10.1 respectively.

RRAS is then enabled on this VM, with NAT applied to the 192.168.137.1 connection. Here I've enabled RRAS in only NAT mode, before I was using NAT and LAN routing.


Then, in a server in the first subnet, give an IP of 10.0.0.x, gateway of 10.0.0.1, and OpenDNS (for now, until I install the DNS role, then it'll be itself)

Same this on a server in second subnet, but IPs in the range 10.0.10.x


This seems to work and means I just need to add a new Private vSwitch for each subnet I want, and connect it to the ROUTERSERVER VM.


Fingers crossed!

 

Good plan - you're effectively emulating a physical router on that VM which is giving you a good idea of most live environments you'll get in the small business area.

If you wanted to push that emulation further you could rig the box up using Pfsense instead of a Windows box with RRAS.

 

That looks interesting. Is that something that runs on my host or is it an OS in itself that I could run in a VM? I'll have to check it out in more detail.

Sorry to keep going with the questions but something I've just noticed, I've now installed the DNS role on one of the servers in my 10.0.10.x range (10.0.10.10), and set the other VMs in that subnet to use it as a DNS server.

Things seem to be working ok, I have internet access across the subnet, but I have noticed that when booting up the DNS server logs these errors:

407 - The DNS server could not bind a UDP socket to 10.0.10.10
408 - The DNS server could not open socket for 10.0.10.10
404 - The DNS server could not bind a TCP socket to 10.0.10.10

Doing some Googling on these errors tends to bring up problems people are having running DNS and NAT on the same server. Although I'm not, could these errors be down to running RRAS NAT on the ROUTERSERVER that's connected to the same vSwitch?

- - - Updated - - -

May have been getting ahead of myself but not sure. Now that I've installed the AD DS role on the DNS server and DNS has become integrated, the errors don't seem to be happening on restart. Could possible have been because there were no records in DNS, whereas now there is a record for the server itself?

 

Pfsense is an entire VM itself replacing the ROUTERSERVER that you have.

As for the DNS errors it's hard to tell without knowing your exact setup, but if they've gone now then it's not too much of a concern.

There was an error with a previous update that adjusted/broke the socket allocation pool for DNS: You experience issues with UDP-dependent network services after you install DNS Server service security update 953230 (MS08-037) - further port change details: The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008 - again not sure if it's relevant to you though.

 

Thanks a lot, I'll look into those tomorrow. Massive thumbs up!

 

Hmm. Some odd goings on now....

Since creating this setup, I've been doing some of the exercises in the training kit, which basically involve spinning up 3 servers in the same subet, making each a domain controller and DNS server, and performing some zone delegations between them.

Seemed fine last night before I shut down, but powering any of the servers in that subnet today I got a long hang at Applying Computer Settings and have no internet access on it.

On the first of the DNS servers (which has itself as DNS server in it's IP config), in DNS logs, I'm getting:

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto
this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.


And in AD DS logs, I can see things like "The attempt to establish a replication link for the following writable directory partition failed..."

It seems to basically point to DNS not working, which I know can cause these long logon times and problems with Active Directory.

Interestingly I also see no mappings coming up in RRAS on the ROUTERSERVER, as if nothing is getting through to it.
I've tried opening up the firewall on ROUTERSERVER with no changes, and I can ping the gateway for this subnet (10.0.10.1) from all the VMs in the subnet.

I can't work out if this is to do with something in the link you provided as that seems to suggest issues with other services because DNS takes priority on a port. Could I be missing something?!

Thanks,