IT, Cloud, Windows Etc

To content | To menu | To search

Tag - network

Entries feed - Comments feed

Sunday 6 March 2016

Nat in Windows 2016 Hyper-v

Windows Server 2016 TP 4 include a NAT mode for VmSwitch. Even if this feature is built for container, you can use it for all VM. The NAT engine is part of the Windows core routing engine. Nat VmSwitch will have the save limit.

The process is very simple, create a vmSwtich in NAT mode and Create NAT Policy in windows

$Subnet = "192.168.100.0/23"

New-VmSwitch –name SwNat -SwitchType NAT -NatSubnetAddress $Subnet
New-NetNat -Name NatPolicy -InternalIPInterfaceAddressPrefix $Subnet

The NatSubnetAdress and InternalIPInterfaceAddressPrefix must be the Same.

For now, it’s seem that you can only have one Nat Policy with an internal Ip interface. You will have an error If you already have a Nat Policy. It is the case if you test the container on the same host.

If so you can remove the nat policy if you don’t want to use

Get-netnat | remove-netnat 

Or you can simply use it. In this case, the subnet is 172.16.0.0/12

If you want more detail about NetNat you can use

PS>get-command –module NetNat

get-command.png

Get-netnat give you more detail about the netnat object
get-netnat.png

Get-NetNatExternalAddress will give you all external address used in the Nat instance.

Now you can setup a VM and plug it on the Nat Switch You will need to use an IP address in the subnet 192.168.100.0/23. The default gateway is 192.168.100.1.

Check that you can access to internet. Now you can map a service to your VM, a destination NAT.

Add-NetNatStaticMapping -NatName NatPolicy  -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 192.168.100.25 -InternalPort 80 -ExternalPort 80

This will create destination map from everywhere to the VM with 192.168.100.25 IP using standard http port.

Nat feature is a good solution for a containers host or a lab environment. With all this limitation you should use a more robust tool. You can choose Sophos UTM in VM or a windows 2012 R2/2016 with RAS or any other firewall/network virtual appliance.

Sunday 31 January 2016

Converged Fabric, Hyper-v Server and Mac confusion

Installing Hyper-v Server 2012 R2 is easy, Creating a converged fabric too. A converged fabric (or hyper-converged fabric) is a single external vSwitch connected to a team or a net adapter, with multiple vmnet adapters to server multiple roles (Management, live migration). It’s a good approach when using 10 Gbps adapters or for a lab.

Imagine the situation if you install your server via IPMI, create your converged fabric and add the management network adapter. But there is a problem. Hyper-v uses the first IPv4 on the server to build the range of MAC addresses for the virtual machine.

  • 00:15:5D for the Microsoft IEEE identifier
  • XX:XX corresponding of the 2 last octets from the first IPv4 of the server
  • The last byte, from 00 to FF for each virtual adapter

But what happen if you don’t have any IP Address. Hyper-v will assign 00:15:5D:00:00:00. Hyper-v Server wasn’t able to create a valid range. It’s not a problem for a single server, but if you have multiple servers connected to the same network, you are in trouble, and if you use a converged fabric all your servers can have the same MAC for the management adapter.

You can change that by creating the mac address range before your converged network.

PS>Set-VMHost -MacAddressMinimum 00155D020600 -MacAddressMaximum 00155D0206FF

And it’s not a bad idea to change the default Range by using something like server ID or Serial number.

Using VMM Bare Metal deployment prevent this problem