I have been doing some re designing on my home lab lately.
I have one Hyper-V physical server, with 64 gb of RAM and SSD storage for virtual machines.
to separate my lab devices from my home network, I created Hyper-V virtual switches for each lab site that I wanted. These were all internal Hyper-V switches, so they could not communicate to each other or my home network. My virtual switches manager looked like this:
In order to route traffic between them, I had been using Vyatta (now Vyos) virtual router. I added a virtual NIC to the vyatta router VM for each network I wanted to connect, configured the ethernet interfaces within the router, and all was working fine.
However, I have been testing VMM 2012R2 deployments, and VMM2012R2 does not recognise the “internal” or “private” switch types on managed Hyper-V hosts. It will only allow configuration of external switches for logical networks, and VM networks are typically isolated through vlans, or network virtualization.
So the steps, should be simple, and essentially the same as using physical switches. Configure only the external virtual switch in Hyper-V, connect all my lab VM’s to that switch, but set a VLAN tag, and configure a single interface in the router VM to be a VLAN trunk interface for all of these VLANs.
Here is my example lab VM nic setup:
This works fine for the client NIC’s, but there is no setting for multiple VLAN tags, so there is no way in the Hyper-V GUI to configure any VM NIC adapter as a VLAN trunk.
Powershell to the rescue:
Get-VMNetworkAdapter -VMName VMNAME | Where-Object -Property MacAddress -eq "MACADDRESS" |
Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList 100-110 -NativeVlanId 100
Replace the word VMNAME with your VM name, and MACADDRESS with the VM’s NIC MAC address (NO SPACES/DASHES) – to confirm the format run get-vmnetworkadapter.
viola, this has now configured the interface as a trunk. On a side note, Vyatta still didnt work. I was using version 6.5, which didn’t support it. I did upgrade my VM to the latest VyOS (1.1.5) and while this was successfull using the in place upgrade, it did something to the Hyper-V integration settings and I lost all my NIC’s.
The commands to configure Vyatta/Vyos as a trunk are:
Set interfaces Ethernet eth0 vif 101 address 10.0.1.1/24
Set interfaces Ethernet eth0 vif 102 address 10.0.2.1/24
Set interfaces Ethernet eth0 vif 103 address 10.0.3.1/24
With this setup, VM’s could not ping the gateways defined above, and vice versa.
Since I had already been testing with a different network appliance to allow for more robust firewalls to test DMZ scenarios, I deciede to try Sophos Unified Thread Management (UTM) – which I much prefer anyway for the firewall and proxy capabilities. Configuring a single interface with all of my VLANs (trunk) worked fine in Sophos.
After configuring Sophos as above, AND allowing the connections through the firewall, (I temporarily created an any-any rule) – I could ping from VM to VLAN interface, and VLAN to VLAN.