Hyper-V – Configure The Host to Route Between Virtual Network Subnets

2011-01-13 Updated

2010-10-17 Initial Post

Windows Server 2008 R2, Enterprise

I decided to give this another shot today and try to figure out how to create multiple subnets/virtual networks so that I can set up a more realistic AD infrastructure with multiple sites/subnets.

When I looked into this briefly before, it seemed very involved with setting up Routing and Remote Access Service and possibly having to set up an actual VM as a router. Well, it turns out, there's a simpler way to accomplish what I needed.

I found two articles (listed at the bottom of this post) that were helpful. The first one gave me the gist of what to do and the second one was more detailed.  Even after following all the steps I still ran into an issue, which is why I'm posting this. I don't know if I ran into issues because I'm running Windows Server 2008 R2, Enterprise (the articles didn't mention R2) or as a result of some changes I had made before (I hadn't mess around with this Hyper-V host for months so I don't recall everything I had done on it).

These were basically the major steps mentinoned in both articles:

  • Set up a new internal virtual network for the new subnet and configure the IP address of that device in the host's Control Panel --> Network and Internet --> Network Connection.
  • In the host's registry, change the IPEnableRouter value to 1.
  • Add a static route to the new subnet on the physical network's router/gateway. [This ended up not being necessary with Internet Connection Sharing (ICS) is enabled.--2011-01-13]
  • Configure the NICs in the selected VMs for the new subnet.

I ended up with two virtual networks, vNet External 192.168.1.0/24 (this is the original one which is tied to the physical NIC) and vNet Internal 10.1.0.0/16 (this is for the new subnet).

So after I made all the changes, almost everthything worked. For some reason, I couldn't browse Internet Web sites from a VM in the 10.1.0.0 subnet. But from that same VM I could access the Web page of my physical router/gateway by going to http://192.168.1.1. This was really odd because I know that routing works, otherwise I wouldn't be able to access 192.168.1.1. The other odd thing was that from that same VM I couldn't connect to any other devices in the 192.168.1.0 subnet except for the physical router/gateway and the Hyper-V host server.

After some fiddling around, I was about to give up since at least I had my VMs on separate subnets and they were able to talk to each other. I could live with the one subnet not having Internet access.

Then I figured I'd try one more thing which was to enable ICS. Bingo! Now all subnets could see each other and also get out to the Internet. This is basically what I did to configure ICS:

  • On the host, go to  Control Panel --> Network and Internet --> Network Connection.
  • Enable ICS on the device named vNet External 192.168.10/24, selecting vNet Internal 10.1.0.0/16 as the device to allow sharing with. There was a prompt that ICS was going to change the IP address of something to 192.168.0.1 which I OK'd. The change was actually made on the device named vNet Internal 10.1.0.0/16.
  • Go into the device named vNet Internal 10.1.0.0/16 and change its IP address back to 10.1.0.1/24 (no default gateway).

Note: I was only able to get this working with two subnets--the physical NIC subnet and one virtual network subnet. The reason is that only one instance of ICS can be running at one time and it can only share Internet access with one other device. With this setup (Hyper-V host with routing and ICS enabled) the Hyper-V host proxies more than just HTTP/HTTPS traffic because from a computer on 10.1.0.0 I could browse a file share on a computer in 192.168.1.0. From the 192.168.1.0 computer, a nestat command showed the Hyper-V host (router/ICS) having a CIFS (port 445) session.

References:

http://www.dscoduc.com/2009/09/Hyper-V-Routing-without-a-Router-VM/

http://blog.mundy.co/Hyper-V/testing-sbs-in-hyper-v-isolating-dhcp-while-allowing-full-internet-connectivity (includes more detailed steps)

Leave a Reply

*