No trafic to some VMs on HyperV failover cluster

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
pmo
Posts: 4
Joined: Fri Apr 22, 2022 12:35 pm

No trafic to some VMs on HyperV failover cluster

Post by pmo » Fri Apr 22, 2022 1:00 pm

Hi all,

I'm facing to a curious problem on our system.

We have 2 physical servers (WS 2019), hyperV both with failover clustering.
Some VMs are hosted by HPV-1, some others VMs are hosted by HPV-2.
DHCP Server is on DC1 hosted by HPV1.
Softether VPN Server is installed on HPV-1, native protocol through 5555 port, the local bridge is defined to VM Network interface.

The problem I'm faced is external clients well take DHCP address by DC1, connection OK, but:
- no trafic (ping or other) to VMs hosted by HPV-1
- trafic is OK to HPV-1 directly
- all trafic OK from and to HPV-2 hosted VMs

If I move VMs to HPV-2, all becomes OK again to all VMs.
I move VMs to their original location, trafic is KO for ones hosted by HPV-1.

I tried the following without any success:
- disable firewalls on HPV or VMs
- disable ESET Security also
- uninstall and reinstall SE

I really don't understand why trafic is not passing to hosted VMs by HPV-1. Seems a route issue but no idea...
Any idea would be really appreciated!

pmo
Posts: 4
Joined: Fri Apr 22, 2022 12:35 pm

Re: No trafic to some VMs on HyperV failover cluster

Post by pmo » Fri Apr 22, 2022 1:20 pm

Little update I just see at this moment.

On Manage Sessions of the virtual Hub page, then "IP Table of selected sessions" on LOCALBRIDGE, I can see all lan machines on the network including HPV-1 (on which is installed SoftEther) BUT no one of the HPV-1 hosted VMs.

The issue may be somewhere here.

solo
Posts: 352
Joined: Sun Feb 14, 2021 10:31 am

Re: No trafic to some VMs on HyperV failover cluster

Post by solo » Sat Apr 23, 2022 12:13 am

Double-check that every vNIC involved has "MAC Address Spoofing" enabled.

pmo
Posts: 4
Joined: Fri Apr 22, 2022 12:35 pm

Re: No trafic to some VMs on HyperV failover cluster

Post by pmo » Sun Apr 24, 2022 11:47 am

I’ve read some posts about it, tried to enable even reboot VMs, with no success.
That I don’t understand is all network instances on lan are reachable and ONLY the VMs hosted by HPV with Softether are not.
If I move these VMs to another hypervisor it becomes reachable without change anything else.

What I didn’t check is to enable for all VMs, only tested with one of them (because the other I cannot reboot easily).
Would you think it should be any difference between only one and all? Any technical reason for that?

solo
Posts: 352
Joined: Sun Feb 14, 2021 10:31 am

Re: No trafic to some VMs on HyperV failover cluster

Post by solo » Sun Apr 24, 2022 3:35 pm

OK, on HPV1 management OS vNIC set "Port Mirroring" to destination mode, while the VMs to source mode. It should work without a reboot.

pmo
Posts: 4
Joined: Fri Apr 22, 2022 12:35 pm

Re: No trafic to some VMs on HyperV failover cluster

Post by pmo » Mon Apr 25, 2022 6:30 am

I was not really reassured to do that because one of the VMs hosted by this HyperV assumes a quite huge network charge (file and SQL server), I fear that port mirroring would add quite big supplementary network load on VM network due to mirroring.

Asking me this question, I remembered SoftEther was initially configured with local bridge defined on VM network virtual switch. I tried to change the configuration with local bridge to HPV management interface (physically separate and dedicated network card, not virtual switch), and all trafic is OK now...

My believe is there is an issue (or not issue but symptom present anyway) with local bridge set to VMs virtual switch. The trafic seems to be better passed through separate interface.

I don't tell that your proposition is not the good one, just I was not really confident about that :)

Anyway many thanks to give me your ideas, this made me take a step back!

Post Reply