Hi all,
I'm facing to a curious problem on our system.
We have 2 physical servers (WS 2019), hyperV both with failover clustering.
Some VMs are hosted by HPV-1, some others VMs are hosted by HPV-2.
DHCP Server is on DC1 hosted by HPV1.
Softether VPN Server is installed on HPV-1, native protocol through 5555 port, the local bridge is defined to VM Network interface.
The problem I'm faced is external clients well take DHCP address by DC1, connection OK, but:
- no trafic (ping or other) to VMs hosted by HPV-1
- trafic is OK to HPV-1 directly
- all trafic OK from and to HPV-2 hosted VMs
If I move VMs to HPV-2, all becomes OK again to all VMs.
I move VMs to their original location, trafic is KO for ones hosted by HPV-1.
I tried the following without any success:
- disable firewalls on HPV or VMs
- disable ESET Security also
- uninstall and reinstall SE
I really don't understand why trafic is not passing to hosted VMs by HPV-1. Seems a route issue but no idea...
Any idea would be really appreciated!
No trafic to some VMs on HyperV failover cluster
-
- Posts: 4
- Joined: Fri Apr 22, 2022 12:35 pm
Re: No trafic to some VMs on HyperV failover cluster
Little update I just see at this moment.
On Manage Sessions of the virtual Hub page, then "IP Table of selected sessions" on LOCALBRIDGE, I can see all lan machines on the network including HPV-1 (on which is installed SoftEther) BUT no one of the HPV-1 hosted VMs.
The issue may be somewhere here.
On Manage Sessions of the virtual Hub page, then "IP Table of selected sessions" on LOCALBRIDGE, I can see all lan machines on the network including HPV-1 (on which is installed SoftEther) BUT no one of the HPV-1 hosted VMs.
The issue may be somewhere here.
-
- Posts: 1228
- Joined: Sun Feb 14, 2021 10:31 am
Re: No trafic to some VMs on HyperV failover cluster
Double-check that every vNIC involved has "MAC Address Spoofing" enabled.
-
- Posts: 4
- Joined: Fri Apr 22, 2022 12:35 pm
Re: No trafic to some VMs on HyperV failover cluster
I’ve read some posts about it, tried to enable even reboot VMs, with no success.
That I don’t understand is all network instances on lan are reachable and ONLY the VMs hosted by HPV with Softether are not.
If I move these VMs to another hypervisor it becomes reachable without change anything else.
What I didn’t check is to enable for all VMs, only tested with one of them (because the other I cannot reboot easily).
Would you think it should be any difference between only one and all? Any technical reason for that?
That I don’t understand is all network instances on lan are reachable and ONLY the VMs hosted by HPV with Softether are not.
If I move these VMs to another hypervisor it becomes reachable without change anything else.
What I didn’t check is to enable for all VMs, only tested with one of them (because the other I cannot reboot easily).
Would you think it should be any difference between only one and all? Any technical reason for that?
-
- Posts: 1228
- Joined: Sun Feb 14, 2021 10:31 am
Re: No trafic to some VMs on HyperV failover cluster
OK, on HPV1 management OS vNIC set "Port Mirroring" to destination mode, while the VMs to source mode. It should work without a reboot.
-
- Posts: 4
- Joined: Fri Apr 22, 2022 12:35 pm
Re: No trafic to some VMs on HyperV failover cluster
I was not really reassured to do that because one of the VMs hosted by this HyperV assumes a quite huge network charge (file and SQL server), I fear that port mirroring would add quite big supplementary network load on VM network due to mirroring.
Asking me this question, I remembered SoftEther was initially configured with local bridge defined on VM network virtual switch. I tried to change the configuration with local bridge to HPV management interface (physically separate and dedicated network card, not virtual switch), and all trafic is OK now...
My believe is there is an issue (or not issue but symptom present anyway) with local bridge set to VMs virtual switch. The trafic seems to be better passed through separate interface.
I don't tell that your proposition is not the good one, just I was not really confident about that :)
Anyway many thanks to give me your ideas, this made me take a step back!
Asking me this question, I remembered SoftEther was initially configured with local bridge defined on VM network virtual switch. I tried to change the configuration with local bridge to HPV management interface (physically separate and dedicated network card, not virtual switch), and all trafic is OK now...
My believe is there is an issue (or not issue but symptom present anyway) with local bridge set to VMs virtual switch. The trafic seems to be better passed through separate interface.
I don't tell that your proposition is not the good one, just I was not really confident about that :)
Anyway many thanks to give me your ideas, this made me take a step back!