Tagged traffic between Hyper-V hosts?

Mike Rodrick

Hey Adam,

I would agree.

VM1 and VM2 should be able to connect. They are on the same VLAN and connected to the same Hyper-V switch, so the traffic never leaves server1.

VM1 will not be able to connect to VM5. While they are on the same VLAN, they are connected to different virtual switches on separate servers. The traffic will be routed from server1 to server2 across the physical network. As you stated, if the physical switches are not configured with VLANs, the packets will be dropped.

The rest of the VMs are either on a different VLAN, or not configured with a VLAN ID.

Mike

Ronnie Wong

@adam-tyler,

Let me also add to the other end of Mike's great explanation that I thought about here. What if you wanted to allow for communication between these VMs on different hosts and in different vlans. You've got two additional options.

You can add another vNIC for and put apply the VLAN ID you want to connect to it, then connect that vNIC to the vSwitch with the correct VLAN ID. or
YouConfigure the virtual network word adapter in trunk mode using the Set-VMNetworkAdapterVlan cmdlet.

Angie

This post is deleted!

Adam Tyler

@Ronnie-Wong Way to confuse the heck out of me Ronnie!!! ;)

On your first point... You said that adding another vNIC to each VM and assigning a new VLAN tag would allow for communication between physical Hyper-V servers? If so, I have to disagree. VMs on the same server using the same VLAN tag would be able to communicate as is the case in the original screenshot between VM1 and VM2. However, VMs hosted on different Hyper-V servers or different virtual switches would not be able to communicate depending on the physical switchport configuration and cabling of the physical network. In the case of this practice question, the switchports are configured as access ports and should just drop tagged packets all together. Or did I misunderstand your comment on point one?

On your second point, you actually made me aware of a feature I didn't know existed in Hyper-V. I have created port groups in VMware ESXi on distributed virtual switches which support trunking, but didn't realize that Hyper-V supported this too. For some reason Microsoft didn't feel it was important to expose this feature to the GUI, but sure enough, you can create a trunk port passed directly to the VMs vNIC using a command like the following..

Set-VMNetworkAdapterVlan -VMName Demo -Trunk AllowedVlanIdList 100-150 -NativeVlanId 2

Assuming the physical network switchport was still set in "Access Mode", the untagged traffic coming from the "NativeVlanId" might be passed between physical hosts over physical network switching? Am I following that correctly? Even if the access port VLAN setting on the physical switch didn't match the VMs Native VLAN Id? In any case, this feels like a one off that probably won't show on the exam.

Regards,
Adam Tyler

Ronnie Wong

@Adam-Tyler said in Tagged traffic between Hyper-V hosts?:

On your first point... You said that adding another vNIC to each VM and assigning a new VLAN tag would allow for communication between physical Hyper-V servers? If so, I have to disagree. VMs on the same server using the same VLAN tag would be able to communicate as is the case in the original screenshot between VM1 and VM2. However, VMs hosted on different Hyper-V servers or different virtual switches would not be able to communicate depending on the physical switchport configuration and cabling of the physical network. In the case of this practice question, the switchports are configured as access ports and should just drop tagged packets all together. Or did I misunderstand your comment on point one?
On your first point... You said that adding another vNIC to each VM and assigning a new VLAN tag would allow for communication between physical Hyper-V servers?

Connect more virtual network adapters to appropriate virtual switches and assign the VLAN IDs. Make sure to configure the IP addresses correctly and that the traffic you want to route through the VLAN also uses the correct IP address

I was trying to sum it up quickly but here's the link to what I attempted to say.
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/configure-virtual-local-areal-networks-for-hyper-v

Adam Tyler

Thanks Ronnie. Just read through that article. It covers three points... The first to configure a VLAN tag on the external virtual switch. My understanding of this setting is that it only exists to allow the "host" operating system to drop into a particular VLAN for management purposes only. In my lab, the VLAN setting on the virtual switch is titled "Enable virtual LAN identification for management operating system".

The second point discusses setting a VLAN tag on the VMs vNIC. This would allow the VM to send tagged packets using the VLAN specified. Which would only work between physical hosts if the physical switchport was configured as a trunk. Correct?

The third point discusses a couple of options if the VM needs to use more than one VLAN. option 1 is to add more than one vNIC with a different VLAN specified. Again, this would only work between physical hosts if the physical switchport was configured as a trunk.. Correct?

Option 2 is configure the VMs vNIC as a trunk using the special super secret hidden command: Set-VMNetworkAdapterVlan... However this would also require that the physical switchport be configured as a trunk for VMs between hosts to communicate. It would also require that the guest VM OS tag the traffic prior to entering the vSwitch.

Am I close?

Regards,
Adam Tyler

Adam Gordon

Adam,

Just jumping in here quickly, you are correct on both. :)

Cheers,

Aadam

Ronnie Wong

@Adam-Tyler,
Yep what Adam said!