No…. Gordon
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Eric Wittersheim Sent: Thursday, April 20, 2017 2:48 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] RE: Hyper-V host networking issue VLAN ? Do you have the NICs teamed on the HyperV server? On Apr 20, 2017 3:39 PM, "Gordon Pegue" <gpe...@unm.edu<mailto:gpe...@unm.edu>> wrote: I don't think Multicast is the culprit... At least, not at the firewall: show mroute reports "No mroute entries found" on both firewalls; show mfib reports "Multicast Default Forwarding Table not found" on both firewalls. Gordon -----Original Message----- From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Melvin Backus Sent: Thursday, April 20, 2017 1:32 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] RE: Hyper-V host networking issue This sounds similar to issues we had when we initially setup some load balancing servers in our environment. As I recall it was something about the way it handled multicast traffic for the VIP. VMware handled one way, other environments handled it another way, and many firewalls were in each camp so it was something we had to confirm end to end. Sorry for the lack of specifics but multicasting was the key in that case and is something that could easily have change by default between versions of a firewall setup. No configuration difference because they both use "default" but default is different. :( -- There are 10 kinds of people in the world... those who understand binary and those who don't. -----Original Message----- From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Gordon Pegue Sent: Thursday, April 20, 2017 3:01 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] Hyper-V host networking issue Greets -- I've got a head-scratcher that my google-fu is not resolving. I have a Cisco ASA 5505 firewall in place at my university department perimeter. I have four physical Dell PowerEdge T710 servers on the LAN, all running WinSrvr 2008R2 x64 Enterprise. Three of the physical servers are Hyper-V machines, each hosting at least 2 WinSrvr 2008R2 x64 Enterprise guest VM's. (And one of the Hyper-V host machines has its guest VM's stopped and disabled as the physical box is going to be repurposed) All four servers have the Broadcom BCM5709C NetXtreme II GigE NIC's. The 3 Hyper-V boxes are each configured with the Virtual Switch bound to a single NIC and a statically addressed Virtual Network for the box. The VM's each have statically addressed Virtual Machine Bus Network Adapters configured. Networking/everything is fine, no problems - when using the existing firewall. I've seen none of the Broadcom issues that have been reported. I have a second ASA 5505 firewall, with up-to-date firmware and more RAM (and a maintenance agreement with a Cisco VAR - which is why I want to swap out the device). The FW configuration settings are identical, with the exception of the boot image that loads when the firewall is rebooted. If I remove my existing Cisco and replace it with the new Cisco, the Hyper-V host servers lose their network connection, which of course means the VM's lose theirs too. The one physical Dell box that is not a Hyper-V host works just fine with either firewall! But not the Hyper-V boxes.... As I said, my google-fu is not working too well in this instance. Most hits talk about intermittent/random loss of connectivity (which I'm NOT seeing) and suggest that the possible answer is to use the following registry hack to disable TCP Offloading on the VM's: Key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value(DWORD): DisableTaskOffload = 1 Now the catch-22 for me? I work for a university law enforcement agency which is 24x7x365 so I obviously cannot be blowing up internet access willy-nilly as I try different possible solutions... So... I tried clearing the arp cache on the hyper-v hosts to no effect. I've not tried anything else yet other than to reinstall the existing firewall so that my department (and my officers in the field can use their in-car KDT's) is back up. If networking with my existing ASA 5505 is fine, why are my hyper-v boxes dropping the connection when I plug in the new ASA? What the heck am I missing? TIA Gordon
