VLAN ? Do you have the NICs teamed on the HyperV server? On Apr 20, 2017 3:39 PM, "Gordon Pegue" <[email protected]> wrote:
> I don't think Multicast is the culprit... At least, not at the firewall: > show mroute reports "No mroute entries found" on both firewalls; > show mfib reports "Multicast Default Forwarding Table not found" on both > firewalls. > > Gordon > > -----Original Message----- > From: [email protected] [mailto:listsadmin@lists. > myitforum.com] On Behalf Of Melvin Backus > Sent: Thursday, April 20, 2017 1:32 PM > To: [email protected] > Subject: [NTSysADM] RE: Hyper-V host networking issue > > This sounds similar to issues we had when we initially setup some load > balancing servers in our environment. As I recall it was something about > the way it handled multicast traffic for the VIP. VMware handled one way, > other environments handled it another way, and many firewalls were in each > camp so it was something we had to confirm end to end. Sorry for the lack > of specifics but multicasting was the key in that case and is something > that could easily have change by default between versions of a firewall > setup. No configuration difference because they both use "default" but > default is different. :( > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > -----Original Message----- > From: [email protected] [mailto:listsadmin@lists. > myitforum.com] On Behalf Of Gordon Pegue > Sent: Thursday, April 20, 2017 3:01 PM > To: [email protected] > Subject: [NTSysADM] Hyper-V host networking issue > > Greets -- > > I've got a head-scratcher that my google-fu is not resolving. > > I have a Cisco ASA 5505 firewall in place at my university department > perimeter. > > I have four physical Dell PowerEdge T710 servers on the LAN, all running > WinSrvr 2008R2 x64 Enterprise. > > Three of the physical servers are Hyper-V machines, each hosting at least > 2 WinSrvr 2008R2 x64 Enterprise guest VM's. > (And one of the Hyper-V host machines has its guest VM's stopped and > disabled as the physical box is going to be repurposed) > > All four servers have the Broadcom BCM5709C NetXtreme II GigE NIC's. > The 3 Hyper-V boxes are each configured with the Virtual Switch bound to a > single NIC and a statically addressed Virtual Network for the box. > The VM's each have statically addressed Virtual Machine Bus Network > Adapters configured. > > Networking/everything is fine, no problems - when using the existing > firewall. > I've seen none of the Broadcom issues that have been reported. > > > I have a second ASA 5505 firewall, with up-to-date firmware and more RAM > (and a maintenance agreement with a Cisco VAR - which is why I want to swap > out the device). > The FW configuration settings are identical, with the exception of the > boot image that loads when the firewall is rebooted. > > If I remove my existing Cisco and replace it with the new Cisco, the > Hyper-V host servers lose their network connection, which of course means > the VM's lose theirs too. > The one physical Dell box that is not a Hyper-V host works just fine with > either firewall! But not the Hyper-V boxes.... > > As I said, my google-fu is not working too well in this instance. Most > hits talk about intermittent/random loss of connectivity (which I'm NOT > seeing) and suggest that the possible answer is to use the following > registry hack to disable TCP Offloading on the VM's: > > Key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters > Value(DWORD): DisableTaskOffload = 1 > > Now the catch-22 for me? I work for a university law enforcement agency > which is 24x7x365 so I obviously cannot be blowing up internet access > willy-nilly as I try different possible solutions... > So... I tried clearing the arp cache on the hyper-v hosts to no effect. > I've not tried anything else yet other than to reinstall the existing > firewall so that my department (and my officers in the field can use their > in-car KDT's) is back up. > > > > If networking with my existing ASA 5505 is fine, why are my hyper-v boxes > dropping the connection when I plug in the new ASA? > What the heck am I missing? > > TIA > Gordon > > > > > > >
