Most of us IT Pros usually have a lab of some kind. Mostly running some form of virtualization and if you are Microsoft savvy, chances are you are running Hyper-V either on Windows 7/8 pro edition so you can carry your lab around with you or have a Windows Server with Hyper-V. When we try to mimic real world complexities in these labs, routing becomes one essential component of these labs.
Most of the times we are squeezed for resources and if you are like me, you would like to avoid creating an extra VM for routing and use those resources for something else when possible.
So the obvious question that comes up often is how do you route between your lab VMs on Hyper-V without creating an extra “router” VM?
For this article, let’s assume a small lab. The one where you have all VMs located on single host. Your need to have 2 subnets connected via a router.
I have setup a single Windows Server 2012 R2 host for this article. I have also created two VMs that will go on two networks I mentioned earlier. Let’s assume one VM is going to be New York, I call it NY-S1. We are going to have another machine somewhere in Europe. I call it EU-S1. Here’s what the IP addressing looks like:
|Subnet||VM||VM IP||Router IP|
Now that we know how we need our lab setup, let’s see how we can configure it. The question is, who is playing role of a router? The answer is very simple: Hyper-V host! And no you don’t need to install RRAS on the host either! What I am going to show you is an age old trick!
KB Article KB323339 from Microsoft discussed how to enable TCP/IP forwarding on Windows Server 2003, however, the referred registry entry “IPEnableRouter” can be traced all the way back to Windows NT 4. When you change IPEnableRouter from 0 to 1, you are allowing packets from one interface to be forwarded to any other interface connected to the same server. i.e. you are making it a router!
So let’s configure our Windows Server 2012 R2 host first. To keep this simple, I will use elevated PowerShell and run the following:
Set-ItemProperty -Path HKLM:\system\CurrentControlSet\services\Tcpip\Parameters -Name IpEnableRouter -Value 1
There is going to be no response from PowerShell except it will return you back to prompt. If you get something back, most likely it would be because you didn’t elevate PowerShell or you don’t have administrative permissions to edit that registry key.
Since we are changing parameters for TCPIP service, the change won’t be effective until after a reboot. Go ahead and reboot your Hyper-V host now.
Once your host is rebooted, we are ready to configure host networks. We will create two networks using “internal” type for virtual switch. One for NY and one for EU. We will simply call them that to make it easy. Here’s how:
New-VMSwitch -Name “NY” -SwitchType Internal
New-VMSwitch -Name “EU” -SwitchType Internal
Sorry if you were expecting GUI and screenshots. I am sure you can figure that out if you don’t want to use PowerShell.
Before we work on VMs, we have one more step to complete on host. You will notice that when you create two switches above, two new NICs showed up in your Network and Sharing Center. Each named “vEthernet (NY)” and “vEthernet (EU)”. Let’s give each one its IP:
New-NetIPAddress -InterfaceAlias ‘vEthernet (NY)’ -IPAddress 172.16.111.1 -PrefixLength 24
New-NetIPAddress -InterfaceAlias ‘vEthernet (EU)’ -IPAddress 172.16.112.1 -PrefixLength 24
This will configure host interfaces with IP addresses that will become default gateway for VMs.
Phew, on home stretch. With host configuration out of the way we can now connect VMs to their respective switches:
Connect-VMNetworkAdapter -VMName NY-S1 -SwitchName NY
Connect-VMNetworkAdapter -VMName EU-S1 -SwitchName EU
Last step is to configure VMs with their respective IP and default gateway. I am sure this isn’t something you need help with so go ahead and take care of that step.
At this time, you should be able to ping EU VM from NY and vice versa. Keep in mind that default firewall rules on your VM may be blocking ICMP and you may get request timed out. If so, check your firewall configuration and allow ICMP or test using something else that is allowed by firewall rules.
How’s that for a router that’s built-into your environment and doesn’t need an extra VM chewing up those valuable computer resources?
In Part 2, we will discuss how you can configure routing if you have multiple Hyper-V hosts in your lab.
Remember, all things discussed in this articles are for your LAB not for your production environment. Please use proper routing for that.
[…] of routing, Bhargav from Kemp Technologies has an excellent blog on using Windows Server as a router in your lab. You can use a router to emulate a WAN, or you can use a router to stand in for a […]
This is a great article, thank you for that!
One question though: how do I set up the 2 VMs to connect to the Internet through the host, if the host has only one physical NIC?
For Internet access, you have one of the two options. The default gateway on your host that is acting as a router should point to your router connected to internet (for home labs, that would be your ISP provided device). It’s important that your internet router knows how to get traffic back to VMs, commonly that would be achieved by using static routes.
Second option (my personal preference) is to use a dedicated VM for this and use RRAS role on it to NAT traffic from VMs to “outside” network which is connected to internet.
interesting article, one challenge though.
How would that work with a DC with DHCP and RRAS?
Let me explain:
I have a DC with DHCP, DNS etc..
That DC has also RRAS with NAT routing installed, so clients go through the DC for internet. That works fine.
But now I want a new subnet: 192.168.20.0/24 (already have 192.168.10.0/24)
I could see that they might connect to each other with the registry–tweak and fixed IPs (didn’t try), but how can I still use DHCP for both subnets from the same DC for that?
For DHCP to understand where the request is coming from, it relies on DHCP relay agent. Since you already have RRAS setup, why not use that as a router? You can enable DHCP relay in RRAS: http://technet.microsoft.com/en-us/library/cc757815(v=WS.10).aspx. More details on how it works: http://technet.microsoft.com/en-us/library/cc758865(v=WS.10).aspx.
Alternative would be to have a NIC on DHCP server attached to each subnet, which becomes unmanageable if you have add more subnets in future.
this got me going. Thanks!
I’ve added the relay and the noticed that traffic between subnets worked fine, but only the first, original one, had internet, while the 2nd had name resolution working, it timed out.
Since the new switches didn’t show up in RRAS I figured to start with RRAS from scratch, then they showed up.
Added LAN and NAT this time but not DHCP relay.
But not DHCP and internet worked and this without the relay.
I also didn’t define the gateways (x.x.x.254) anywhere, still it worked.
I guess that’s why:
The DC has two nics, connected to each subnet switch.
Those nics use 192.168.10.1 and 192.168.20.1 and 20.1 is defined a router in the DHCP options.
If it would be physical I think I have that:
Client 1 (subnet1) Client 2 (subnet 2)
Basically I’ve connected the DC to two separate routers at the same time, the clients directly access the DC through that.
Is that a good choice? Is there a better one?
The other problem I have now is network boot.
While it works on subnet 1, that’s where the pxe server is on, it doesn’t on subnet 2. And as there are no IP-helpers in a virtual switch, well I guess I can only use DHCP options. Which probably means dhcp relay again.
Wouldn’t mind if you add something about that also 🙂
PS: You can keep this private if you prefer.
It’s a good topic to talk about. I will keep that in mind and try to cover it time permitting.
Formating is messed up now 🙁
Excellent post and a most elegant solution to routing a simple home Hyper-V test lab. Keep up the good work =)
Thanks! Glad it is helpful.
I couldn’t get this to work on a Windows 10 Client, I have started the RRAS but still nothing gets routed at all. Is it possible to get this to work on a Client?
I am not sure about it. Haven’t tried doing this on Windows 10.
Thanks Bhargav for the article. I have implemented in my lab and its working fine.
Once I enabled the router in registry on one hyper-v host. All the VM’s in different subnet able to communicate with each other without specifying gateway.
Am I configured the subnet routing on right way?
Unless you have overlapping IP addresses, VMs should not be able to communicate until you provide default gateway address in IP configuration of the VM. I am not sure how it can route packets without DG!
This worked on Windows 10, additional step seems to have been to start the Routing and Remote Access service and set it to automatic, had do a restart of all vm’s including host.
For full detals :http://www.keepthetech.com/2016/01/enable-ip-routing-on-windows10.html
Thanks and Cheers.
Firstly Thank you for sharing this great guide.
Why I am only able to connect to a remote machine via an IP but fails when I use hostname?
I suspect DNS issue. Are you on home network? Most commonly, DNS on home network is serviced by your ISP router. I’d try to check DNS settings and make sure all servers and remote machines are using same DNS server so that they can be resolved by name.