IPv6 in Windows environment for beginners – part 1 – ISP IPv6 delivery

March 13th, 2016

Here we go… I have my environment up and running… So first of all we need to ask our ISP to give us IPv6 addreses.
In my case my provider – Telekom Slovenije is providing me IPv6 addresses in two different ways – depending on what kind of device I have at the locations.

So first case is where we have a L3 switch from our provider and in this case we have a /64 prefix on “wan” side of our router (connecting prefix) and /56 prefix routed over second IP address of connection prefix (which you can then split into /64 prefixes on your internal intefaces / vlans):

[admin@xxxx] /ipv6> address print
Flags: X – disabled, I – invalid, D – dynamic, G – global, L – link-local
#    ADDRESS                                   INTERFACE                                                           ADVERTISE
0  G 2a00:ee1:xxx0::2/64              ether3 – IPv6 internet uplink                              no
1  G 2a00:ee1:xxx2::100/64          lan                                                                            no

[admin@xxxx] /ipv6> route print
Flags: X – disabled, A – active, D – dynamic, C – connect, S – static, r – rip, o – ospf, b – bgp, U – unreachable
#      DST-ADDRESS              GATEWAY                  DISTANCE
0 A S  ::/0                     2a00:ee1:6700::1                1
1 ADC  2a00:ee1:xxx0::/64       ether3 – IPv6 interne…        0
2 ADC  2a00:ee1:xxx2::/64       lan                             0

Second case is where we have PPPoE session established and we receive /56 prefix by so called prefix delegation (in detail described @ GO6.si blog)

[admin@xxxx] > ipv6 dhcp-client print detail
Flags: D – dynamic, X – disabled, I – invalid
0    interface=pppoe-out1 status=bound duid=”0x00030001d4ca6d38f875″ dhcp-server-v6=fe80::230:88ff:fe04:99ec
request=prefix add-default-route=yes use-peer-dns=no pool-name=”isp-pd” pool-prefix-length=56
prefix-hint=::/0 prefix=2a00:ee2:68xx:xxxx::/56, 1h51m46s

[admin@xxxx] > ipv6 address print
Flags: X – disabled, I – invalid, D – dynamic, G – global, L – link-local
#    ADDRESS                                      INTERFACE                          ADVERTISE
0  G 2a00:ee2:68xx:xxxx::1/64       lan                                             no

When this is configured we should be able to ping some IPv6 addresses from our routers… As there is no advertising enabled everything in our network will remain calm and quiet waiting for further configuration.

IPv6 in Windows environment for beginners

January 21st, 2016

Currently I am working on implementing dual-stack (so all servers and computers will run on IPv4 and IPv6 at the same time) in Windows envrironment with Active directory domain controlllers, other member servers (file server, DFS, SharePoint services…), Exchange server 2013, Lync/Skpye for business…

Purpose of this post is to walk you through the obstacles and difficulties while implementing both protocols to work together…

So basicaly we need to know the folowing:

We have one (or more) public IPv4 addresses which we NAT in our private networks where we have our servers…
Our providers gives us some IPv6 prefix for “wan” interface of our router and over that there is a routed prefix which we will use internaly (you need to know there are public – or globaly routed IPv6 addresses inside your network – SO TAKE CARE of your Firewall roules (We will cover that later)).

Simple steps to implement dual stack is to:

a. Get IPv6 from your provider
b. Have a router that understands IPv6 :)
c. Configure router advertisment on internal network with M (managed (this will force users to use DHCPv6 instead of autoconfiguring IPv6 (SLAAC)) and O (other configuration (this will point clients to DHCPv6 server to get DNS servers (your domain controllers IPv6 addresses)) flag
d. Configure DHCP server on your Windows server with DHCPv6 parameters (prefix, exclusions, DNS servers (called: 00023 DNS Recursive Name Server IPv6 Address)
e. disable DHCP client on servers that use static IPv4/IPv6 addresses (if you do not do that your servers will autoconfigure additional IPv6 addresses as told by RA…) You can use Powershell: Set-NetIPInterface –InterfaceIndex <number> -Dhcp Disabled

Simple Hyper-V replica warning / critical state notification…

March 5th, 2015

I have been searching for a simple solution to get the notification when something goes wrong with Hyper-V replica replication… The problem is that things can go realy bad if you have Hyper-V replica in critical state for long period of time (AVHD differential disk grows and can make a big mess on source server…)

So here is the PS script that checks replica health and sends mail if one or more of VMs have Warning or Critical replication state.

You can modify sending parameters by looking at examples @ http://petermorrissey.blogspot.com/2013/01/sending-smtp-emails-with-powershell.html

Just save the script as (for example) c:\hvreplicamon\hvreplicamon.ps1

Create a Task Scheduler taks (screenshots below)

if ((Get-VMReplication | select-string -inputobject {$_.Health} -pattern “Warning”) -like “Warning”)
{
$SMTPServer = “smtp.gmail.com”
$SMTPPort = “587”
$Username = “username@gmail.com
$Password = “password”
$to = “my@emailwhereiwanttoreceivealert.com
$subject = “Replica WARNING error on SERVERNAME”
$message = New-Object System.Net.Mail.MailMessage
$message.subject = $subject
$message.to.add($to)
$message.from = $username
$smtp = New-Object System.Net.Mail.SmtpClient($SMTPServer, $SMTPPort);
$smtp.EnableSSL = $true
$smtp.Credentials = New-Object System.Net.NetworkCredential($Username, $Password);
$smtp.send($message)
}
elseif ((Get-VMReplication | select-string -inputobject {$_.Health} -pattern “Critical”) -like “Critical”)
{
$SMTPServer = “smtp.gmail.com”
$SMTPPort = “587”
$Username = “username@gmail.com
$Password = “password”
$to = “my@emailwhereiwanttoreceivealert.com
$subject = “Replica CRITICAL error on SERVERNAME”
$message = New-Object System.Net.Mail.MailMessage
$message.subject = $subject
$message.to.add($to)
$message.from = $username
$smtp = New-Object System.Net.Mail.SmtpClient($SMTPServer, $SMTPPort);
$smtp.EnableSSL = $true
$smtp.Credentials = New-Object System.Net.NetworkCredential($Username, $Password);
$smtp.send($message)
}

Task Scheduler task parameters

task1

task2

task3

Windows server 2012 R2 – A port on the virtual switch has the same MAC as one of the underlying team members on Team Nic Microsoft Network Adapter Multiplexor Driver

February 4th, 2015

If you have two or more NICs joined in a Team by using Windows server teaming solution and then you use this Team as a base for Virtual switch in Hyper-V and you enable “Allow management operating system to share this network adapter” like:

003 004 005

you will find warnings in system Event log:

A port on the virtual switch has the same MAC as one of the underlying team members on Team Nic Microsoft Network Adapter Multiplexor Driver

001

Check your NICs by using Powershell cmdlet: get-netadapter | ft Name,MacAddress

002

You need to change MAC addresses of your Virtual Switch management interface (vEthernet (xxx)) by using Powershell cmdlet: set-netadapter -name “vEthernet (XXX)” -macaddress xx:xx:xx:xx:xx:xx

007

and MAC addresses of your network cards (in my case 4 NICs) you can leave Team interface mac address alone…

009

There will be no errors in Event log any more :)

HP DL380 G8 – Windows server 2012 R2 NIC Teaming (HP Ethernet 1Gb 4-port 331FLR Adapter) – stops working after some time…

February 1st, 2015

I have two HP DL 380 G8 servers with Windows server 2012 R2 OS. I have formed NIC teams by using Windows – built-in NIC teaming.

It Works perfectly but after a week or two teams stop working – the only mode to get server online again is to disable and re-enable physical network cards.

Server uses: HP Ethernet 1Gb 4-port 331FLR Adapter – I have upgraded firmware to latest version (that was available on 1.2.2015) and also updated drivers – but the problem persist.

For a current workaround I have scripted a powershell script that checks connectivity and cycle network adapters:

if (Test-Connection 8.8.8.8 -Count 1 -ErrorAction SilentlyContinue)
{
Add-Content C:\watchdog\result.txt “`nUP”
}
else
{
Disable-NetAdapter -Name “Ethernet” -Confirm:$false
Enable-NetAdapter -Name “Ethernet”
Disable-NetAdapter -Name “Ethernet 2” -Confirm:$false
Enable-NetAdapter -Name “Ethernet 2”
Disable-NetAdapter -Name “Ethernet 3” -Confirm:$false
Enable-NetAdapter -Name “Ethernet 3”
Disable-NetAdapter -Name “Ethernet 4” -Confirm:$false
Enable-NetAdapter -Name “Ethernet 4”
$datenow = Get-Date
$datesult = “`n” + $datenow + ” Repaired”
$datesult | Add-Content C:\watchdog\result.txt
}

Save as script.ps1

and create a task scheduler task with parameters:

Security options:
Run whether user is logged on or not
Run with highest privileges

Trigger:
Daily
Repeat every 5 minutes for 1 day

Action:
Start program: powershell
Add argument: -ExecutionPolicy bypass -file “C:\watchdog\net.ps1”

Your txt file should have similar entries – UP if network is working and Repaired with date and time if team failed and was repaired by scrpt:

UP
UP
UP
02/01/2015 12:25:49 Repaired
UP
UP

Windows server 2012 R2 Hyper-V Extended replica

September 1st, 2013

In Windows server 2012 R2 we can find a new DR functionality – extended hyper-v replica. In Windows server 2012 Hyper-V – replica was introduced – but some parameters were not as flexible as they are in a 2012 R2 preview. There was also possiblity to make hyper-v replica only to one location – so virtual machine that was running on one host was replicated only to an additional hyper-v host. Now you are able to do so called extended replication. It means that you are now able to replicate from location 1 to location 2 and from location 2 to location 3. So it is not possible to send replicas directly from a first hyper-v host to two others but from first to second and from second to third.

To see how it works you can check this video: http://screencast.com/t/8ZdQwdh3CM

Shared nothing live migration from Windows server 2012 to Windows server 2012 R2

September 1st, 2013

While we are waiting for Windows server 2012 R2 I just played with a feature that will come very useful after upgrading Hyper-V hosts to new version (R2). Microsoft did a great job with the possibility to live migrate (by using shared nothing live migration feature that was already available in Windows server 2012) from old Windows server 2012 hosts with Hyper-V to new Windows server 2012 R2 hosts with Hyper-V. So you will have zero downtime while upgrading your virtualization platform. This goes one way only – so only from older (Windows server 2012) to Windows server 2012 R2 and NOT vice versa.

Here is a video how it works – at the end I also demonstrated that it does not work in opposite direction.

http://screencast.com/t/yz0ggCbFki

Update: It will fail if you have different name for virtual switch – If you have a new name for virtual switch on new server I suggest that you create an “fictive” private virtual switch with the same name on original (old hyper-v). You are not able to choose virtual switch on destination.

NVGRE network virtualization on Hyper-V 3.0

February 13th, 2013

For all those who are interested in NVGRE network virtualization that come with Hyper-V 3.0 I suggest to take a look at articles:

http://blog.ioshints.info/2012/12/hyper-v-network-virtualization-wnvnvgre.html

http://blog.ioshints.info/2011/09/nvgre-because-one-standard-just-wouldnt.html

And there are alot of questions about NVGRE gateway here is one vendor that is working on it:

http://www.nappliance.com/

http://www.nappliance.com/windowsserver2012

“Demystifying” – Windows server 2012 Hyper-V 3.0 network virtualization – part III – (two hosts / two subnets)

October 26th, 2012

In this part III I would like to show you how network virtualization works between two Hyper-V hosts in different subnet (in my example connected HV01 – Router (IPSec VPN) – WAN – WAN – Router (IPsec VPN) – HV02).

You can see how to do that by clicking on a link to video tutorial:
http://www.screencast.com/t/pRDC7Z4UKrg  – Hyper-V 3.0 – Network virtualization Part 4

* at 1:48 – I have already copy pasted that before – you should do it on both hosts
* at 2:04 – there is mistake as those parameters were already there so I removed them and resumed with video recording
* at 2:43 – I did not paste the second part to HV02 (I already did that in previous demo)
* at 3:59 – You will not see GRE traffic until you add Ethernet card to monitoring

In my environment I have two hyper-v hosts called HV01 (10.17.217.177 with gw 10.17.217.1 (router – that makes IPSec VPN)) and HV02 (10.17.218.177 with gw 10.17.218.1 (router – that makes IPSec VPN)).

So only Hyper-V hosts “see” each other over VPN (two different subnets).

I have used folowing powershell cmdlets:

First we need to enable ms_netwnv component on !PHYSICAL! nic – not on virtual switch NIC!
Run it on HV01 and HV02:

Enable-NetAdapterBinding “Ethernet” -ComponentID ms_netwnv

Now we create Lookup record and CustomerRoute (we use IP addresses of our virtual machines, their mac address and IP address of Hyper-V host) This is explained in my previous post.
Run it on HV01 and HV02:
New-NetVirtualizationLookupRecord -CustomerAddress “10.10.10.11” -ProviderAddress “10.17.217.177” -VirtualSubnetID “5001” -MACAddress “AAAAAAAAAA01” -Rule “TranslationMethodEncap”
New-NetVirtualizationLookupRecord -CustomerAddress “10.10.10.12” -ProviderAddress “10.17.218.177” -VirtualSubnetID “5001” -MACAddress “AAAAAAAAAA02” -Rule “TranslationMethodEncap”
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000000000}” -VirtualSubnetID “5001” -DestinationPrefix “10.10.10.0/24” -NextHop “0.0.0.0” -Metric 255

Now only on HV01 you should configure provider address and provider route (this is how hosts will get connectivity to each other…):
New-NetVirtualizationProviderAddress -InterfaceIndex 12 -ProviderAddress “10.17.217.177” -PrefixLength 24

New-NetVirtualizationProviderRoute -InterfaceIndex 12 -DestinationPrefix “0.0.0.0/0” -NextHop “10.17.217.1”

The same thing on HV02:
New-NetVirtualizationProviderAddress -InterfaceIndex 12 -ProviderAddress “10.17.218.177” -PrefixLength 24
New-NetVirtualizationProviderRoute -InterfaceIndex 12 -DestinationPrefix “0.0.0.0/0” -NextHop “10.17.218.1”

At the end we need to add VirtualSubnetID parameter to our VM’s sitting on HV01 and on HV02

HV01 (Where Blue01 VM sits):
Get-VMNetworkAdapter -VMName Blue01 | where {$_.MacAddress -eq “AAAAAAAAAA01”} | Set-VMNetworkAdapter -VirtualSubnetID 5001

HV02 (Where Blue02 VN sits):
Get-VMNetworkAdapter -VMName Blue02 | where {$_.MacAddress -eq “AAAAAAAAAA02”} | Set-VMNetworkAdapter -VirtualSubnetID 5001

“Demystifying” Windows server 2012 Hyper-V 3.0 network virtualization – part II (two hosts / same subnet)

October 23rd, 2012

Today I was presenting @ bleedingedge.si conference… My session was about Windows server 2012 / Hyper-V 3.0 network virtualization.

 

I have recorded this sequence of commands so you can see the configuration and how it works:

http://www.screencast.com/t/wsDAKpKumlSm – Hyper-V 3.0 – Network virtualization Part 1

http://www.screencast.com/t/q3G9SViY6gId – Hyper-V 3.0 – Network virtualization Part 2

http://www.screencast.com/t/bxOznDklp – Hyper-V 3.0 – Network virtualization Part 3

 

In my demo environment I have:

Two Windows server 2012 with Hyper-V 3.0 role installed

HV01 / Only one network card so it is used by VMs and host (management) with IP 172.31.200.11
HV02 / Only one network card so it is used by VMs and host (management) with IP 172.31.200.12

On each host there are TWO virtual machines:

On HV01 there are:

– Blue01 (10.10.10.11 with STATIC MAC*address AAAAAAAAAA01)
– Red01 (10.10.10.21 with STATIC MAC*ddress CCCCCCCCCC01)

On HV02 there are:

– Blue02 (10.10.10.12 with STATIC MAC*address AAAAAAAAAA02)
– Red02 (10.10.10.22 with STATIC MAC*address CCCCCCCCCC02)

*You should DEFINE STATIC MAC on Virtual Machine network configuration – you must not use dynamicaly assigned MAC address (System center Virtual machine manager 2012 SP1 will do that for you automaticaly)

By defalt all machines are able to ping themselfs… We want to isolate Blue network so only Blue01 and Blue02 can ping each other and Red network so only Red01 and Red02 can ping each other.

First thing we need to do is to enable ms_netvm component on PHYSICAL NIC! (not on virtual switch created NIC!)
Enable-NetAdapterBinding “Ethernet” -ComponentID ms_netwnv

Second thing is that we need to create Lookup records on both Hyper-V servers. You should copy/paste this script on both hosts:
New-NetVirtualizationLookupRecord -CustomerAddress “10.10.10.11” -ProviderAddress “172.31.200.11” -VirtualSubnetID “5001” -MACAddress “AAAAAAAAAA01” -Rule “TranslationMethodEncap”
New-NetVirtualizationLookupRecord -CustomerAddress “10.10.10.12” -ProviderAddress “172.31.200.12” -VirtualSubnetID “5001” -MACAddress “AAAAAAAAAA02” -Rule “TranslationMethodEncap”

Then you need to create Costumer Route – on both Hyper-V hosts:
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000005001}” -VirtualSubnetID “5001” -DestinationPrefix “10.10.10.0/24” -NextHop “0.0.0.0” -Metric 255

Then you need to add provider address to PHYSICAL NIC – you need to find out interface index by using get-netadapter!

In my example on HV01:
New-NetVirtualizationProviderAddress -InterfaceIndex 12 -ProviderAddress “172.31.200.11” -PrefixLength 24
New-NetVirtualizationProviderRoute -InterfaceIndex 12 -DestinationPrefix “0.0.0.0/0” -NextHop “172.31.200.1”

and on HV02:
New-NetVirtualizationProviderAddress -InterfaceIndex 12 -ProviderAddress “172.31.200.12” -PrefixLength 24
New-NetVirtualizationProviderRoute -InterfaceIndex 12 -DestinationPrefix “0.0.0.0/0” -NextHop “172.31.200.1”

When this is done we need to configure VirtualSubnetID on virtual machines:
On HV01 (where Blue01 vm is running) we should do:
Get-VMNetworkAdapter -VMName Blue01 | where {$_.MacAddress -eq “AAAAAAAAAA01”} | Set-VMNetworkAdapter -VirtualSubnetID 5001

and on HV02 (where Blue02 vm is running) we should do:
Get-VMNetworkAdapter -VMName Blue02 | where {$_.MacAddress -eq “AAAAAAAAAA02”} | Set-VMNetworkAdapter -VirtualSubnetID 5001

Now network virtualization will take place and Blue01 will only be able to ping Blue02 and vice-versa. Red01 and Red02 are outside this VitualSubnet. In video you can see network monitoring where you can detect GRE network between hosts.
In video I also do live migration so I move Blue02 machine from HV02 to HV01 so you can see that network virtualization is aware of live migration and moving machines between HV hosts in the same network or also cross premise… I will cover that in next part! :)

Let’s virtualise!