Community discussions

MikroTik App
 
acsrobert
just joined
Topic Author
Posts: 1
Joined: Thu Mar 03, 2016 10:25 pm

CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Thu Mar 03, 2016 11:09 pm

Brief overview of what I am trying to accomplish:
We have a hosted VM cluster infrastructure running Hyper-V 2012 R2

We have multiple clients that have virtual servers (file, RDP, exchange) being hosted in our system, each system is on its own VLAN and all devices are configured with non-overlapping subnets

The clients have a MikroTik at their location

We need to get a VPN tunnel setup between the client's office and the data center so they can access data directly off their virtual appliances.

Rather than having a physical box running X86 RouterOS that could potentially fail and cause problems we decided to try to virtualize the router instead

For several of our clients we have setup single install virtual machines running RouterOS 4x with 2 virtual nics (WAN and LAN) and on the virtual nic that is attached to the LAN side we are using hyper-v's setting to allow only traffic with a given vlan-id

Down side to this is, if we have 50 clients, we need 50 VM's lying around to handle it

What we want to try and accomplish is to merge all of the routers into single a VPN concentrator using RouterOS (or CHR)

How we are trying to accomplish:
1) Setup a virtual machine for the new concentrator
2) Added two virtual nics to the machine (eth1=wan eth2=lan)
add-vmnetworkadapter -vmname Concentrator -SwitchName WAN | rename-VMNetworkAdapter -name Eth1
add-vmnetworkadapter -vmname Concentrator -SwitchName ClientPrivate | rename-VMNetworkAdapter -name Eth2
3) used powershell to edit the nic that is the lan side to enable trunk mode using the command:
set-vmnetworkadaptervlan -vmname Concentrator -VMNetworkAdapter ETH2 -Trunk -AllowedVlanIdList 900-999 -NativeVlanId 0
4) installed RouterOS in the virtual machine (tried with both 4.x using legacy nics, and with the latest release candidate for CHR using both legacy and synthetic nics)
5) created a new vlan interface on eth2 using a vlan id inside the allowed vlan scope of the vritual switch (900-999)
/interface vlan add interface=ether2 name=vlan999 vlan-id=999

tested with another VM that is bound to the same vlan setup in step 5, it cannot see the RouterOS device and the RouterOS device cannot see the VM, doing packet captures, it appears that somewhere in RouterOS it is stripping the VLAN data off of the network traffic and just dropping it

the RouterOS device can communicate on the LAN virtual nic on the native vlan-id that is set in on the virtual adapter but not on any of the vlans that are allowed

Alternatively we can add multiple virtual network cards to the VM for each customer and have hyper-v manage the vlans on the nic directly but hyper-v has a limitation of 8 virtual network cards so that would limit us to 1 wan and 7 client devices per router, this would reduce the number of routers but would still be a pain to keep everything running

we tried the same thing with PFSense and another software-router solution and they were both able to attach vlan's to the virtual nics without issues

is this a bug in the networking of RouterOS or is this just some setting I seem to be missing?
 
diegotormes
Frequent Visitor
Frequent Visitor
Posts: 64
Joined: Wed Feb 15, 2006 11:45 pm

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Fri Mar 04, 2016 8:30 pm

We have the same issue, also we are trying to know who has the problem...CHR or Hyper-v.

Diego.
 
C0ReDuMP
just joined
Posts: 9
Joined: Fri Sep 12, 2014 8:11 pm

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Sat Mar 05, 2016 2:17 am

Hello,
we have the same issues using trunk mode with HyperV 2012 R2, yesterday I wrote a post here: http://forum.mikrotik.com/viewtopic.php ... 50#p524979

I already opened a ticket with MikroTik support. They thanked me and said that they will work on that problem.

I suppose that the problem is related to the synthetic network adapter driver included in RouterOS. I tried tagging VLAN with a Debian Jessie and it works perfectly. I read that in the past there were some problem with some specific version of the synthetic network adapter driver. That driver is available in some different versions and is distributed by Microsoft as part of HyperV Linux Integration Services (LIS).

I hope that MikroTik support will solve this issue soon.

Regards,
Davide
 
bpdozer
just joined
Posts: 2
Joined: Mon Mar 07, 2016 3:02 pm

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Wed Apr 20, 2016 7:18 am

C0ReDuMP

It's works! Ver 6.35
 
artie11
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Sun Feb 20, 2011 12:08 pm

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Mon Jun 20, 2016 9:39 am

Same here.... Nics listed as Incomplete whether they're legacy or not
Weird issues... 
One Nic internal -> no default Route (No VLAN) - Local IP
One Nic External with Default Route ( Using VLAN ) - External IP

Pinging internally happily.... try to connect to web port or Mikrotik external to network.... Pings drop???
Still can use console via Hyper-V but no changes appear to bring it back... it just comes back when it feels like it.
 
C0ReDuMP
just joined
Posts: 9
Joined: Fri Sep 12, 2014 8:11 pm

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Tue Jun 21, 2016 4:49 am

Hello artie11,
we are working with RouterOS 6.35.4 on HyperV (W2012R2) using VLAN and all seems to work well. We are using HyperV Synthetic Network adapter since now it's fully supported.
From powershell we configured "NativeVlanId 0" and AllowedVlanIdList equal to the VLAN tags we want trunk to the RouterOS. From powershell we enabled also MacAddressSpoofing on the adapters connected to the RouterOS since we are using bridges with "forged" MAC addresses.
We decided to disable VMQ on the HyperV adapter connected to RouterOS interfaces because we noticed slow network recovery after Live Migration of VM with VLAN tagged interfaces, this issue isn't related to RouterOS but probably with some bug of the Broadcom NIC driver installed on the Hypervisor (we faced the same problem with other OSs with VLAN tagged interfaces). With VLAN tagging disabled VM network recovery after Live Migration to other cluster members works well also with VMQ enabled.
With some old broadcom driver VMQ on HyperV was causing a lot of problem with network connections.
Unfortunately there are some network layers between the CHR VM and the NIC of the hypervisor. There a lot of settings that can cause this kind of problems so diagnose the issue can be difficult.
What windows version is HyperV running on? What NIC is installed on the hypervisor? Is VMQ enabled globally?
 
artie11
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Sun Feb 20, 2011 12:08 pm

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Tue Jun 21, 2016 7:23 am

I've rebuilt it again using the specs you recommended

MacSpoofing, VMQ off, IPSec offload Off
This is the command i've set for the exterior NIC, with 104 being the VLAN I want this one on.
set-vmnetworkAdapterVlan -NativeVlanId 0 -AllowedVlanIdList "0,104" -trunk

Running Server 2012R2 with Broadcom Nics (Dell Box)

Similar issues.... No response one VLAN 104 though.. I've added the VLAN to ether port and set the IP address... but still getting no arp responses from other IPs on that range.

I might try on Server 2016 Box we're running up for our next gen architecture.
 
C0ReDuMP
just joined
Posts: 9
Joined: Fri Sep 12, 2014 8:11 pm

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Fri Jun 24, 2016 4:59 am

Hello artie11,
I can confirm I used a similar command to set VLAN tagging on the Ethernet, that is mine:
Get-VMNetworkAdapter -VMName "Virtual Machine Name" |Where { $_.MacAddress -eq "00155DD93113" } |Set-VMNetworkAdapterVlan -Trunk -NativeVlanId 0 -AllowedVlanIdList "9,20,64,2800,2801"
I'm using the clause "Where" in order to filter and apply VLAN settings only to a single specific network adapter connected to MikroTik CHR VM (I have three different Network Adapter connected to the VM). Obviously before issuing that command is mandatory to assign the static Mac Address to the desired virtual network adapter connected to the VM.
Could you confirm that if you select the Network Adapter in virtual machine settings (from Hyper-V Manager) the setting "Enable virtual LAN identification" is unflagged?
Could you confirm that the RouterOS version you are using is at least 6.35? VLAN tagging on Hyper-V wasn't working on older versions.

My CHR instance is running on a Dell blade with a Broadcom 57810S KR network adapter. I tried to move that instance also on another Dell Blade with an Intel X520 KR and works perfectly.
 
artie11
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Sun Feb 20, 2011 12:08 pm

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Fri Jun 24, 2016 6:53 am

I've got it running with a 3 day uptime so far... I've configured the PPTP and it's working... Hope it stays up and stable... no weirdness as yet.
 
toxicfusion
Member Candidate
Member Candidate
Posts: 267
Joined: Mon Jan 14, 2013 6:02 pm

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Thu Jul 14, 2016 11:45 pm

Not sure if similar issue for me

I have CHR installed on a VPS provider that allows 'internal private network'  CHR instance has private network interface IP


I have 3 other VM's with private network, along with eth interfaces configured.

I have IPSEC vpn tunnel setup on CHR  and it terminates back to my office.

I'm able to pass traffic TO the CHR router address assigned to interface. However, not able to pass traffic to any of the VM's within the private network.  

CHR is able to ping my office router.. nothing more.
 
borodamd
just joined
Posts: 12
Joined: Mon Sep 20, 2010 5:45 pm
Location: Chisinau, Moldova

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Mon Aug 15, 2016 5:31 pm

Not sure if similar issue for me

I have CHR installed on a VPS provider that allows 'internal private network'  CHR instance has private network interface IP


I have 3 other VM's with private network, along with eth interfaces configured.

I have IPSEC vpn tunnel setup on CHR  and it terminates back to my office.

I'm able to pass traffic TO the CHR router address assigned to interface. However, not able to pass traffic to any of the VM's within the private network.  

CHR is able to ping my office router.. nothing more.
I solve it by enabling MAC spoofing on hyper-v adapter settings in both VMs (Mikrotik and guest)
 
wtechlink
just joined
Posts: 11
Joined: Tue Mar 03, 2020 3:09 am

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Fri Feb 26, 2021 1:32 am

Not sure if similar issue for me

I have CHR installed on a VPS provider that allows 'internal private network'  CHR instance has private network interface IP


I have 3 other VM's with private network, along with eth interfaces configured.

I have IPSEC vpn tunnel setup on CHR  and it terminates back to my office.

I'm able to pass traffic TO the CHR router address assigned to interface. However, not able to pass traffic to any of the VM's within the private network.  

CHR is able to ping my office router.. nothing more.
I solve it by enabling MAC spoofing on hyper-v adapter settings in both VMs (Mikrotik and guest)
Posting to say that enabling MAC spoofing in the VM advanced network settings fixed the issue that I was having with Hyper-V.

Who is online

Users browsing this forum: No registered users and 9 guests