Rodney Buike - Founder and original lazy admin. MVP: System Center Cloud and Datacenter Management

Daniel Nerenberg - Lazy admin 2.0. MVP: Windows Expert - IT Pro

Disclaimer

These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.

Live Migration NIC Binding

In a typical Hyper-V R2 cluster built on Microsoft’s best practices will have 6-8 NICs depending on the SAN type (iSCSI or FC) including:

  • Management Network
  • VM Network
  • VM Network
  • CSV Network
  • Live Migration Network
  • Cluster Heartbeat Network
  • iSCSI MPIO (or FC adapter)
  • iSCSI MPIO (or FC adapter)

One common issue that comes up in this scenario is failed Live Migrations, Quick Migrations will work but live ones will not.   When you attempt a Live Migration and it fails due to “A cluster network  is not available for this operation” it is caused by improper NIC Binding Order on the Hyper-V Hosts.  When this happens two events are created in the Microsoft\Windows\Hyper-V High Availability\Admin event log on the destination server.  Look for EventID 21126 and 21111

Event Log 1

Event Log 2

Your first thought will be to check that all the cluster resources are online and you will find they are.  When this happens you need

Continue reading Live Migration NIC Binding

MPIO, MCS, IPv6 and iSCSI

Sorry for the alphabet soup title but I thought some explanation was due in regards to iSCSI redundancy options and issues you may have with IPv6.

Multi-path I/O (MPIO) and Multiple Connections per Session (MCS) are two options you have to provide load balancing and redundancy to your iSCSI connections.  MPIO and MCS are the same but different.  MPIO leverages Device Specific Modules (DSM) to manage the requests over multiple paths.

MCS is part of the iSCSI protocol and allows for teaming of iSCSI connections.  In order for this to work your SAN vendor must support it and your virtualization platform must support it as well.  VMWare supports MPIO but not MCS and Hyper-V supports both.

Whichever you choose is not relevant but there is something you should be aware of in regards to MCS.  MCS does not support using both IPv4 and IPv6 with the Microsoft iSCSI Initiator.  If you have IPv6

Continue reading MPIO, MCS, IPv6 and iSCSI

IPv6 101–Part 4

So we’ve covered a lot of the basics of IPv6 and you might want to get started with it.  Well there is some good news and some bad news.  Bad news is most ISPs don’t offer IPv6 addresses to the public yet.  The good news is you don’t need your ISP to do it, in fact you are probably already using it.

Windows Vista, Windows 7 and OSX all have built in support for IPv6 and all create a global unicast address.  Home Group in Windows 7 relies on IPv6 and in a Windows 7/Server 2008 network a lot of the network utilities you use (ping for example) support IPv6 as well.  DirectAccess in Windows Server 2008 R2 also uses IPv6.  So how does this work if you have IPv6 support in your OS but no where else?  Tunnelling and translation, that’s how.

You can go to any number of Tunnel

Continue reading IPv6 101–Part 4

Transitioning to IPv6-Part 3

DNS is the last thing we need to look at as part of our transition to IPv6.  As you know DNS is used to convert names to IP addresses and IP addresses to names.  During the transition you will need to manage and maintain two DNS records for each device.

  • IPv4 Host Record – also known as an A record
  • IPv6 Host Record – also known as an AAAA record
  • IPv4 PTR Record – which is located in the IN-ADDR.ARPA domain
  • IPv6 PTR Record – which is located in the IP6.ARPA domain

These can be created manually or automatically.  Due to the way IPv6 addresses are assigned you probably think you don’t need a DHCP server.  In fact you will need a DHCP server, known as DHCPv6, to provide DNS server IPs, gateway IPs and to register the host in DNS.  There really isn’t much more you need to do in

Continue reading Transitioning to IPv6-Part 3

Transitioning to IPv6-Part 2

During the transition phase from IPv4 to IPv6, tunnelling will be one way to send IPv6 packets over an IPv4 network.  Tunnelling is the process of encapsulating an IPv6 packet in an IPv4 packet and this can take place at three different locations:

  • Host to host – in this case the host will use a tunnelling protocol like ISATAP to create the tunnel between the IPv6/IPv4 capable hosts.
  • Host to router – in this case the host will will connect to the router via IPv6 but the router will encapsulate and route the traffic over IPv4
  • Router to router – similar to host to host, two routers will encapsulate the IPv6 traffic from their host(s) over an IPv4 network.

In addition to this there are two types of tunnels:

  • Automatic
  • Manual

As you can guess the types refer to how they are created.  Manual tunnels are built by

Continue reading Transitioning to IPv6-Part 2

Transitioning to IPv6–Part 1

With the exhaustion of IPv4 addresses it is now time to start looking at making the transition to IPv6.  This process isn’t going to happen overnight and you might not start tomorrow but you need to be aware and have a plan in place for when the final steps are put into action.  There are a number of transition mechanisms available that will allow you to make a smooth transition from IPv4 to IPv6.  These include:

  • Concurrent IPv4 and IPv6
  • IPv6 Tunnelling
  • DNS

Concurrent IPv4 and IPv6

When I say concurrent IPv4 and IPv6 I mean running both protocols next to each other.  This can be accomplished in two ways; dual IP or dual stack.  Dual IP contains both IPv4 and IPv6 addresses within the same Transport Layer as in this example.

Windows Vista, Server 2008, R2 and Windows 7 all leverage the dual IP model as shown here. 

Continue reading Transitioning to IPv6–Part 1

IPv6 101–Part 3

The IPv6 protocol has support for IPSec built in.  While IPSec offers real security advantages by encrypting all traffic over the wire, as opposed to SSL which is limited to TCP, it still requires the underlying IPSec infrastructure.  IPv4 supports IPSec, although not natively, and if you have deployed IPSec in IPv4 there really isn’t anything different in IPv6 that would require wholesale changes.

So who is running IPSec?  Not many organizations.  From the challenges with setting it up to the lack of support from major applications, IPSec has seem limited implementation.  But there is still a security upside to IPv6.

Ever do a port scan?  Of course you have.  I don’t know anyone who hasn’t run a port scan against their organizations network or their cable Internet segment ;)

When you run a port scan you basically select a range of IP addresses and set the scanner to look for open ports

Continue reading IPv6 101–Part 3

IPv6 101–Part 2

With less than 12 days left until we run out of IPv4 addresses we will continue our introduction to IPv6.  In part 1 we covered the basics of the IPv6 address, now we’ll look at how an address can get assigned.  With an IPv6 address the first 64 bits are used to identify the network.  Your ISP will use part of that 64 bit prefix for its routing and you will use the rest for internal routing.  The interface identifier can be provided a number of ways, including via DHCP, however DHCP becomes unnecessary as thanks to an IPv6 feature called Stateless Auto-configuration.  

Stateless Auto-configuration works by using the router advertisement to create the 64 bit network identifier and then auto configuring the 64 bit interface identifier using the devices MAC address and inserting ff:fe in the middle.  For example, the MAC address of the NIC in my notebook is

Continue reading IPv6 101–Part 2

IPv6 101–Part 1

With approximately 15 days left until there are no more IPv4 addresses left many of you are starting too look into IPv6.  Now just because there are few IPv4 addresses left doesn’t mean the Internet is going to come to a screeching halt but it is definitely time to learn about IPv6 and get your self ready for the transition.  So what’s the difference?

We all know (I hope) than an IPv4 address is made up of 32 bits with a portion being the network identifier and the other portion being the host identifier. The identifier was specified via the subnet mask, or net mask.  For example and IP address of 192.168.1.100 with a net mask of 255.255.255.0 meant that the 192.168.1 portion was the network identifier and the .100 was the host identifier.  And based on this we could have 254 hosts on that network segment.

An IPv6 address is made

Continue reading IPv6 101–Part 1