Create Separate Broadcast Domains on One Hyper-V Host

Question

I have two VMs running on a Windows Server 2012 R2 Standard Hyper-V Host. They're both DCs holding the PDC role for the same domain name, and therefore must not be able to communicate with each other via layer 2 (I'm manipulating DNS to make layer 3 connectivity OK I think).

They Hyper-V host has two network adapters; one dedicated to management traffic, the other to VM networking.

How can I configure Hyper-V's networking to put the two VMs into separate broadcast domains and both still have access to my external network, but permit routing between them? I don't care if the routing is handled by Hyper-V (if that's possible) or by an external router.

To be clear; Do both domains have the same NetBIOS name, the same DNS name, or both? — joeqwerty, Sep 06 '15 at 00:55

Massimo · Answer 1 · 2015-09-05T17:40:14.157

You can create different virtual switches (isolating the VMs at layer 2) or use the same virtual switch but different IP subnets (isolating the VMs at layer 3); you can also use both options: two virtual switches, and a different IP subnet on each switch; this is the cleanest solution.

If you want routing between the VMs, you'll need to use different IP subnets; you'll also need something to act as a router between the two networks; you can use a third VM with two NICs, and enable the Routing and Remote Access Service to perform routing between them.

Sample configuration:

       Virtual Switch 1
       |              |
VM1 10.0.1.10       Router NIC1 10.0.1.1
                              |
                          Router VM
                              |
VM2 10.0.2.10       Router NIC2 10.0.2.1
       |              |
       Virtual Switch 2

If you also need external connectivity, this could be managed by creating a third virtual switch configured as "external" (i.e. connected to a physical NIC):

       Virtual Switch 1 (Internal)
       |              |
VM1 10.0.1.10       Router NIC1 10.0.1.1
                              |
                          Router VM --- Router NIC 3 --- Virtual Switch 3 (External)
                              |
VM2 10.0.2.10       Router NIC2 10.0.2.1
       |              |
       Virtual Switch 2 (Internal)

On the third NIC, you would use an IP address appropriate for your LAN; in the router VM, you can enable NAT and this will allow both internal networks to share the external access.

This isn't working if I use *External* virtual switches, I think because both NICs in my Host are in the same broadcast domain. I suspect you're suggesting I use *Internal*-type switches...if so, how do I get connectivity to the outside world, preferably without using a Router VM? Can I use two External switches plus VLANing into my physical switch fabric? — I say Reinstate Monica, Sep 05 '15 at 17:23
I updated my question to clarify that both VMs still need external network connectivity. — I say Reinstate Monica, Sep 05 '15 at 17:26
If you also need external connetivity, a solution could be using a router VM with *three* virtual NICs, and a third virtual switch configured as external; see my updated answer. — Massimo, Sep 05 '15 at 17:37

Create Separate Broadcast Domains on One Hyper-V Host

1 Answers1