Which virtual machine settings should you configureon VM1 and VM2?

Your network contains two Hyper-V hosts named Host1and Host2. Host1 contains a virtual machine named
VM1. Host2 contains a virtual machine named VM2. VM1 and VM2 run Windows Server 2012.
You install the Network Load Balancing feature on VM1 and VM2.
You need to ensure that the virtual machines are configured to support Network Load Balancing (NLB).
Which virtual machine settings should you configureon VM1 and VM2?

Your network contains two Hyper-V hosts named Host1and Host2. Host1 contains a virtual machine named
VM1. Host2 contains a virtual machine named VM2. VM1 and VM2 run Windows Server 2012.
You install the Network Load Balancing feature on VM1 and VM2.
You need to ensure that the virtual machines are configured to support Network Load Balancing (NLB).
Which virtual machine settings should you configureon VM1 and VM2?

A.
Port mirroring

B.
Router guard

C.
DHCP quard

D.
MAC address

Explanation:
In Hyper-V, the VM host prevents dynamic MAC address updates as an extra layer of security in thedatacenter.
This is because the VM may have full administrator rights, yet it may be untrusted in thedatacenter, for example
when the VM hosting is provided by an independent hosting company. In this scenario,we need to make sure
that one VM cannot cause a DOS or information disclosure attack against another VM.
If a VM is able to spoof its MAC address, then it can spoof the MAC addresses of other VMs and impactother
VMs on that host. The physical switches have similar protections and it is up to the admin to enable
thatprotection or not.
If you do not enable spoofing of MAC address prior to configuring NLB on the VM you could potentially
haveproblems with the NLB cluster.
When configuring NLB in unicast mode on Hyper-V with enable spoofing of MAC Address disabled you maysee
some of the following symptoms:
· When initially configuring NLB you will lose network connectivity on the network adaptor NLB was
configuredon.
· There will be an NLB error event in the Windows Event Log stating that the network adaptor does not
supportdynamic MAC address updates. · After rebooting the server, NLB will appear to be bound to the network
adapter, but the cluster VIP will nothave been added to the network adaptor. · The cluster MAC addresswill still
be the original MAC address associated with the network adaptor prior toconfiguring NLB: Use CMD>ipconfig /
all to view the MAC address.
It should start with “02-BF-***”
· If you ignore all previous symptoms and manually add the VIP you could get an IP conflict if there are
othernodes in the cluster that have the same VIP. With that said, to allow VM guests to run NLB you need to set
the VM property for “Enable spoofing of MACAddress”.
To enable spoofing of MAC Addresses open the Hyper-V management console. Make sure the VM is
stoppedopen the properties of the VM. Select the Network Adaptor for the NLB VM and check the “Enable
spoofing ofMAC Address” and click OK. Then start the VM.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Taki

Taki

The right answer is MAC Address

bytezz

bytezz

NLB for VMs doesn’t work properly – useless feature!!