Internet access over InternalNAT vSwitch

[marcoarroyo41]

Pardon my Hyper-V ignorance but I cannot seem to give the MGMT VM access to the internet to perform Azure registration and updates etc. I tried attaching a second adapter of type "External" but that alone didn't do the trick. Any help would be appreciated! Also I tried following the steps in this guide https://jimmoldenhauer.blogspot.com/2016/05/hyper-v-internal-network-with-internet.html and now the Azure VM is inaccessible ....if anyone knows of a way to fix that that'd be great!

[mattmcspirit]

Hey - something that may be easier may be to delete that VM, and deploy using this guide: https://github.com/mattmcspirit/hybridworkshop/blob/main/steps/1_DeployAzureVM.md - I'm working on updating the eval guide in this repo to use that ARM template for deployment - it takes a little longer to deploy, but deploys the DC, Mgmt and HCI nodes (ready to be clustered) all automatically, so saves you a lot of effort.

If you do want to troubleshoot this one, these steps may help: https://edi.wang/post/2020/8/2/how-to-restore-connection-after-accidentally-disabled-nic-on-azure-vm - once you're able to connect to the VM again, i'd suggest shutting any nested VMs down, then cleaning up the NetNat configuration: https://docs.microsoft.com/en-us/powershell/module/netnat/remove-netnat?view=windowsserver2019-ps

From there, in Hyper-V Manager, i'd also remove both the InternalNAT and External vSwitch you created. I would then follow these steps again to recreate the InternalNAT switch https://github.com/Azure/AzureStackHCI-EvalGuide/blob/main/nested/steps/1b_NestedInAzure.md#configure-internal-nat-vswitch. Test that your host can access the internet. On your DC and Mgmt VMs, make sure they are attached to the new InternalNAT vSwitch, and boot them up. You may need to statically assign their IP addresses again:

https://github.com/Azure/AzureStackHCI-EvalGuide/blob/main/nested/steps/2a_ManagementInfraGUI.md#configure-the-networking-and-host-name-on-dc01 https://github.com/Azure/AzureStackHCI-EvalGuide/blob/main/nested/steps/2a_ManagementInfraGUI.md#configure-mgmt01-networking

Hope that helps, Matt

[marcoarroyo41]

Thank you for the detailed response, Matt! I will give this all a shot and report back

[bniranjanbhat]

Hi Matt,

I am also facing the internet connectivity issue within the VMs using the guide : https://github.com/Azure/AzureStackHCI-EvalGuide/blob/main/nested/README.md I cannot get internet within any of the VMs (DC, Mgmt or HCI nodes) . Is it safe to assume that the nested virtualization installation guide is broken ?

regards, Niranjan

[mattmcspirit]

To my knowledge, no, however I will take a look. as soon as I can.

Thanks, Matt

[bniranjanbhat]

Thanks ! Please let me know if you need any other information regarding this issue. I have a windows 2019 server which is a VM. In this architecture diagram that you have mentioned in the documentation, AZSHCIHost001 is a VM. Could this make any difference ?

[mattmcspirit]

All good for now - the majority of the guide focuses on using nested virtualization and the AzSHCIHost001 is a VM, so that is fine. We haven't seen networking issues so far caused by that.

Is yours a VM on-prem, or in Azure? Hyper-V, VMware etc?

Thanks

[bniranjanbhat]

VM is on-prem and is on Hyper-V and has internet connectivity. I am running the Mgmt, DC and HCINodes within this VM again on a Hyper-v. I got to the cluster creation step and even created a HCI cluster successfully. At this point, I realized, I needed internet to get the registration working which is not available in the nested VMs

[mattmcspirit]

This is working fine for me in the Azure VM:

So it may be something specific to your environment. Here's what I'd try:

1) Confirm your NAT settings on your WS 2019 host: Get-NetNat - it should look like this:

2) If NAT settings are correct, and your WS2019 Host can access the internet successfully, check the DNS settings on the WS2019 host VM, and apply them to the DC01 VM. My config uses 1.1.1.1 as the external DNS address, but you can swap this for your own DNS choice. DC01 can have it's own IP, 192.168.0.2 as the DNS server address in it's NIC settings, but within DNS Server settings, you also want to set the Conditional Forwarder to be whatever DNS your lab/network is using instead of 1.1.1.1 (https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-dns#open-the-dns-management-console-to-administer-dns) <- This guide is for use in Azure, but the steps are the same on DC01.

3) If that doesn't work, something in your environment may be blocking the NAT'd traffic in and out I'm afraid.