cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Hyper-V replication traffic through dedicated NIC

JWPasop
Copper Contributor

‎Feb 04 2022 07:17 AM

‎Feb 04 2022 07:17 AM

Hyper-V replication traffic through dedicated NIC

Hello,
I have 2 domain members (serverA and serverB) with the Hyper-V role installed.
These hosts are NOT in a cluster.
I enabled replication on the host level and on the VM level as well.
This works well but the replication traffic goes through the LAN as goes the VM traffic.

I would like to isolate the replication traffic from the other traffic.
I have found many articles saying that this should be done by configuring certificates.
However I can't get this to work.

What have I done sofar:

Both hosts also have a 10GB SFP card installed.
These SFP cards are directly connected by a cable.
I have configured these NICs with an IP address and subnet mask only (different subnet). No gateway.

On both hosts I have also edited the hosts file. Each file now contains the hostname (serverSFPa and serverSFPb) and IP address of the SFP card.

I can ping the first server on serverA and serverSFPa and the second server on serverB and serverSFPb.
So that part works.

On ServerA:
Created a self-signed test root authority certificate:
makecert -pe -n "CN=PrimaryTestRootCA" -ss root -sr LocalMachine -sky signature -r "PrimaryTestRootCA.cer"

Created a new certificate signed by the test root authority certificate
makecert -pe -n "CN=serverSFPa" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 PrimaryTestCert.cer

On ServerB:
Created a self-signed test root authority certificate
makecert -pe -n "CN=ReplicaTestRootCA" -ss root -sr LocalMachine -sky signature -r "ReplicaTestRootCA.cer"

Created a new certificate signed by the test root authority certificate
makecert -pe -n "CN=serverSFPb" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "ReplicaTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 ReplicaTestCert.cer

Copy the file ReplicaTestRootCA.cer from the Replica server to the primary server
certutil -addstore -f Root "ReplicaTestRootCA.cer"

Copy the file PrimaryTestRootCA.cer from the primary server to the Replica server
certutil -addstore -f Root "PrimaryTestRootCA.cer"

Disabled the certificate revocation check on both the primary and Replica servers with the following command:
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\FailoverReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

 

These are the steps described in many articles.
I can see that all certificates are installed correctly.

 

When enabling replication in Hyper-V manager I do not have a choice to choose the certificate for serverSFPa. The wizard always pops-up with the certificate for serverA.

 

How can I make replication traffic go through the SFP card?
What am I doing wrong?

Any help is appreciated!

Regards,
JW

Labels:
1,006 Views
1 Like
0 Replies
Reply
0 Replies