Hyper-V ISCSI Configuration Best Practise

Disable all networking protocols on the iSCSI NICs used, with the exception of Internet Protocol Version 4/6.  This is to reduce the amount of chatter that occurs on the NICs.  We want to dedicate these network adapters strictly for iSCSI traffic, so there is no need for anything outside of the IP protocols. 

iSCSI network: It is always suggested to have at least two network ports dedicated to the iSCSI network. (This number can vary depending on the SAN) This is for redundancy reasons. This Network should be an isolated and private network. This network should follow regular iSCSI best practices. Non routable, no cluster communication, DNS should not be registered in advanced TCPIP properties. iSCSI should be at the bottom of the binding order as well. File and print sharing and Client for Microsoft Networks should be unchecked. iSCSI network ports should never be teamed using network card vendor teaming software.

The suggested metric settings for a Hyper-V Cluster

Suggested metric settings for a Hyper-V Cluster

Cluster Network Description	Cluster Network Setting	Cluster Metrics
Hyper-V Management	Allow cluster… / Allow clients…	AUTO
iSCSI	Do not allow cluster…	AUTO
Live Migration	Do not allow cluster…	1000-1099
Cluster Shared Volumes	Allow cluster…	500-999
Other Networks	Configure based on environment	AUTO
Cluster Heartbeat	Allow cluster…	1500-1999

Hyper-V host(s) to your iSCSI SAN

• To verify Jumbo frames have been successfully configured, run the following command from all your Hyper-V host(s) to your iSCSI SAN:

• Ping 10.50.2.35 –f –l 8000

• This command will ping the SAN (e.g. 10.50.2.35) with an 8K packet from the host. If replies are received, Jumbo frames are properly configured.

NICs used for iSCSI communication should have all Networking protocols (on the Local Area Connection Properties) unchecked, with the exception of:

• Manufacturers protocol (if applicable)
• Internet Protocol Version 4
• Internet Protocol Version 6.
• Unbinding other protocols (not listed above) helps eliminate non-iSCSI traffic/chatter on these NICs.

Management NIC should be at the top (1st) in NIC Binding Order. To set the NIC binding order: Control Panel –> Network and Internet –> Network Connections. Next, select the Advanced menu item, and select Advanced Settings. In the Advanced Settings window, select your management network under Connections and use the arrows on the right to move it to the top of the list.

NIC Teaming should not be used on iSCSI NIC’s. MPIO is the best method. NIC teaming can be used on the Management, Production (VM traffic), CSV Heartbeat and Live Migration networks.

TCP Chimney Offload is not supported with Server 2012 software-based NIC teaming, due to TCP Chimney has the entire networking stack offloaded to the NIC. If software-based NIC teaming is not used, however, you can leave it enabled.

• TO SHOW STATUS:

• From an elevated command-prompt, type the following:

• netsh int tcp show global

• (The output should show Chimney Offload State disabled)

• TO DISABLE TCP Chimney Offload:

• From an elevated command-prompt, type the following:

• netsh int tcp set global chimney=disabled

Hyper-V: Anti-Virus Exclusions for Hyper-V Hosts

If you choose to run programs in the management operating system, you should also run your antivirus solution there and add the following to the antivirus exclusions to avoid negative performance impacts to all Virtual Machines running on that host:

• All folders containing VHD, VHDX, AVHD, AVHDX, VSV and ISO files
• Default virtual machine configuration directory, if used  C:\ProgramData\Microsoft\Windows\Hyper-V
• Default snapshot files directory, if used  %systemdrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
• Custom virtual machine configuration directories, if applicable
• Virtual machine virtual hard disk files directory. By default, it is C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks. 
• Custom virtual hard disk drive directories
• Snapshot files directory. By default, it is %systemdrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots. 
• Vmms.exe (Note: May need to be configured as process exclusions within the antivirus software)
• Vmwp.exe (Note: May need to be configured as process exclusions within the antivirus software)
• Additionally, when you use Cluster Shared Volumes, exclude the CSV path C:\ClusterStorage and all its subdirectories.

Hyper-V Cluster: Network Configuration

Management Network(Parent Partition)
1 Network Card

• Make sure this card is listed first in the Adapter and Bindings connection order.
• In Failover Cluster Manager make sure that the NIC is configured to allow cluster network communication on this network. This will act as a secondary connection for the Heartbeat.

Storage ISCSI
2 Network Cards – Not Teamed

• Enable MPIO.
• Disable NetBIOS on these interfaces
• Do not configure a Gateway
• Do not configure a DNS server
• Make sure that each NIC is NOT set to register its connection in DNS
• Remove File and Printer sharing
• Do not remove Client from Microsoft networks if using Netapp Snapdrive with RPC authentication
• In Failover Cluster Manager select- Do not allow cluster network communication on this network

VM Network
(Parent Partition)
2 Network cards :
1 for Dynamic IP’s
1 for Reserved IP’s

• Disable NetBIOS on these interfaces
• Do not configure a Gateway
• Do not configure a DNS server
• Make sure that each NIC is NOT set to register its connection in DNS
• Remove File and Printer sharing and Client from Microsoft networks
• In Failover Cluster Manager select – Do not allow cluster network communication on this network.

Cluster Heartbeat
1 Network Card

• Disable NetBIOS on this interface
• Do not configure a Gateway
• Do not configure a DNS server
• Make sure that this NIC is NOT set to register its connection in DNS
• Make sure that Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks are enabled to support Server Message Block (SMB), which is required for CSV.
• In Failover Cluster Manager make sure that the NIC is configured to allow cluster network communication on this network.
• In Failover Cluster Manager remove the tick box for Allow Clients Connect through this network. This setting has nothing to do with the host/parent partition. This setting is used to control over what NICs the Cluster Resources can be accessed.

Cluster Shared Volume (CSV)
1 Network Card

• Disable NetBIOS on this interface
• Make sure that this NIC is NOT set to register its connection in DNS
• Make sure that Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks are enabled to support Server Message Block (SMB), which is required for CSV.
• In Failover Cluster Manager remove the tick box for Allow Clients Connect through this network. This setting has nothing to do with the host/parent partition. This setting is used to control over what NICs the Cluster Resources can be accessed. This is more relevant for other workloads e.g. File Cluster. It has no impact on the communication with the host partition or for the VM’s themselves.
• By default the cluster will automatically choose the NIC to be used for CSV communication. We will change this later.
• This traffic is not routable and has to be on the same subnet for all nodes.

Live Migration
1 Network Card

• Disable NetBIOS on this interface
• Make sure that this NIC is NOT set to register its connection in DNS.
• In Failover Cluster Manager remove the tick box for Allow Clients Connect through this network. This setting has nothing to do with the host/parent partition. This setting is used to control over what NICs the Cluster Resources can be accessed. This is more relevant for other workloads e.g. File Cluster. It has no impact on the communication with the host partition or for the VM’s themselves.

• By default the cluster will automatically choose the NIC to be used for Live-Migration. You can select multiple networks for LM and give them a preference.