Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Communication over HNV Gateway fails intermittently if SkipAsSource not set

Communication over HNV Gateway fails intermittently if SkipAsSource not set

View products that this article applies to.

Symptoms

Windows Server 2012 R2 Hyper-V Network Virtualization Gateway (HNV GW), configured as an active-passive guest cluster on an active-active Hyper-V host cluster. The HNV GW is configured using System Center Virtual Machine Manager 2012 R2 (SCVMM 2012R2). 

In this Scenario,connections from an on-premises computer to a virtual machine (tenant VM) behind a HNV GW, or vice versa, fails intermittently. Not all connections may be affected, especially connections consisting of only small packets might work.

This may happen if the HNV GW is located on Hyper-V host cluster node 1, or on node 2 only, or on both nodes.

↑ Back to the top

Cause

The MTU of the VPN connection between the HNV GW and the on-premises VPN GW is smaller than the MTU of the two communicating machines. In case IP packets with the 'don't fragment' bit set are received by the HNV GW it cannot forward these over the VPN link but needs to inform the sending machine, the tenant VM, to reduce the packet size.  

Therefore the HNV GW sends an ICMP packet (Type: 3 (Destination unreachable), Code: 4 (Fragmentation needed)) to the tenant VM. 

This ICMP packet may be dropped by HNV on the Hyper-V host cluster node because it is sent with an source IP address that is not eligible to communicate with a tenant VM in the customer address space. The source address is the CA DIP (Customer Address space Dedicated IP), which is automatically configured by SCVMM. The default address range is 10.254.254.0/24.

↑ Back to the top

Resolution

The SkipAsSource flag Needs to be enabled on the CA DIP, so that this IP address is no longer chosen as source IP.

Configure the HNV GW new using System Center Virtual Machine Manager 2012 R2 Update Rollup 2 (SCVMM 2012R2 UR2). UR2 contains an update that creates the CA DIP Adapter with the SkipAsSource flag set.

As a manual workaround you can configure the SkipAsSource flag on the CA DIP using this command:

Set-NetIPAddress –InterfaceIndex xy -IPAddress 10.254.254.z –SkipAsSource True –IncludeAllCompartments

↑ Back to the top

More Information

The easiest way to find Interface Index for the Set-NetIPAddress command is to runIpconfig /allcompartmentsand then lookup the interface ID in the Link-Local IPv6 address of the corresponding IP in the correct compartment.

==============================================================================
Network Information for Compartment xy
==============================================================================

  Ethernet adapter WNVAdap_10486213:     

Connection-specific DNS Suffix  . :    
Link-local IPv6 Address . . . . . : fe80::15d5:d537:4bb9:1fff%xy   
IPv4 Address. . . . . . . . . . . : 10.254.254.z   
Subnet Mask . . . . . . . . . . . : 255.255.255.248

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2974395
Revision : 1
Created on : 1/7/2017
Published on : 6/4/2014
Exists online : False
Views : 256