Tag: Networking

Ping Azure VM Public IP address

How to enable Ping (ICMP echo) on an Azure VM

This is just a very quick blog post because I got the question from a couple of people. In this blog post want to show you how you can enable ping (ICMP) on a public IP address of an Azure virtual machine (VM). First, just let me say that assigning a public IP address to a virtual machine can be a security risk. So if you do that, make sure you know what you are doing. If you need admin access to virtual machines only for a specific time, there are services like Azure Just-in-Time VM Access (JIT) and Azure Bastion you should have a look at. Now back to the topic, Azure by default denies and blocks all public inbound traffic to an Azure virtual machine, and also includes ICMP traffic. This is a good thing since it improves security by reducing the attack surface.

Azure Network Security Group Port Rules Deny All Inbound Traffic to Azure VM

Azure Network Security Group Port Rules Deny All Inbound Traffic to Azure VM

This also applies to pings or ICMP echo requests sent to Azure VMs.

Ping Azure VM failed

Ping Azure VM failed

However, if you need to access your application from a public IP address, you will need to allow the specific ports and protocols. The same applies to the ICMP (Internet Control Message Protocol) protocol. The ICMP protocol is typically used for diagnostic and is often used to troubleshoot networking issues. One of the diagnostic tools using ICMP is ping, which we all know and love.

What do I need to do to be able to ping my Azure virtual machines (VMs)

Overall we need to do two main steps:

Configure Network Security Group (NSG) to allow ICMP traffic

So here is how you enable or allow ping (ICMP) to an Azure VM. Click on add a new inbound port rule for the Azure network security group (NSG).

Enable Ping ICMP in a NSG on an Azure VM

Enable Ping ICMP in an NSG on an Azure VM

Change the protocol to ICMP. As you can see, you can also limit the sources which can make use of that rule, as well as change the name and description. You can also use the following Azure PowerShell commands to add the inbound security rule to your NSG.

Get-AzNetworkSecurityGroup -Name "AzureVM-WIN01-nsg" | Add-AzNetworkSecurityRuleConfig -Name ICMP-Ping -Description "Allow Ping" -Access Allow -Protocol ICMP -Direction Inbound -Priority 100 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange * | Set-AzNetworkSecurityGroup
Configure Network Security Group PowerShell

Configure Network Security Group PowerShell

Set up the operating system to answer to Ping/ICMP echo request

If you haven’t already configured the operating system that way, you will need to allow ICMP traffic, so the operating system response to a ping. On Windows Server, this is disabled by default, and you need to configure the Windows Firewall. You can run the following command to allow ICMP traffic in the Windows Server operating system. In the Windows Firewall with Advanced Security, you can enable the Echo Request – ICMPv4-In or Echo Request ICMPv6-In rules, depending on if you need IPv4 or IPv6.

Windows Firewall Enable Ping

Windows Firewall Enable Ping

You can also run the following command to do that:

# For IPv4
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol="icmpv4:8,any" dir=in action=allow
 
#For IPv6
netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol="icmpv6:8,any" dir=in action=allow

After doing both steps, you should be able to ping your Azure Virtual Machine (VM) using a public IP address.

Ping Azure VM Public IP address

Ping Azure VM Public IP address

I hope this helps you be able to ping your Azure VMs. If you have any questions, please let me know in the comments.



Windows Server 2019 Azure Network Adapter

How to set up Windows Server Azure Network Adapter

In my series about Windows Server 2019, I have a new feature I want to introduce you to. Windows Server 2019 Azure Network Adapter is one of the Hybrid Cloud efforts Microsoft is making in Windows Server 2019. A lot of workloads are running cross-cloud and require connections to virtual machines running in Azure. To achieve this there are several options like Site-to-Site VPN, Azure Express Route or Point-to-Site VPN. With Windows Admin Center and Windows Server 2019 Azure Network Adapter, you get a one-click experience to connect your Windows Server with your Azure Virtual Network using a Point-to-Site VPN connection.

Even this is might not for every enterprise scenario, there are a lot of scenarios where you might quickly want to connect a server to Azure. The Azure Network Adapter functionality gives you that feature with a one-click button. And by the way, it also works on Windows Server 2012 R2 and higher.



Windows Server 2016 Whats new in Hyper-V

My Hardware Recommendations for Windows Server 2016

Many people are right now asking me about what they have to look out for, if they are going to buy hardware for there next Windows Server 2016 deployment using Hyper-V, Storage nodes or just physical servers. Of course you should normally not just buy hardware and design the solution after that, you should create an architecture for your datacenter first and than buy hardware for your needs. But still there are several things to look out for, this is probably not easy to say right now but here are several thing I would recommend to you. Here are my hardware recommendations for Windows Server 2016.

My recommendations

  • Windows Server Logo: Make really sure that hardware is certified for Windows Server and Windows Server 2016 when the certification is available
  • Network Adapters:
  • Processor / CPU
    • A 64-bit processor with second-level address translation (SLAT).
    • Of course recommend you do get the latest server grade CPUs from Intel or AMD to get the latest CPU functionalities
    • Think about the new licensing for Windows Server 2016 which will be core based
  • TPM Trusted Platform Module v2.0 – especially for the Hyper-V feature Shielded Virtual Machines or/and BitLocker support.
  • Storage
    • If you are going to deploy new Storage in your Datacenter, make sure you have a look at Storage Spaces and SMB Direct (Hyper-V over SMB) and especially the new Storage Spaces Direct feature, which I will write a bit about later this month. This also allows you to do Hyper-Converged scenarios running Storage and Hyper-V on the same physical hardware.
    • If you are goin to deploy Storage Spaces Direct make sure you choose a good quality of SSDs or NVMe devices. Especially for the caching devices choose Write-Intensive NVMe or SSD disks.

This are just some recommendations if I would buy new hardware I would also look at these features. Of course you don’t need all these features in every scenario, but if you want to make the most out of it, you should definitely look at them. Here are some feature related requirements:

Discrete device assignment

  • The processor must have either Intel’s Extended Page Table (EPT) or AMD’s Nested Page Table (NPT).
  • The chipset must have:
    • Interrupt remapping — Intel’s VT-d with the Interrupt Remapping capability (VT-d2) or any version of AMD I/O Memory Management Unit (I/O MMU).
    • DMA remapping — Intel’s VT-d with Queued Invalidations or any AMD I/O MMU.
    • Access control services (ACS) on PCI Express root ports.
  • The firmware tables must expose the I/O MMU to the Windows hypervisor. Note that this feature might be turned off in the UEFI or BIOS. For instructions, see the hardware documentation or contact your hardware manufacturer.

Shielded Virtual Machines

  • UEFI 2.3.1c — supports secure, measured boot
  • The following two are optional for virtualization-based security in general, but required for the host if you want the protection these features provide:
  • TPM v2.0 — protects platform security assets
  • IOMMU (Intel VT-D) — so the hypervisor can provide direct memory access (DMA) protection

for more detailed specification check out Microsoft TechNet: System requirements for Hyper-V on Windows Server 2016



VM Network Adapter

PowerShell One-liner to list IP Addresses of Hyper-V Virtual Machines

Here a very quick PowerShell command to list all the Virtual Network Adapters, including IP Addresses of Virtual Machines running on a Hyper-V Host.

 
Get-VM -ComputerName "Hyperv01" | Get-VMNetworkAdapter

This will give you a list of all Virtual Machines running on Hyper-V Server called “HyperV01”



Get-NetIPConfiguration

Basic Networking PowerShell cmdlets cheatsheet to replace netsh, ipconfig, nslookup and more

Around 4 years ago I wrote a blog post about how to Replace netsh with Windows PowerShell which includes basic powershell networking cmdlets. After working with Microsoft Azure, Nano Server and Containers, PowerShell together with networking becomes more and more important. I created this little cheat sheet so it becomes easy for people to get started.

Basic Networking PowerShell cmdlets

Get-NetIPConfiguration

Get the IP Configuration (ipconfig with PowerShell)

Get-NetIPConfiguration

List all Network Adapters

Get-NetAdapter

Get a spesific network adapter by name

Get-NetAdapter -Name *Ethernet*

Get more information VLAN ID, Speed, Connection status

Get-NetAdapter | ft Name, Status, Linkspeed, VlanID

Get driver information

Get-NetAdapter | ft Name, DriverName, DriverVersion, DriverInformation, DriverFileName

Get adapter hardware information. This can be really usefull when you need to know the PCI slot of the NIC.

Get-NetAdapterHardwareInfo

Disable and Enable a Network Adapter

Disable-NetAdapter -Name "Wireless Network Connection"
Enable-NetAdapter -Name "Wireless Network Connection"

Rename a Network Adapter

Rename-NetAdapter -Name "Wireless Network Connection" -NewName "Wireless"

IP Configuration using PowerShell

PowerShell Networking Get-NetIPAddress

Get IP and DNS address information

Get-NetAdapter -Name "Local Area Connection" | Get-NetIPAddress

Get IP address only

(Get-NetAdapter -Name "Local Area Connection" | Get-NetIPAddress).IPv4Address

Get DNS Server Address information

Get-NetAdapter -Name "Local Area Connection" | Get-DnsClientServerAddress

Set IP Address

New-NetIPAddress -InterfaceAlias "Wireless" -IPv4Address 10.0.1.95 -PrefixLength "24" -DefaultGateway 10.0.1.1

or if you want to change a existing IP Address

Set-NetIPAddress -InterfaceAlias "Wireless" -IPv4Address 192.168.12.25 -PrefixLength "24"

Remove IP Address

Get-NetAdapter -Name "Wireless" | Remove-NetIPAddress

Set DNS Server

Set-DnsClientServerAddress -InterfaceAlias "Wireless" -ServerAddresses "10.10.20.1","10.10.20.2"

Set interface to DHCP

Set-NetIPInterface -InterfaceAlias "Wireless" -Dhcp Enabled

Clear DNS Cache with PowerShell

You can also manage your DNS cache with PowerShell.

List DNS Cache:

 
Get-DnsClientCache

Clear DNS Cache

 
Clear-DnsClientCache

Ping with PowerShell

PowerShell Networking Test-NetConnection Ping

How to Ping with PowerShell. For a simple ping command with PowerShell, you can use the Test-Connection cmdlet:

 
Test-Connection thomasmaurer.ch

There is an advanced way to test connection using PowerShell

Test-NetConnection -ComputerName www.thomasmaurer.ch

Get some more details from the Test-NetConnection

Test-NetConnection -ComputerName www.thomasmaurer.ch -InformationLevel Detailed

Ping multiple IP using PowerShell

1..99 | % { Test-NetConnection -ComputerName x.x.x.$_ } | FT -AutoSize

Tracert

PowerShell Tracert

Tracert with PowerShell

Test-NetConnection www.thomasmaurer.ch –TraceRoute

Portscan with PowerShell

PowerShell Portscan

Use PowerShell to check for open port

Test-NetConnection -ComputerName www.thomasmaurer.ch -Port 80
Test-NetConnection -ComputerName www.thomasmaurer.ch -CommonTCPPort HTTP

NSlookup in PowerShell

PowerShell Networking NSlookup

NSlookup using PowerShell:

Resolve-DnsName www.thomasmaurer.ch
Resolve-DnsName www.thomasmaurer.ch -Type MX -Server 8.8.8.8

Route in PowerShell

PowerShell Networking Route

How to replace Route command with PowerShell

Get-NetRoute -Protocol Local -DestinationPrefix 192.168*
Get-NetRoute -InterfaceAlias Wi-Fi
 
New-NetRoute –DestinationPrefix "10.0.0.0/24" –InterfaceAlias "Ethernet" –NextHop 192.168.192.1

NETSTAT in PowerShell

PowerShell Networking Netstat

How to replace NETSTAT with PowerShell

Get-NetTCPConnection
Get-NetTCPConnection –State Established

NIC Teaming PowerShell commands

Create a new NIC Teaming (Network Adapter Team)

New-NetLbfoTeam -Name NICTEAM01 -TeamMembers Ethernet, Ethernet2 -TeamingMode SwitchIndependent -TeamNicName NICTEAM01 -LoadBalancingAlgorithm Dynamic

SMB Related PowerShell commands

SMB PowerShell SMB Client Configuration

Get SMB Client Configuration

Get-SmbClientConfiguration

Get SMB Connections

Get-SmbConnection

Get SMB Mutlichannel Connections

Get-SmbMutlichannelConnection

Get SMB open files

Get-SmbOpenFile

Get SMB Direct (RDMA) adapters

Get-NetAdapterRdma

Hyper-V Networking cmdlets

Hyper-V PowerShell Get-VMNetwork Adapter

Get and set Network Adapter VMQ settings

Get-NetAdapterVmq
# Disable VMQ
Set-NetAdapterVmq -Enabled $false
# Enable VMQ
Set-NetAdapterVmq -Enabled $true

Get VM Network Adapter

Get-VMNetworkAdapter -VMName Server01

Get VM Network Adapter IP Addresses

(Get-VMNetworkAdapter -VMName NanoConHost01).IPAddresses

Get VM Network Adapter Mac Addresses

(Get-VMNetworkAdapter -VMName NanoConHost01).MacAddress

I hope you enjoyed it and the post was helpful, if you think something important is missing, please add it in the comments.



Hyper-V VM Switch

Change Hyper-V VM Switch of Virtual Machines using PowerShell

This is one of the first post of a short blog series with some simple PowerShell scripts and oneliners for Hyper-V. One this is how you can connect a Virtual Network Adapter of a Hyper-V Virtual Machine to another Virtual Switch.

This is very simple, with this command you can see all the Network Adapters of the Virtual Machine and to which Switch they are connected:

 
Get-VM "VM01" | Get-VMNetworkAdapter

With this command you can connect it to another Switch:

 
Get-VM "VM01" | Get-VMNetworkAdapter | Connect-VMNetworkAdapter -SwitchName "NewSwitch"

Now of course you can also do this for all Virtual Machines running on a Hyper-V host:

 
Get-VM | Get-VMNetworkAdapter
 
Get-VM | Get-VMNetworkAdapter | Connect-VMNetworkAdapter -SwitchName "NewSwitch"
 
Get-VM | Get-VMNetworkAdapter


CDN Consistent Device Naming

Cisco UCS supports Consistent Device Naming (CDN)

Yesterday I posted about Cisco UCS supporting RDMA (SMB Direct) with firmware version 2.2(4b)B. Walter Dey, former Cisco Distinguished Engineer at Cisco informed me not only about the RDMA feature he also showed me that Cisco UCS now supports Consistent Device Naming which was introduced with Windows Server 2012. Consistent Device Naming (CDN) allows Ethernet interfaces to be named in a consistent manner. This makes Ethernet interface names more persistent when adapter or other configuration changes are made. To use CDN in Cisco UCS you need to run firmware version 2.2(4b)B. This will help to make it a lot easier to identify network interfaces used with Windows Server 2012 R2 and Hyper-V.