How To Connecnt Guest VM To Internet (Windows) | Nutanix Community
Skip to main content
Solved

How To Connecnt Guest VM To Internet (Windows)

junsu
Forum|alt.badge.img+2
  • junsu
  • Trailblazer
  • 38 replies

I received this answer a few days ago

[Just plug your VM on a VLAN where there is a router connected to the internet. Then either use DHCP if there is some, or configure an IP address and set your router as gateway. That’s it.]

but 
Is there anyone who can explain in more detail?
I am currently configuring guestvm with windows10
The network settings are like this

 


The port of the node where the GUEST VM is installed is directly connected to the Internet-enabled LAN

Or should I change the settings inside Windows vm? It is composed of dhcp

 

 

Best answer by DavidN

I agree w Dominix_pf’s recommendations + adding a few thoughts:

 

This largely depends on the types of ToR switches you have (Managed/Unmanaged - VLAN capable?)

If switch is VLAN capable, you should create a separate VLAN on the switch for Guests running on the cluster (upstream router will have to know about this subnet too), add the network to the Nutanix (AHV) cluster and then you’ll be able to pick that vlan in the VM’s NIC configuration.

I believe AHV has the option to do “management” (IPAM - DHCP like features) in case your router doesn’t have that option.

 

If your ToR switches are not VLAN capable then your CVM/Hypervisor and Guest VM traffic will probably be sharing the same Subnet (which is not really best practice/recommended for security reasons.) Nutanix CVMs create internal Firewall rules that permit some inbound traffic from the same subnet as the CVMs/Hypervisor’s Management IPs. By putting Guest VM traffic into this same network, it presents another attack surface… for small environments this may be “ok” but I don’t think it’s best practice.

 

References:

AHV Networking (nutanix.com)

The Nutanix Bible

View original
Did this topic help you find an answer to your question?
This topic has been closed for comments

3 replies

Dominix_pf
Forum|alt.badge.img+2
  • Dominix_pf
  • Trailblazer
  • 23 replies
  • June 8, 2022
junsu wrote:


The port of the node where the GUEST VM is installed is directly connected to the Internet-enabled LAN

...

 

you should never plug directly on a node. You have to use your TOR switchs and define a VLAN, so you just put you VM on you VLAN and the VM see the router.

I advice you to read about VLAN and general switch configuration before going futher.

cheers.

DavidN
Forum|alt.badge.img+6
  • DavidN
  • Trendsetter
  • 45 replies
  • Answer
  • June 8, 2022

I agree w Dominix_pf’s recommendations + adding a few thoughts:

 

This largely depends on the types of ToR switches you have (Managed/Unmanaged - VLAN capable?)

If switch is VLAN capable, you should create a separate VLAN on the switch for Guests running on the cluster (upstream router will have to know about this subnet too), add the network to the Nutanix (AHV) cluster and then you’ll be able to pick that vlan in the VM’s NIC configuration.

I believe AHV has the option to do “management” (IPAM - DHCP like features) in case your router doesn’t have that option.

 

If your ToR switches are not VLAN capable then your CVM/Hypervisor and Guest VM traffic will probably be sharing the same Subnet (which is not really best practice/recommended for security reasons.) Nutanix CVMs create internal Firewall rules that permit some inbound traffic from the same subnet as the CVMs/Hypervisor’s Management IPs. By putting Guest VM traffic into this same network, it presents another attack surface… for small environments this may be “ok” but I don’t think it’s best practice.

 

References:

AHV Networking (nutanix.com)

The Nutanix Bible

aluciani
Dominix_pf
junsu
3 people like this
  • aluciani
    aluciani
  • Dominix_pf
    Dominix_pf
  • junsu
    junsu
junsu
Forum|alt.badge.img+2
  • junsu
  • Author
  • Trailblazer
  • 38 replies
  • June 14, 2022

thank you for your kind reply

 

Terms & Conditions