Friday, January 15, 2016

NVGRE Tenant VM is unable to communicate with the Internet as DNS cannot resolve

Issue:

HNV Multitenant Gateway VM is providing NAT/VPN capabilities for VMs in virtual networks so they could communicate with the Internet and through VPN tunnels.
HNV Gateway VM is able to communicate to the Internet and it is able to resolve any DNS names.
However the Tenant VM itself is unable to communicate to the Internet as it is unable to resolve any DNS names and to bind to DNS server with nslookup even though it can ping and "telnet dns-server-IP 53" (ex. 8.8.8.8). In my case it is not KB2918813

Hardware environment: 10G NIC cards with Broadcom (now it is called QLogic because of recent acquisition) chipset (BCM57xxx) and Encapsulated Task Offload  enabled (which should provide CPU offload related to NVGRE operations):
Driver: 7.12.32.0 or older
Firmware: 7.12.17 or older



Resolution:

The Broadcom (QLogic now) Network adapters have a feature called Encapsulated Task Offload which is enabled by default. If you disable Encapsulated Task Offload on Hyper-V hosts with Tenant VMs everything works fine. You can disable it by using the following PowerShell cmdlet.

Set-NetAdapterEncapsulatedPacketTaskOffload -EncapsulatedPacketTaskOffloadEnabled $false -Name "NICNAME"

where "NICNAME" in my case "SLOT 2 Port 1" and "SLOT 2 Port 2":
PS > Get-NetAdapterAdvancedProperty | where {$_.Displayname -like "encaps*"} | ft Name,DisplayName,DisplayValue,InterfaceDescription

Name                          DisplayName                   DisplayValue                  InterfaceDescription
----                          -----------                   ------------                  --------------------
SLOT 2 Port 1                 Encapsulated Task Offload     Disabled                      QLogic BCM57810 10 Gigabit...
SLOT 2 Port 2                 Encapsulated Task Offload     Disabled                      QLogic BCM57810 10 Gigabit...
Converged                     Encapsulated Task Offload     Disabled                      Microsoft Network Adapter ...

If you have other issues related to NVGRE I'd recommend to look at recommended hotfixes, updates, and known solutions for Windows Server 2012 R2 Hyper-V Network Virtualization (HNV) environments.