• Home  / 
  • Research
  •  /  Using a virtual router for your lab and test environment

Using a virtual router for your lab and test environment

When build lab and proof-of-concept solutions in a virtual environment it's very useful to also have a virtual router to enable multiple networks to connect, and to simulate a larger environments. Depending on virtualization platform you can use built-in network configurations to route, and bandwidth-limit network traffic.

In this article you learn to use a Windows Server 2016 based router, but the steps also works for Windows Server 2012 R2. The configuration works for both Hyper-V and VMWare environments, but the detailed steps and screenshots are taken from a Hyper-V based setup.

Note: For a guide on using a more advanced, Linux-based router instead, check out this post: 

Using pfSense Community Edition as a virtual router for your lab environment
https://deploymentresearch.com/614/Using-pfSense-Community-Edition-as-a-virtual-router-for-your-lab-environment

Scenario

In this guide you learn to setup NAT and Routing for two different sites: New York, and Chicago.

The NAT configurations is to provide Internet access to the sites, and the Routing is make sure machines in New York can reach machines in Chicago.

net
Very shiny Microsoft paint creation 🙂

Note #2: There is a video available for a Windows Server 2012 R2 version of the setup.

Note #3: I have posted a guide on how to configure Windows Server 2012 R2 RRAS (Option 1) with PowerShell.

Note #4: If you only are interesting in providing Internet access for a single network, you can just use the NAT feature in Hyper-V or VMware, no need for a virtual router. Ami Casto (@mdtpro) blogged about the Hyper-V NAT feature here: https://deploymentresearch.com/558/Setting-Up-New-Networking-Features-in-Server-2016.

Note #5: Yes, I wrote this guide for Windows Server 2012 R2, but you can absolutely replace Windows Server 2012 R2 with Windows Server 2016 in this guide.

    Scenario

    The step-by-step guides in this article configure a virtual router for part of (two sites) the fictive ViaMonstra network. For a full IP plan for ViaMonstra network, see http://viamonstra.com/?page_id=25.

    In this scenario you configure routing between the following local networks, and also provide them Internet access.

    • New York: 192.168.1.0/24
    • Chicago: 192.168.3.0/24

    In addition ViaMonstra also have Internet access. In a real world (physical) network you would have many routers, but in a virtual environment where all virtual machines are running on the same host you only need one router. This also means that in this guide there are two internal virtual networks (virtual switches in Hyper-V), and one external network.

    Creating the virtual networks (virtual switches in Hyper-V)

    Using Hyper-V Manager (or PowerShell), create the following virtual switches (if you are new into Hyper-V, check this documentation on how to create virtual networks: http://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/connect-to-network):

    • External network
      • Name: External
      • Connection Type: External network (connected to physical network adapter of your host)
    • New York       
      • Name: New York
      • Connection Type: Internal network
    • Chicago
      • Name: Chicago
      • Connection Type: Internal network

    VM
    The virtual switches configured.

    Create the Virtual Router VM in Hyper-V

    1. Create a virtual machine named GW01 with three network adapters (1 GB RAM and 60 GB disk).

    2. In the virtual machine settings, connect network adapter #1 to the External virtual network.

    3. Connect network adapter #2 to the New York virtual network.

    4. Connect network adapter #3 to the Chicago virtual network.

    5. On the virtual machine settings, make a note of the Mac Address for each network adapter. In my setup I had the following:   

    Adapter #1 (External): 00:15:5D:01:00:41

    Adapter #2 (New York): 00:15:5D:01:00:42

    Adapter #3 (Chicago): 00:15:5D:01:00:43

             

        NET01
        GW01 created with three network adapters.

        Option 1 – Using a Windows Server 2012 R2 or Windows Server 2016 VM with Routing and Remote Access.

          1. Install Windows Server 2012 R2 or Windows Server 2016 on GW01 and set the computer name to GW01.    

          2. Using Network Connections, configure the networks to the following.

          Note: Use the Mac Address you noted earlier to find correct adapter, they are very likely to be different in your environment 🙂

          Adapter #1 (00:15:5D:01:00:41)

            • Name: Internet
            • IP Address: DHCP

          Adapter #2 (00:15:5D:01:00:42)

            • Name: New York
            • IP Address: 192.168.1.1
            • Subnet mask: 255.255.255.0
            • DNS: 192.168.1.200

          Adapter #3 (00:15:5D:01:00:43)

            • Name: Chicago
            • IP Address: 192.168.4.1/24
            • Subnet mask: 255.255.255.0
              • DNS: 192.168.1.200

             

            net02
            Networks configured in Network Connections.

            3. Verify that you have Internet access by running the Test-NetConnection command in a PowerShell prompt.

            net05
            Verifying Internet access on GW01.

            4. Using Windows Firewall with Advanced Security, enable the File and Printer Sharing (Echo Request – ICMPv4-In) inbound rule.

             

            net03
            Configuring the firewall rules on GW01.

             

            5. Using Server Manager, add the Remote Access role, click Next three times, and on the Role services page, select Routing, and accept to add the features that are required.

            6. Complete the Add Roles and Features Wizard with the default settings, and when the setup is completed, click Close.

            7. Using Routing and Remote Access (from the start menu), right-click GW01 (local), and select Configure and Enable Routing and Remote Access.

            8. Use the following settings for the Configure and Enable Routing and Remote Access Setup Wizard:

            • Configuration: Network address translation (NAT)
            • NAT Internet Connection:        

                                  

                net04
                Selecting the Internet network interface.

                  

                • Network Selection: Select the New York network        

                Note: When finish the Routing and Remote Access Server Setup Wizard, ignore the error about the VPN firewall setting. That feature is not used when routing only.

                    9. Still in Routing and Remote Access, navigate to GW01 (Local) / IPV4 / NAT.

                    10. Right-click NAT and select New Interface. Then select the Chicago and click OK.

                    11. On the Network Address Translation Properties – Chicago page, make sure the private interface connected to private network option is selected, and click OK.

                    12. Still in Routing and Remote Access, navigate to GW01 (Local)

                    Done! 🙂   

                    Verifying that routing and NAT works

                    Time to verify that everything works: For example by deploying two virtual machines with Windows 10. In this scenario the PC0001 VM is in the New York site, and the PC0002 VM is in the Chicago site.

                    Testing NAT on the New York site

                    Configure the PC0001 VM to be connected to the New York virtual switch, and assign the following IP configuration to it:

                    • IP Address: 192.168.1.90
                    • Subnet mask: 255.255.255.0
                    • Default Gateway: 192.168.1.1
                    • DNS: Whatever DNS you are using, but for example 8.8.8.8 (Google DNS) works fine for testing.

                    Verify that you can ping 192.168.1.1

                    Verify that you can ping 8.8.8.8

                    Try to browse the Internet.

                     

                    Testing NAT on the Chicago site

                    Configure the PC0002 VM to be connected to the New York virtual switch, and assign the following IP configuration to it:

                    • IP Address: 192.168.4.90
                    • Subnet mask: 255.255.255.0
                    • Default Gateway: 192.168.4.1
                    • DNS: Whatever DNS you are using, but for example 8.8.8.8 (Google DNS) works fine for testing.

                    Verify that you can ping 192.168.4.1

                    Verify that you can ping 8.8.8.8

                    Try to browse the Internet.

                    Testing Routing between the sites:

                    From a command prompt on PC0001, verify that you can ping PC0002 (192.168.4.90).

                    Note: If you can't ping PC0002, verify that you don't have a firewall rule that prevents it.

                       

                     

                    Happy Routing / Johan

                    About the author

                    Johan Arwidmark

                    16
                    Leave a Reply

                    avatar
                    15 Comment threads
                    1 Thread replies
                    0 Followers
                     
                    Most reacted comment
                    Hottest comment thread
                    7 Comment authors
                    Johan ArwidmarkAnthony Labradorreneedhedges01ZakG Recent comment authors
                      Subscribe  
                    newest oldest most voted
                    Notify of
                    Anthony Labrador
                    Guest
                    Anthony Labrador

                    Hi Johan,

                    I completely simulated this guide in the Windows.
                    Now, I need on how to simulate this in vsphere vmware environment.

                    Thanks,
                    -Anthony

                    renee
                    Guest
                    renee

                    Hello! Thank you for writing up these detailed instructions. I've followed the instructions for option 1 exactly as you suggested, but have had no luck. The VMs that I'm trying to connect into the subnets cannot ping each other nor the internet. It seems that they are just getting IP addresses assigned from DNS. Any suggestions for trouble shooting? Do you need to set up static routes or anything in order to connect the subnets to the internet virtual switch?

                    Any advice would be greatly appreciated!

                    renee
                    Guest
                    renee

                    Hello! Thank you for writing up these detailed instructions. I've followed the instructions for option 1 exactly as you suggested, but have had no luck. The VMs that I'm trying to connect into the subnets cannot ping each other nor the internet. It seems that they are just getting IP addresses assigned from DNS. Any suggestions for trouble shooting? Do you need to set up static routes or anything in order to connect the subnets to the internet virtual switch?

                    Any advice would be greatly appreciated!

                    dhedges01
                    Guest
                    dhedges01

                    If setting this up in an existing domain environment, does the Gateway (GW01) need to be a member of the existing domain, a new (Virtualized) domain, or just a Workgroup computer?

                    ZakG
                    Guest
                    ZakG

                    I have followed the instructions but somewhere I'm having an issue. I can ping the DC from GW01 but neither my DC or CM server can reach outside. I can also ping GW01 from both the DC and the CM server. I'm not sure what is wrong.

                    ecabrera81
                    Guest
                    ecabrera81

                    Never mind i worked it out. It seems a few of the NIC adpaters for DC01, MDT01, and PC001 got corrupted or just needed to be reinstalled in Hyper-V Did the reinstall, and setup the router via 2012R2 as above and all is working fine now. I am able to ping to DC01 over to DC03 Stockholm.

                    ecabrera81
                    Guest
                    ecabrera81

                    Hello.

                    I followed option 1 but i realized that my IP address scheme on my host machine is the same as the one in the book, and this lab. Is there a way around this? Every time i boot up the GW01 I lose internet access on my host machine. Also i am unable to ping between DC01 New York Site, and DC03 Stockholm site. Should i just point all my vm's towards the outside interface and not bother with the virtual router?

                    Thanks

                    kringle777
                    Guest
                    kringle777

                    I tried both options. What I'm saying is that your instructions are somehow missing something in Option 1. Check it out. Between the selecting of the Internet network interface and the selecting of the New York network. It doesn't make sense, sorry.

                    After that, I tried Option 2. Thanks for the video link. Maybe it will point me in the right direction.

                    Chris

                    kringle777
                    Guest
                    kringle777

                    There seems to be something missing under Option 1. Between 3b "Select the Internet network interface" and the next part which says "Select the New York network". What's missing between those two parts? As for Option 2, I got it set up exactly as described, and can ping out to the Internet from the Vyatta router. But I can't get any of my virtual machines on my only virtual (New York) subnet to connect to the Internet. I'm using the Hydration Kit from the SCCM SP1 book and have DC01, CM01, PC0001, and PC0002 built. But none of them will… Read more »


                    >