Microsoft Hyper-v Address Range

Microsoft Hyper-v Address Range Calculator
Microsoft Hyper-v Address Ranges
Microsoft Hyper V Mac Address Range

We noticed an issue following Windows 10 update 1809 where Windows would reserve a range of ports that included port 50,000. This was an issue for our developers who had long been using this port for test websites.

Whilst we were able to mitigate this, initially by moving the dynamic range from the default, we found that following the next update – I think KB4497934, ‘Administered port exclusions’ were made outside of our specified range resulting in the websites not being able to start.

Lots of other people have seen this too, with a few notable links pasted below:

After the updates, we saw the following results from netsh – you can see the asterisk against a range including port 50,000:

After moving the port range we still saw excluded ports in the high range (ie above 50,000) and our sites still failed. Following a support call with Microsoft we were informed of an entirely (at time of writing) undocumented registry key ‘EnableExcludedPortRange’ to disable the excluded port range (in effect the ports marked with an asterisk above.

Traditionally, this isolation was enforced using VLANs with a segregated IP address range and 802.1q Tag or VLAN ID. But with HNV, isolation is enforced using either NVGRE or VXLAN encapsulation to create overlay networks with the possibility of overlapping IP subnets between customers or tenants. For dynamic MAC addressing in Hyper-V, a range of 256 possible MAC addresses is used by default. The starting and ending addresses are derived from the lowest two octets in an IPv4 address on the Hyper-V server, and will begin with Microsoft’s Organizationally Unique Identifier (OUI) of 00-15-5D. According to Microsoft documentation, the number of dynamic MAC addresses that a Hyper-V host can produce is 256.Suppose we have the MAC address aa-bb-cc-dd-ee-ff. The first 3 octets (aa-bb-cc) refer to a Microsoft’s Unique Identifier that is used in all Hyper-V hosts (00: 15: 5D).

We then see:

In the end we knocked up a quick script to look for Hyper-V being installed (as this is where we saw the issue) and make the changes as described above – this will also undo the changes if Hyper-V is removed. Consider a better detection method as this isn’t the quickest, but we got bored of this issue so it will do for now:

rem Modify Dynamic Port Range for Development Users dism /online /get-features | find /i 'Microsoft-Hyper-V' && ( rem Modify Dynamic Port Range start /wait ' netsh int ipv4 set dynamicport tcp start=20000 num=16384 start /wait ' netsh int ipv4 set dynamicport udp start=20000 num=16384

rem Add Registry Key start /wait ' reg add HKLMSYSTEMCurrentControlSetServiceshnsState /v EnableExcludedPortRange /d 0 /f

goto :eof

)

rem Set range to default
start /wait “” netsh int ipv4 set dynamicport tcp start=49152 num=16384
start /wait “” netsh int ipv4 set dynamicport udp start=49152 num=16384

rem Remove Registry Key
start /wait “” reg delete HKLMSYSTEMCurrentControlSetServiceshnsState /v EnableExcludedPortRange /f

-->

Applies To: Windows Server 2012

See the following sections in this topic:

Problem description

More and more organizations are leveraging the advantages of virtualization in today’s business environment. However, virtual networks also require physical resources, including:

Compute resources: Physical servers that host virtual machines, such as a Hyper-V cluster are required.
Storage resources: Clustered file servers such as the Scale-Out File Server in Windows Server 2012 are a critical component of any virtualization solution.
Network resources: Physical devices such as routers and switches that connect virtual networks to other networks are necessary.
Management resources: Physical servers and devices that provide automation, access control, monitoring, and scalability for virtual networks, such as System Center Virtual Machine Manager are a critical component.

As a consequence, organizations often need to manage a hybrid environment consisting of both physical and virtual resources. See the following diagram.

Placing virtual and physical devices on separate subnets enables customization of network settings but adds complexity. Larger, flat networks are typically more efficient and less complex to manage than a design that includes multiple smaller, partitioned networks. DHCP policies can help to simplify management of hybrid environments by enabling greater flexibility and control of the network configuration of DHCP clients.

Virtual machines

An advantage of virtual machines is that they can be added and removed dynamically from the network depending upon load requirements. However, this capability can bring with it some unique requirements. Due to their dynamic nature, virtual machines might require:

A different, often shorter, lease duration
A different default gateway for use in traffic management
A different domain name or DNS server
A different IP address range

These configuration parameters can be managed by creating a DHCP policy based on MAC address prefix. DHCP clients that match the policy are assigned IP addresses from a specific IP address range, a short lease duration, and different DHCP options such as default gateway and DNS server.

MAC addressing in Hyper-V

With Hyper-V, you can configure a virtual machine to use a dynamic or a static MAC address. The default option is to use a dynamic MAC address, which means that Hyper-V will generate a MAC address for the network adapter. To view MAC address settings in Hyper-V, right-click a virtual machine, click Settings, and then under Network Adapter, click Advanced Features. See the following example.

In this example, the Hyper-V server is using a dynamic MAC address range of 00-15-5D-9F-DF-00 to 00-15-5D-9F-DF-FF. To use a static MAC address, select Static and then specify a MAC address.

For dynamic MAC addressing in Hyper-V, a range of 256 possible MAC addresses is used by default. The starting and ending addresses are derived from the lowest two octets in an IPv4 address on the Hyper-V server, and will begin with Microsoft’s Organizationally Unique Identifier (OUI) of 00-15-5D. The range can be modified, if desired, by editing the MaximumMacAddress and MinimumMacAddress registry keys located under HKLMSoftwareMicrosoftWindowsNTCurrentVersionVirtualization. This kind of support is provided by all the virtualization platforms.

To group virtual machines in a DHCP policy, create a policy with conditions based on MAC address or MAC address prefix.

For example, if MAC addresses are assigned from the range 00-15-5D-9F-DF-00 to 00-15-5D-9F-DF-FF, you can create a policy based on the MAC address prefix 00-15-5D-9F-DF. If you would like the policy to cater to all virtual machines regardless of the host or host group, use the MAC address prefix 00-15-5D with a wildcard (00155D*). The following procedure demonstrates how to configure this policy.

Configure a MAC address based DHCP policy

Use the following procedure to configure a policy for virtual machines based on MAC addresses. In this procedure, the example MAC address range used is 00-15-5D-9F-DF-00 to 00-15-5D-9F-DF-FF. You must replace the values used in this example with the MAC address range used in your environment. By default, the Hyper-V server will use a MAC address range that includes values of 00 to FF for the sixth octet, with the same first five octets. For more information, see MAC addressing in Hyper-V.

To configure a MAC address based DHCP policy

In the DHCP console, choose a scope that will be used to issue leases to both physical and virtual DHCP clients.
Under the DHCP scope, right click Policies and then click New Policy.
In the DHCP Policy Configuration Wizard, type MAC Prefix Policy next to Policy Name, and then click Next. You can type a different policy name and enter a description if desired.
On the Configure Conditions for the policy page, click Add.
Next to Criteria, choose MAC Address from the drop-down list and choose Equals next to Operator.
Next to Value, type 00155D9FDF, select the Append wildcard checkbox, click Add, and then click OK.
Click Next, and provide an IPv4 address range to be used for clients that match the policy. To provide a range, enter a start and end IP address next to Start IP address and End IP address, respectively. The percentage of IP address used by this IP address range compared to all available IP addresses in the scope is displayed next to Percentage of IP address range. If you do not want to specify a range of IP addresses for the policy, select No next to Do you want to configure an IP address range for the policy.
Note
The IP address range specified must be within the IP address range for the scope. An IP address range setting cannot be specified in server level policies.
Click Next, and specify DHCP options to be used by clients that match the policy, such as the default route or list of DNS servers.
Click Next, and on the Summary page review the conditions and settings for this policy. Click Finish to create the policy.
To configure a custom lease duration for virtual machines, right-click the policy you just created and then click Properties. On the General tab, select the Set lease duration for the policy checkbox and then specify a lease duration.
Review the conditions and settings for the policy by clicking each available tab. DNS registration settings can be modified on the DNS tab. Click OK to apply changes or click Cancel to discard changes.

After you have configured this policy, you can also right-click the policy and click Move Up or Move Down to change its processing order.