Home  Tutorials  Generality


Hyper-V and Router Guard Feature (EN)

With Windows Server 2012, Microsoft added Hyper-V Router Guard feature. This feature can be enabled onVM NICs and it discards the following packets:
  • ICMPv4 Type 5 (Redirect message): The ICMPv4 Redirect message is used to notify a remote host to send data packets on an alternative route using IPv4 protocol. Redirects are only sent by Gateways.
  • ICMPv4 Type 9 (Router Advertisement): The ICMPv4 Router Advertisement is used to enable hosts to discover the existence of neighboring routers using IPv4 protocol. Each router periodically multicasts Router Advertisement from each of its multicast interfaces.
  • ICMPv6 Type 134 (Router Advertisement): Same as the one for IPv4 but is for IPv6.
  • ICMPv6 Type 137 (Redirect message): Same as the one for IPv4 but is for IPv6
In other words, this feature blocks virtual machines from acting as routers.

How to enable Hyper-V Router Guard feature using UI?

All you need to do is the following:
  • UsingHyper-V Manageradministrative tool, do a right click on your VM and then click onSettings


  • Go toAdvanced Featuresunder the VM NIC and then checkEnable router advertisement guardoption. Once done, click onOK



How to enable Hyper-V Router Guard feature using PowerShell?

Set-VMNetworkAdapter with RouterGuard switch can be used to enable router advertisement guard on VM NICs.

Set-VMNetworkAdapter: http://technet.microsoft.com/en-us/library/hh848457.aspx

We can take the following example which enables Router Guard feature on all NICs for Server1 VM:

   
Get-VMNetworkAdapter –VMName Server1 | Set-VMNetworkAdapter –RouterGuard on