Hyper-V Program Manager
Router guard is another advanced networking feature that was added in Windows Server 2012:
When you enable Router Guard Hyper-V switch will discard the following packets:
Much like DHCP guard – the two most common questions I get about router guard are:
You can configure this setting through the UI or with PowerShell. To configure it with PowerShell you should use the RouterGuard parameter on the Set-VMNetworkAdapter cmdlet:
Ben, is there any estimate for the performance impact of router/dhcp guard feature? What does it impact? CPU of the host? vCPU of the VM? Or physical NICs in the host (in case this is somehow offloaded)?
Say we need to enable both guards on 300 VMs in a cluster, what kind of performance impact are we looking at?
in your first example, would it not be smarter to disable Advertising on these interfaces (with no performance impact)?
The biggest problem in my opinion with Router Guard is that it is only working outbound (RA inside the virtual machine). I would prefer the Guard working inbound to secure my machines to rouge RAs in my network. Or is this possible and I have overseen some settings?
Why is there not one single site, including the MS ones, that spell it out clearly: Is Router Guard and DHCP Guard a setting for INCOMING or OUTGOING packets. The explanation in the HyperV Mgmt console, and for a guy who has worked with Cisco for over 15 years spells incoming, but everyone seems to understand magically that it is for incoming use. Why would an administrator set up a VM that pretends to be an authorized DHCP Server, as the explanation for DHCP Guard says, and then block that DHCP server from sending Offer messages later on? If it is not supposed to be a DHCP server just not let it be.
This is really frustrating, and call me stupid, or whatever you want, but I would appreciate it if someone provided an explanation.