Cannot access the virtual or dedicated IP address of an NLB node (Guest) running in Unicast Mode on Windows Server 2008 R2 Hyper-V

When you configure NLB in unicast mode on virtual machines (guest machines) running on Windows Server 2008 R2 Hyper-V, you may not be able to ping the virtual IP address or the dedicated IP address of the virtual machines.

With this problem, if you take a network capture on the machine you are pinging from, you will see an ARP request leaves the client with the machine requesting the physical (MAC) address of the NLB node, but no response is received. A capture taken on the NLB node, however, will show the node responds to the ARP request but the response does not reach the client machine (source).

This is because the Hyper-V Virtual Switch drops the ARP response packet as the source MAC address on the ARP response packet does not match the MAC address of the virtual NIC on the Virtual machine’s settings.

When unicast NLB nodes respond to an ARP request with an ARP response, they don’t use their actual MAC address in the Ethernet Source Address field. This is because in unicast NLB the Virtual MAC address 02-BF-XX-XX-XX-XX will override the actual MAC address of the NIC so the nodes will use the spoofed MAC address (02-HostID-XX-XX-XX-X) for all outbound packets to keep the network switch from learning the virtual MAC address of the NLB nodes.

The virtual switch in Windows Server 2008 R2 has MAC Spoofing disabled by default on all ports which will drop the packet when it finds the spoofed MAC address in the Ethernet Source Address Field which is different than actual MAC address as shown below.


To resolve this issue, enable MAC address spoofing on the network adapter of the virtual machine (guest machine) using the following steps:

Note: The virtual machine must be turned off to make this change.

  1. Open the virtual machine settings (right-click the machine in Hyper-V Manager and click Settings…).
  2. Select the network adapter bound to NLB in the list of hardware.
  3. In the right pane, check the box labeled "Enable spoofing of MAC addresses".
  4. Click on ok and start the virtual machine.

Note: Make sure to do this on all NLB nodes.


For more information about MAC spoofing, please follow the link given below to JHoward’s blog on the subject:

- Saravanan N