Summary
Some systems (VMWare, VirtualBox) talk about “virtual networks” that connect VMs to each other, to the host computer, or to the outside world. Hyper-V defines its virtual networks as named virtual switches, since modern wired networks are constructed from interconnected small scale home or large scale Enterprise switches. VMs connected to the same virtual switch can communicate directly to each other in the same way that physical computers connected to the same physical switch can talk to each other directly.
As in the physical world, a VM has one or more virtual Network Adapters, each connected to a virtual switch.
The Windows system running on the host computer can be connected to a virtual switch if Hyper-V generates a simulated network adapter in the host OS.
A physical network adapter in the host computer can also be associated with the virtual switch. This allows you to plug a physical Ethernet cable into that adapter and Hyper-V then emulates what would have happened if the cable had been plugged into the virtual switch. The VMs connected to the switch can talk directly to whatever that cable is connected to, whether it is a physical switch, computers, or device.
The host computer may not have a spare network adapter, but it may be willing to share one of its wired Ethernet adapters with the VMs on a virtual switch. This is so common that it is usually done in a single operation that transfers the addresses and configuration that the physical Network Adapter previous had on the external network to a new synthetic network adapter logically connected to the virtual switch. Where before the Windows host system had one network adapter, now there are two. One network adapter represents the physical card, but has only hardware parameters (like whether to use Jumbo Frames). the other network adapter has only software parameters, like the IP addresses, gateway, and DNS servers.
After a few second interruption, the host system can continue to communicate with the external network as before, but now it can also talk to the VMs on that switch, and the VMs can now communicate with the external network.
The “It Just Works” Networks
Your home network is probably controlled by a gateway device you rent from your ISP (for example, a cable modem for Comcast or another cable TV provider). This gateway provides your house with a WiFi router that also has a couple of wired network Ethernet ports. If you do nothing but turn it on, the gateway devices creates a default network and assigns IP addresses to all the other devices in your home.
Hyper-V originally came with network configuration tools that could be understood by a professional, but Microsoft quickly discovered that real people either didn’t know how to do this or else messed up the configuration and then called for help. Eventually they create the Default virtual switch. It comes automatically with Hyper-V. You can choose not to use it, but you cannot delete it or change it. It uses whatever network connection your host computer already has (to your home or business network whether wired or WiFi). You can connect any VM to the Default switch and it behaves as if it were a gateway device from an ISP like Comcast. It selects some subnet address, assigns IP addresses automatically to the VMs, and gives them client access to the Internet so they can download files and connect to servers.
Every time you restart your host computer, Hyper-V does a “factory reset” on the Default switch restoring all the initial configuration. To be sure that you cannot mess it up, the Default network selects a new IP subnet and gives every VM new addresses.
This paper is for people who want something other than DefaultVirtual Machines communicate over one or more simulated wired networks (VMs do not simulate WiFi). In the real world a wired Ethernet nework (whether at work or at home) is created from devices called switches. Ethernet adapters in a PC are connected to a switch by an Ethernet cable, and switches can be connected to each other to build a larger network. Hyper-V describes its virtual network in terms of virtual switches, but the terms “switch” or “network” are interchangeable.
Hyper-V creates one initial virtual switch/network called Default, and if you are using Windows Home Edition that is all you get. On Pro or Enterprise you can install the full Hyper-V function with a Manager tool and create your own virtual switches. All Hyper-V virtual switches are identical, so the reason for having more than one is to separate which VMs talk to which other VMs, or to control how IP addresses are assigned.
Each VM can have one or more virtual network adapter cards, each of which is connected to one switch. VMs attached to the same switch share an IP subnet and can communicate directly to each other.
The Windows host OS on your physical laptop or desktop computer can itself get one or more virtual network adapter cards connected to Hyper-V virtual switches, thus allowing it to talk to the VMs.
A virtual switch can also be associated with a single physical Ethernet adapter in the physical computer. When used this way, the adapter itself is not a communications endpoint. It has no IP address itself. Rather, it is a raw low level Ethernet connection between a virtual switch and some external physical network or device. This allows VMs to appear on a real network as if they were real computers.
In Powershell commands, there are independent operations to create a virtual switch, attach a VM to a virtual switch, create a virtual network adapter on the host system attached to a virtual switch, and attach a physical Ethernet adapter to a virtual switch. However, the Hyper-V Manager is user friendly and allows you to do several things at once. For example, you can create an External virtual switch associated with an Ethernet adapter that the host system is already using. In one operation, the Hyper-V Manager creates a new virtual switch, and a virtual Ethernet adapter on the host system, transfers all the existing IP configuration on the physical Ethernet adapter to the new host virtual adapter, and not attaches the physical adapter (now stripped of all its IP configuration) to the virtual switch. This is a request that users make frequently enough that it is convenient to be able to do it all in one request. However, the Hyper-V Manager definition of “types” of virtual switches as External, Internal, and Private are not actual mutually exclusive choices but rather names it gives to the most popular three ways of configuring the switch, host virtual adapter, and physical Ethernet adapter options.
The “It Just Works” Networks
Hyper-V automatically creates a single virtual switch named Default.
This provides a self configuring virtual network with all the options needed for most casual users.
There is no configuration or administration of Default.
When the host system boots up, Default gets a “factory reset” and chooses a random subnet range of addresses.
There is a virtual Ethernet adapter on the host Windows system attached to Default and assigned the first IP address in the subnet range.
Default uses DHCP to assign new IP addresses to each virtual adapter on a VM that is attached to it. It also sets the host virtual adapter address as the gateway and DNS server address for VMs.
The host Windows system provides a gateway service using the NAT protocol. When a client program on a VM connects to an Internet service, it passes the request to the host Windows system. The NAT function changes the request so it appears to be coming from a program on the host physical computer, and then sends the data out in the same way it would send data for a local application program. It will use wired, or WiFi, or VPN for this data in exactly the same way as it sends data from Firefox or Outlook.
When a VM gets an IP address from DHCP, the host Windows system writes the VM hostname (with a dummy domain suffix of *.mshome.net) and IP address in the file C:\Windows\System32\drivers\etc\hosts.ics. This is treated as an extension of the normal “hosts” file on every Windows or Linux system. When Windows is looking for a computer name, it checks the hosts files first before going to a DNS server. Therefore, if there is a VM named “docker” then the host can communicate to it using the dummy name of “docker.mshome.net”.
The VMs also get a dummy DNS server from the host. When they ask for the IP address associated with a name, then host OS looks the name up using its own standard API. This checks the hosts files first, then makes a DNS request if the name is not in the file. Therefore, the VMs get the same DNS server the host Windows system provides and can find each other using vmname.mshome.net.
Default provides so many useful services that you will probably want to connect it to all your VMs. However, there are a few things it does not do.
You cannot assign static IP addresses on Default.
External clients cannot access VM services through Default.
You cannot connect Default to a physical adapter card.
Default only supports local VMs running on your physical host computer.
Therefore, a technically sophisticated user with more complex network requirements may want to create additional virtual switches with other characteristics and additional virtual adapters for specific VMs to attach them to these custom networks.
The Virtual Switch
A virtual switch is a way that Microsoft chose to configure they way that VMs communicate with each other, with the host, and with an external real network connected to Hyper-V through a physical Network Adapter on the host computer.
Hyper-V does not simulate a real switch. It moves data between a VM and another VM, the host computer, or the physical Network Adapter based on the configuration of virtual switches “attached” to virtual switches. The important difference is that real switches can be connected one to another, and data can move from a computer through a sequence of physical switches to another device. Physical switches are all peers and they allow traffic to move through them freely.
A Hyper-V virtual switch, however, is like a suburban dead end street. You enter from one end (the host or physical Network Adapter, and you can then go to any address on the street. However, when you get to the end of the street you can only turn around and go back. Hyper-V requires that either the sender of the message be directly attached to the switch or else the receiver can be directly attached to the switch, but it is not a through street where traffic can just pass through on its way to and from somewhere else.
Therefore, you can connect the host Windows system to a switch and you can connect one (and only one) physical Network adapter to the switch. The host can serve as a gateway to the Internet, or the physical Network Adapter can be connected to your home network where your ISP provided a Gateway device.
If you want to create Linux VMs that simulate various network components, you can configure a Linux NAT Gateway or a Linux Router, but if you try to turn a Linux VM into a Bridge device to seamlessly connect two networks, that is the one thing that works with physical computers and real switches but doesn’t work with Hyper-V virtual switches.
concept for Hyper-V configuration.
Data does not move from the VM to some Hyper-V “switch” memory, get processed by some simulated “switch” firmware, and then get forwarded to another VM. Rather when a virtual Ethernet adapter is ready to transmit data to the network, Hyper-V determines what other virtual adapters are connected to the same virtual switch and moves the data from the memory of one VM directly to the memory of the other VM.
In a real network physical switches are connected to each other and forward data from switch to switch to switch. This is the one thing you cannot do with a Hyper-V virtual switch. By analogy, each virtual switch is a dead end street. You can send data outside through a gateway NAT function provided by the Host or by a VM with gateway/router/firewall software, or you can create a connection to an external real network through a single physical Ethernet adapter connected to a real network. You cannot “bridge” one virtual switch to another, even using “bridge” software on a VM connected to both switches.
Hyper-V Manager Switch Types
The Microsoft Hyper-V Managers utility give three names to specific configurations and if you use the GUI you have to choose one of the names. The Powershell commands, however, allow you to add or remove physical LAN adapters and a virtual host LAN adapter to existing switches without regard to these limited names. In reality there are four possibilities and two ways to use the fourth option:
...