Versions Compared

Version Old Version 14 New Version 15
Changes made by

Howard Gilbert

Howard Gilbert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Virtual Machines communicate over one or more simulated wired Ethernet networks. It is too hard to simulate a WiFi network. Real wired Wired networks are built physically created by connecting running an Ethernet cable from the Ethernet port in a computer to a device called a “switch”. When a switch fills up, you can connect a wire from that switch to a second switch and so on. All the computer ports connected to this set of connected switches forms a network of computers.

Other Virtual Machine systems simply configure network names and connect a VM to the network by name. Hyper-V decided to create a named “virtual switch” for what other systems simply call a “virtual network”. This metaphor may not be helpful because a Hyper-V “virtual switch” does not really behave in exactly the same way that a physical network switch operates. In particular, you cannot connect or bridge one Hyper-V virtual switch to another virtual switch.

The Hyper-V virtual Ethernet adapter in any VM does not simulate any physical adapter you can buy for a real machine. Microsoft provides Windows and Linux drivers for their virtual adapter, and a few other operating systems, particularly freeBSD, have modified the Linux driver so it works in their system.

Standard operating system services convert application data to TCP packets which are then enclosed in IP packets which are then enclosed in Ethernet frames. All that work is the same no matter what Ethernet adapter is being used. The Ethernet frame is then turned over to the hardware vendor driver which sends the frame out through the adapter. The Hyper-V driver sends the frame over the virtual bus that connects the VMs to the Kernel of the host Windows system.

Hyper-V can create a network that is entirely virtual. VMs can use it to talk to each other, but there is no direct connection to any physical external network. One VM or the host Windows system can act as a “gateway” to the Internet by receiving data from the virtual network, rewrite it (NAT) so it looks like it was sent by an application on the gateway computer, and then forwarding the data out to the Internet. If there is network level malware scanning installed on the gateway system, it may provide protection for the downstream hosts.

Alternately, Hyper-V can create an “External” network that is associated with a single physical Ethernet device on the Host system. Ethernet packets sent by one Hyper-V virtual Ethernet adapter that are not addressed to another Hyper-V virtual Ethernet adapter on the same network virtual switch are sent out through the physical adapter attached to that virtual switch. The packets then go to whatever network the physical Ethernet adapter is connected to. Each virtual Ethernet adapter on each VM has its own Ethernet 6-byte ID value, so each VM appears to the external network as a real computer connected to the real networkof devices to an available port on an Ethernet switch. Switches receive packets of data from any device, examine the six-byte destination ID field, and then either forward the packet to the destination device or else send the packet out every port to all connected devices. Any port on one switch can be connected to any port on another switch to extend the network.

Hyper-V creates one or more virtual Ethernet adapters in each virtual machine. Microsoft has written drivers for this Hyper-V adapter for Windows and Linux, and other systems like freeBSD also support this device. An application sends data on the network. In the Kernel, the data is broken up into TCP packets, which are then inserted into IP packets, which are then inserted into Ethernet packets. By default, Ethernet packets begin with the 6-byte destination device ID and are no larger than 1500 bytes. When one VM sends data to another VM, or to the host Windows system, Hyper-V simply has to copy the data from the sending buffer of the one virtual machine to an empty receive buffer in the destination. Moving data from one real memory location to another is just program code.

When data is being sent out a physical Ethernet adapter, then there are additional layers of processing. A physical device can be on the motherboard, on an adapter card, or out on a USB device. It can use Intel, Realtek, or other chips. The network can run at many speeds, and WiFi and Bluetooth are other types of network adapters.

All Virtual Machine systems (Oracle VirtualBox, VMware, Linux KVM) will create one or more named “virtual networks” and configure virtual network adapters on virtual machines to be “connected” to these networks. They can all associate a physical network adapter with each named network.

Hyper-V does the same thing, but it chooses to define a named virtual network as a “virtual switch”. This is a metaphor that someone thinks will be helpful to end users. Connecting a virtual machine to a virtual switch is logically the same as plugging an Ethernet cable into a physical device and a physical switch. However, there is no Hyper-V component that behaves in the same way as the firmware in a real switch. Hyper-V moves data directly between VMs or between a VM and the Kernel of the host Windows system. To do this, Hyper-V maintains a table of the 6-byte ID used by each virtual adapter so it can determine from the destination field in the packet just where the data is to be sent.

You can add one physical Ethernet adapter in the Windows host operating system to a Hyper-V virtual switch. If the adapter is no longer going to be used by the host system, then Windows disables all the higher-level layers that convert wrap data into TCP, then IP, and then Ethernet packets. It just keeps the lower layers that take the Ethernet packet and send it to the chip, card, or USB device. When a VM generates an Ethernet packet that has a 6-byte destination that is not associated with any other VM, Hyper-V moves the data from the VM transmit buffer to a transmit buffer for the physical device in the host Windows Kernel and the Ethernet packet goes out to the physical network for delivery.

If the host Windows system wants to share a physical Ethernet device with a Hyper-V virtual switch, then the device is split into what appears to be two network adapters. One network adapter is essentially a host side version of the Hyper-V driver installed in Virtual Machines, and it handles the upper layers of the network protocol (application data to TCP packet to IP packet to Ethernet frame). The other device has the lower levels of the protocol that take an Ethernet packet and send it to the chip or card so it goes out on the network. Then, just like the drivers in the VMs, this host virtual adapter turns the Ethernet packet over to Hyper-V to determine whether the 6-byte destination in the packet is a virtual adapter in one of the VMs. If not, then Hyper-V moves the data to the transmit buffer of the physical network adapter.

Every driver of a physical network adapter has configuration and tuning options. For convenience, these options appear to be associated with both of the two network devices that the physical adapter was split into.

The NAT Gateway Option

When you share a physical network adapter with VMs, then each VM appears to the network as a separate computer. You can do this at home, or in a lab, or if you have more than one computer at your desk. However, the Yale network does not expect multiple computers to be sharing a desktop network port, and sharing does not work for WiFi adapters.

The alternative is to turn the host Windows system into what is called a “gateway” device. The “wireless router” that connects your home network to your Internet service provider is really a gateway.

Gateways use Network Address Translation (NAT) to rewrite the TCP and IP packets sent from other computers so that the packet appears to be coming from an application inside the gateway device. In this case, NAT takes all the Internet traffic from the VMs inside your computer and makes it look like it was coming from Windows applications running on the laptop.

In this case, you do not associate any physical adapter to any Hyper-V switch. All the Hyper-V networks are pure virtual. Either by manual configuration or through DHCP the VMs are given a network configuration with a “gateway IP address” pointing to a virtual Hyper-V adapter on the host Windows system. Windows then has to be configured to expect that traffic arriving from that virtual adapter must be processed through NAT and then forwarded to the Yale network or Internet.

The Default Network

Hyper-V creates one initial virtual switch/network called Default. Microsoft got tired of end users screwing up their Hyper-V networking and calling for support, so if a VM is connected to the Default network and turns on automatic configuration of network parameters (DHCP), then the VM will get access to the Internet as long as the host computer has network access.

...