...
A Linux application does a system call to the Linux kernel, which then calls the Linux Hyper-V network device driver, which then calls out from the VM to Hyper-V running in the real computer. Hyper-V then processes the request by moving the data to another VM or to the host Windows system, where it will either be fed up through another Hyper-V device driver or passed to the Windows device driver of a real physical network adapter card.
The Virtual Switch Meme
Hyper-V allows Windows to share a physical network adapter with Hyper-V virtual machines. To do this, Hyper-V “splits” the physical adapter into two devices. In the following example, a Windows system originally had a Realtek USB network adapter named Ethernet 2 connected through a local network to the Internet. Then this adapter was shared with Hyper-V so VMs could also use it.
...
Hyper-V created a new pure software simulated network adapter called “vEthernet (Bridge)”. It is not obvious from this display, but vEthernet (Bridge) and Ethernet 2 are actually the same device. The Ethernet 2 device is still the Realtek USB adapter connected to an Ethernet wire, but it now provides network access for both the host Windows system and any VM configured in Hyper-V to also use it. The host Windows system is configured is now only one of the operating systems using the physical adapter, so the new virtual vEthernet (Bridge) device holds the Internet configuration parameters (IP address, Ethernet ID, name server configuration) that is specific to the Windows host and is different on each VM.
The Virtual Switch Meme
Hyper-V networking has the same services and configuration options as competing options like VMware Workstation or Oracle VirtualBox. Other systems may create a named “virtual network” and then connect virtual adapters on each VM to that network by its name. Hyper-V does the same thing, but Microsoft has decided to call it a “virtual network switch” instead of a “virtual network”.
The only advantage of this meme is that a switch is a physical device in the real world, and when you are drawing diagrams in a tool like Visio, you can find a standard picture for a switch and add it to your diagram along with pictures of real or virtual computers connected to the switch:
...
However, Hyper-V does not emulate some of the more technical behavior of a physical network switch, so if you make the mistake of expecting real switch behavior, it doesn’t work that way.
How it Really Works
Inside the Kernel of the operating system, there is software that wraps the data into a TCP “packet” associated with a port number destination with data that supports recovering if packets are lost or reordered. The TCP packet is then broken into IP packets with the IP address of the sender and destination. The IP packet is then broken into one or more Ethernet packets with the 6-byte Ethernet ID of the sender and destination on the LAN.
Up to this point everything has been universal and hardware independent. The next step depends on whether the data is going over a wire, Wi-Fi, or Bluetooth, what chip is used, is it on the motherboard or USB, and many other things.
The best strategy is to stop with an Ethernet packet sitting in memory in the Kernel of some operating system. It has a 6-byte destination Ethernet ID, and Hyper-V knows every 6-byte Ethernet ID of every virtual adapter on every VM or on every virtual device it created in the host Kernel. If it finds a match, then it knows where to move the packet so the receiving operating system can process it. If it cannot find a match, but the switch is associated with a physical network adapter, then the packet can be queued up in the host Windows system to be transmitted out to the external devices on the physical network.
Configuring Hyper-V Virtual Switches
Every time your computer boots up, Hyper-V recreates and configures the Default Network/Switch. It has no configuration because it uses all the network configuration of the Windows host system to resolve names and route traffic through the fastest available network path. If you try to mess with it or delete it, it will be recreated fresh when you restart the system.
Other Virtual Switches can be configured using the graphic tool named Hyper-V Manager or by typing PowerShell commands into a Run as Administrator PowerShell session.
PowerShell is probably not the option you will choose, but it provides an example of starting with the simplest possible configuration and then adding feature to it step by step.
Create
To create a naked Switch with nothing attached to it, you provide a Name. This simplest option is not the default for the command, so you add the “-SwitchType Private” option or the command will complain that you have forgotten other parameters
| Code Block |
|---|
PS C:\Windows\System32> New-VMSwitch -Name Example -SwitchType Private |
A naked switch can be connected to virtual network adapters on VMs so they can communicate with each other.
Add the Host
Hyper-V has decided that a virtual switch that includes a dummy device in the host Windows Kernel so that the host can communicate over this network to the VMs is identified by “-SwitchType Internal” instead of Private. You could have created the switch this way in the previous command, or you can change the type of the previously created switch with Set-VMSwitch. In the following example that command is followed with a command to show the Hyper-V Virtual Ethernet device created in the host Windows system to allow the host applications to talk to the VM. Note that the virtual device name includes the Switch name:
| Code Block |
|---|
PS C:\Windows\System32> Set-VMSwitch -Name Example -SwitchType Internal
PS C:\Windows\System32> Get-NetAdapter
Name InterfaceDescription ifIndex Status MacAddress LinkSpeed
Ethernet Intel(R) Ethernet Connection (18) I219… 23 Disconnected C4-C6-E6-30-3F-37 0 bps
vEthernet (Example) Hyper-V Virtual Ethernet Adapter #4 66 Up 00-15-5D-02-A0-04 10 Gbps
... |
Note that there is an unused Intel physical adapter named “Ethernet” that will be used in the next example.
Problem Adding a Physical Adapter to an existing Hyper-V Switch Network
Once you create a Private or Internal switch you can then connect it to VMs and configure them with network addresses so they can talk to each other. Suppose you assign them to the 192.168.10.* subnet.
A physical adapter is connected to external devices that are part of some physical network. Let us assume that network is configured to use the 192.168.3.* subnet.
Adding the physical adapter to the internal Hyper-V network would “bridge” two different networks with two different subnets. You would have to reconfigure everything on one of the two networks before they could really talk to each other.
This is not a problem when the existing Hyper-V switch is not connected to any VM and therefore has no subnet, or if the physical network adapter is not plugged into anything and therefore has no external subnet, but neither PowerShell nor Hyper-V Manager know this and there is no option to tell them it is OK.
As a result, you should never try to connect a physical adapter to an existing Hyper-V virtual switch. Virtual stuff is free. You will get a clean solution if when you want to attach a physical adapter to Hyper-V, you use it to create a new switch, which will have a SwitchType of External. Then if you want some VMs to have access to the physical network, create additional virtual network adapters in the VM and connect the new switch to them leaving in place any existing virtual adapters connected to existing Internal or Private switches.
Create a new switch from the Intel adapter named “Ethernet” that was displayed in the previous example, and share it with the host Windows system:networking has the same services and configuration options as competing options like VMware Workstation or Oracle VirtualBox. Other systems may create a named “virtual network” and then connect virtual adapters on each VM to that network by its name. Hyper-V does the same thing, but Microsoft has decided to call it a “virtual network switch” instead of a “virtual network”.
The only advantage of this meme is that a switch is a physical device in the real world, and when you are drawing diagrams in a tool like Visio, you can find a standard picture for a switch and add it to your diagram along with pictures of real or virtual computers connected to the switch:
...
Using the Hyper-V Manager or PowerShell scripts, an administrator connects a virtual network adapter configured on a VM to the Switch. The host Windows system can also get a virtual network adapter connected to the Switch, and optionally one physical network adapter on the host system can also be connected to the switch. Loosely speaking, Ethernet packets transmitted by any virtual adapter connected to the Switch, and packets received by the physical network adapter from an external network are examined by Hyper-V and based on the 6-byte Ethernet ID in the destination field of the packet, it is transferred to the appropriate virtual network adapter configured with that ID.
Physical Network Adapter Bridge
Through Hyper-V, the host Windows system can assign one physical network adapter to a Hyper-V Virtual Switch. VMs attached to the Switch appear to the external Ethernet network as individual real computers. They can be assigned IP addresses statically or dynamically (from the external DHCP server). The VMs can expose database services or Web applications to the external real computers.
Remember that through the Default network any client on a VM can access any external service that the host computer to access. The only reason to assign a physical adapter to Hyper-V is so that external clients can connect to servers on the VMs.
If you have an unused network adapter available, you can choose to dedicate it to a Hyper-V Switch. Then only the VMs will use it, and the host will continue to use other adapters.
However, you may have only one network adapter, and you may already be using it for all your internet access. You can only afford to share it with the VMs. It is already configured with your personal communication preferences (IP address, name servers, etc.) and you don’t want to have to redo all that.
Hyper-V has to operate inside the Windows Kernel using the existing rules for device drivers and network stacks. One device cannot be directly connected to two different networks. Hyper-V is already set up to create a virtual network adapter if the host operating system wants to talk to VMs through a custom Hyper-V switch.
The last piece of the puzzle is that Window has always had a relatively obscure option to connect two physical network adapters together so the Windows machine can be used as a bridge between two physical networks. This may go back 30 years to a time when network equipment was more expensive, but it hasn’t been removed even though it is almost never used.
At a high level, the way this works is:
Hyper-V creates a virtual network adapter in the Windows operating system and connects it to the Switch.
All the Ethernet and Internet communications configuration on the physical network adapter is moved from the physical adapter to the new virtual adapter. Any networking tables in Windows associated with the IP address or Ethernet ID or active sessions are changed to point to the new virtual adapter.
The physical adapter, no longer connected to anything, is set up to act as a bridge between the external network (whatever is on the other end of the RJ45 cable plugged into the adapter) and the Hyper-V “Virtual Switch” component (which itself is a kind of bridge between the host and VM adapters).
Windows does this reconfiguration as quickly as possible, but there is a warning that there may be a very short interruption of communication. When it is done, all the connections between host applications and external network services are still live.
If you look in Device Driver and Network Connections, you will now see the old physical network adapter and the new Hyper-V Virtual Network adapter. You may note that the physical network adapter no longer seems to have Internet access. This is because it is now only operating at the Ethernet packet level moving data between the external network and Hyper-V. Internet access now appears to be provided through the Virtual Network Adapter that connects you to the Virtual Switch and VMs. Once the physical adapter is owned by Hyper-V, the Virtual Switch is the way that the host Windows system accesses the external network.
...
Layers (abbreviated)
At this point anyone writing about networking is obligated to mention the 7 Layers of the OSI Networking Model. Now that I mentioned it, we can ignore the textbook stuff and just talk about how network stuff is done in the Windows Kernel.
An application calls some library of services to send a stream of bytes over a connection to some remote network endpoint known by its IP address or hostname and a port number.
Inside the Kernel part of the Windows networking code wraps the stream of data into a TCP “packet” associated with a port number destination. The TCP packet is then broken into one or more IP packets with the IP address of the destination. The IP packet is then broken into one or more 1500 byte Ethernet packets with a 6-byte Ethernet destination address of another device on the local network, which may be the final destination or else will be a gateway device that forwards the data to bigger networks and eventually the whole Internet.
This processing up to this point is universal. It doesn’t matter what you are doing (browsing the Web or backing up your disk files) and it doesn’t matter how the network connection is made (wired, Wi-Fi, or Bluetooth through a Intel, Realtek, or Broadcom chip that is on the motherboard, an adapter card, a USB port, or a Thunderbolt hub). The next step is a mess of possibilities. So, Hyper-V does not take the next step.
In every VM and on the host system, as soon as the data has been reduced to a bunch of Ethernet packets the Hyper-V virtual network adapter simply turns these packets over the Hyper-V system controlling the computer. Hyper-V can look at the 6-byte Ethernet ID destination in each packet. It knows every 6-byte Ethernet ID of every virtual adapter it created, and if it finds a match it can move the packet to the destination adapter in any VM or in the Windows host. If the destination is not known, but the Swtich is associated with a physical network adapter, then it can send the packets out on the external Ethernet network to have them delivered.
Configuring Hyper-V Virtual Switches
Every time your computer boots up, Hyper-V recreates and configures the Default Network/Switch. It has no configuration because it uses all the network configuration of the Windows host system to resolve names and route traffic through the fastest available network path. If you try to mess with it or delete it, it will be recreated fresh when you restart the system.
Other Virtual Switches can be configured using the graphic tool named Hyper-V Manager or by typing PowerShell commands into a Run as Administrator PowerShell session.
PowerShell is probably not the option you will choose, but it breaks the process down to a step by step procedure that explains the possibilities more clearly than using the GUI configuration panel.
Create
To create a naked Switch with nothing attached to it, you provide a Name. This simplest option is not the default for the command, so you add the “-SwitchType Private” option or the command will complain that you have forgotten other parameters
| Code Block |
|---|
PS C:\Windows\System32> New-VMSwitch -Name Example -SwitchType Private |
A naked switch can then be connected to virtual network adapters on VMs. Once connected, the VMs can talk to each other, but not to the host or the Internet through this Switch.
Add the Host
Hyper-V provides communication from the host Windows system to the Switch, and therefore to the VMs connected to the switch, by creating a Hyper-V Virtual Network Adapter device in the host Windows 11 operating system.
If there was a command to create the host virtual network adapter, then you could execute it twice and get two of them. Hyper-V doesn’t want you to have two, so the adapter is created when you change the SwitchType from “Private” to “Internal” and is deleted if you then turn the SwitchType back from “Internal” to “Private”. You see the new virtual adapter in the list returned from “Get-Adapter”.
| Code Block |
|---|
PS C:\Windows\System32> Set-VMSwitch -Name Example -SwitchType Internal
PS C:\Windows\System32> Get-NetAdapter
Name InterfaceDescription ifIndex Status MacAddress LinkSpeed
Ethernet Intel(R) Ethernet Connection (18) I219… 23 Disconnected C4-C6-E6-30-3F-37 0 bps
vEthernet (Example) Hyper-V Virtual Ethernet Adapter #4 66 Up 00-15-5D-02-A0-04 10 Gbps
... |
Note that there is an unused Intel physical adapter named “Ethernet” that will be used in the next example.
Problem Adding a Physical Adapter to an existing Hyper-V Switch Network
Once you create a Private or Internal switch you can then connect it to VMs and configure them with network addresses so they can talk to each other. Suppose you assign them to the 192.168.10.* subnet.
A physical adapter is connected to external devices that are part of some physical network. Frequently addresses are assigned to a physical network by a DHCP server on a gateway router supplied by your ISP. For the example, assume the physical Ethernet uses the 192.168.3.* subnet.
Adding the physical adapter to the internal Hyper-V network would “bridge” two different networks with two different subnets. This would work, but nothing could talk to a device on the other subnet.
Ultimately, both the PowerShell commands and the Hyper-V Manager tool allow you to do it, but they generate a mess you certainly don’t want.
The only operation with a sensible result is to attach the physical network adapter to a new Switch you create as part of a single operation.
| Code Block |
|---|
PS C:\Windows\System32> New-VMSwitch -Name HomeNet -NetAdapterName Ethernet -AllowManagementOS $true Name SwitchType NetAdapterInterfaceDescription HomeNet External Intel(R) Ethernet Connection (18) I219-LM PS C:\Windows\System32> get-netadapter Name InterfaceDescription ifIndex Status MacAddress LinkSpeed Ethernet Intel(R) Ethernet Connection (18) I219… 23 Disconnected C4-C6-E6-30-3F-37 0 bps vEthernet (HomeNet) Hyper-V Virtual Ethernet Adapter #4 32 Disconnected C4-C6-E6-30-3F-37 0 bps |
If you have an existing Internal or Private network connected to VM adapters, you can either reconnect the VM adapters to the new Switch or create new virtual adapters on some of the VMs and connect them to the new Switch while also leaving the VM connected to the old network with the old subnet.
Hyper-V Manager Switch Configuration
...