Versions Compared

Version Old Version 15 New Version Current
Changes made by

Howard Gilbert

Howard Gilbert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Hyper-V Virtual Switches

Virtual Machines communicate over one or more simulated wired Ethernet networks. Wired networks are physically created by running an Ethernet cable from the Ethernet port of devices to an available port on an Ethernet switch. Switches receive packets of data from any device, examine the six-byte destination ID field, and then either forward the packet to the destination device or else send the packet out every port to all connected devices. Any port on one switch can be connected to any port on another switch to extend the network.

Hyper-V creates one or more virtual Ethernet adapters in each virtual machine. Microsoft has written drivers for this Hyper-V adapter for Windows and Linux, and other systems like freeBSD also support this device. An application sends data on the network. In the Kernel, the data is broken up into TCP packets, which are then inserted into IP packets, which are then inserted into Ethernet packets. By default, Ethernet packets begin with the 6-byte destination device ID and are no larger than 1500 bytes. When one VM sends data to another VM, or to the host Windows system, Hyper-V simply has to copy the data from the sending buffer of the one virtual machine to an empty receive buffer in the destination. Moving data from one real memory location to another is just program code.

When data is being sent out a physical Ethernet adapter, then there are additional layers of processing. A physical device can be on the motherboard, on an adapter card, or out on a USB device. It can use Intel, Realtek, or other chips. The network can run at many speeds, and WiFi and Bluetooth are other types of network adapters.

All Virtual Machine systems (Oracle VirtualBox, VMware, Linux KVM) will create one or more named “virtual networks” and configure virtual network adapters on virtual machines to be “connected” to these networks. They can all associate a physical network adapter with each named network.

Hyper-V does the same thing, but it chooses to define a named virtual network as a “virtual switch”. This is a metaphor that someone thinks will be helpful to end users. Connecting a virtual machine to a virtual switch is logically the same as plugging an Ethernet cable into a physical device and a physical switch. However, there is no Hyper-V component that behaves in the same way as the firmware in a real switch. Hyper-V moves data directly between VMs or between a VM and the Kernel of the host Windows system. To do this, Hyper-V maintains a table of the 6-byte ID used by each virtual adapter so it can determine from the destination field in the packet just where the data is to be sent.

You can add one physical Ethernet adapter in the Windows host operating system to a Hyper-V virtual switch. If the adapter is no longer going to be used by the host system, then Windows disables all the higher-level layers that convert wrap data into TCP, then IP, and then Ethernet packets. It just keeps the lower layers that take the Ethernet packet and send it to the chip, card, or USB device. When a VM generates an Ethernet packet that has a 6-byte destination that is not associated with any other VM, Hyper-V moves the data from the VM transmit buffer to a transmit buffer for the physical device in the host Windows Kernel and the Ethernet packet goes out to the physical network for delivery.

If the host Windows system wants to share a physical Ethernet device with a Hyper-V virtual switch, then the device is split into what appears to be two network adapters. One network adapter is essentially a host side version of the Hyper-V driver installed in Virtual Machines, and it handles the upper layers of the network protocol (application data to TCP packet to IP packet to Ethernet frame). The other device has the lower levels of the protocol that take an Ethernet packet and send it to the chip or card so it goes out on the network. Then, just like the drivers in the VMs, this host virtual adapter turns the Ethernet packet over to Hyper-V to determine whether the 6-byte destination in the packet is a virtual adapter in one of the VMs. If not, then Hyper-V moves the data to the transmit buffer of the physical network adapter.

Every driver of a physical network adapter has configuration and tuning options. For convenience, these options appear to be associated with both of the two network devices that the physical adapter was split into.

The NAT Gateway Option

When you share a physical network adapter with VMs, then each VM appears to the network as a separate computer. You can do this at home, or in a lab, or if you have more than one computer at your desk. However, the Yale network does not expect multiple computers to be sharing a desktop network port, and sharing does not work for WiFi adapters.

The alternative is to turn the host Windows system into what is called a “gateway” device. The “wireless router” that connects your home network to your Internet service provider is really a gateway.

Gateways use Network Address Translation (NAT) to rewrite the TCP and IP packets sent from other computers so that the packet appears to be coming from an application inside the gateway device. In this case, NAT takes all the Internet traffic from the VMs inside your computer and makes it look like it was coming from Windows applications running on the laptop.

In this case, you do not associate any physical adapter to any Hyper-V switch. All the Hyper-V networks are pure virtual. Either by manual configuration or through DHCP the VMs are given a network configuration with a “gateway IP address” pointing to a virtual Hyper-V adapter on the host Windows system. Windows then has to be configured to expect that traffic arriving from that virtual adapter must be processed through NAT and then forwarded to the Yale network or Internet.

The Default Network

Hyper-V creates one initial virtual switch/network called Default. Microsoft got tired of end users screwing up their Hyper-V networking and calling for support, so if a VM is connected to the Default network and turns on automatic configuration of network parameters (DHCP), then the VM will get access to the Internet as long as the host computer has network access.

However, to create a network that the user cannot screw up, Default assigns itself new IP addresses every time your machine boots up. So machines on the Default network have no fixed IP address you can connect to. You can reference a VM by appending “.local” to the hostname. If you are sane, the hostname will also be the VMName so you don’t get confused, but you have to rename the machine during or after the OS is installed.

In detail

  • There is no configuration or administration of Default.

  • When the host system boots up, Default gets a “factory reset” and chooses a random subnet range of addresses.

  • There is a virtual Ethernet adapter on the host Windows system attached to Default and assigned the first IP address in the subnet range.

  • Default uses DHCP to assign new IP addresses to each virtual adapter on a VM that is attached to it. It also sets the host virtual adapter address as the gateway and DNS server address for VMs.

  • The host Windows system provides a gateway service using the NAT protocol. When a client program on a VM connects to an Internet service, it passes the request to the host Windows system. The NAT function changes the request so it appears to be coming from a program on the host physical computer, and then sends the data out in the same way it would send data for a local application program. It will use wired, or WiFi, or VPN for this data in exactly the same way as it sends data from Firefox or Outlook.

  • When a VM gets an IP address from DHCP, the host Windows system writes the VM hostname (with a dummy domain suffix of *.mshome.net) and IP address in the file C:\Windows\System32\drivers\etc\hosts.ics. This is treated as an extension of the normal “hosts” file on every Windows or Linux system. When Windows is looking for a computer name, it checks the hosts files first before going to a DNS server. Therefore, if there is a VM named “docker” then the host can communicate to it using the dummy name of “docker.mshome.net”.

  • The VMs also get a dummy DNS server from the host. When they ask for the IP address associated with a name, then host OS looks the name up using its own standard API. This checks the hosts files first, then makes a DNS request if the name is not in the file. Therefore, the VMs get the same DNS server the host Windows system provides and can find each other using vmname.mshome.net.

Default provides so many useful services that you will probably want to connect it to all your VMs. However, there are a few things it does not do.

  • You cannot assign static IP addresses on Default.

  • External clients cannot access VM services through Default.

  • You cannot connect Default to a physical adapter card.

  • Default only supports local VMs running on your physical host computer.

Therefore, a technically sophisticated user with more complex network requirements may want to create additional virtual switches with other characteristics and additional virtual adapters for specific VMs to attach them to these custom networks.

The Virtual Switch

A virtual switch is a concept for Hyper-V configuration.

Data does not move from the VM to some Hyper-V “switch” memory, get processed by some simulated “switch” firmware, and then get forwarded to another VM. Rather when a virtual Ethernet adapter is ready to transmit data to the network, Hyper-V determines what other virtual adapters are connected to the same virtual switch and moves the data from the memory of one VM directly to the memory of the other VM.

In a real network physical switches are connected to each other and forward data from switch to switch to switch. This is the one thing you cannot do with a Hyper-V virtual switch. By analogy, each virtual switch is a dead end street. You can send data outside through a gateway NAT function provided by the Host or by a VM with gateway/router/firewall software, or you can create a connection to an external real network through a single physical Ethernet adapter connected to a real network. You cannot “bridge” one virtual switch to another, even using “bridge” software on a VM connected to both switches.

Hyper-V Manager Switch Types

The Microsoft Hyper-V Managers utility give three names to specific configurations and if you use the GUI you have to choose one of the names. The Powershell commands, however, allow you to add or remove physical LAN adapters and a virtual host LAN adapter to existing switches without regard to these limited names. In reality there are four possibilities and two ways to use the fourth option:

Hyper-V “Private” - A virtual switch that is neither connected to a LAN adapter or to the host operating system is “private”. You connect VMs to it and they can talk to each other. Since this would leave the VMs unable to update themselves if it were the only network they have, you typically connect at least one of the VMs to another switch that is connected out and have that VM serve as a NAT gateway or router for the other VMs.

Hyper-V “Internal” - A virtual switch that is connected to the Windows 10 host (through a Hyper-V virtual LAN) can provide the VMs with some type of protected client access to the real network and internet if the Windows 10 host will provide the router function. Any Windows 10 system can provide a NAT gateway using the Powershell New-NetNAT command, but Windows 10 doesn’t have a DHCP service. So either you have to configure static addresses for each VM, or you need one of the VMs to provide DHCP to all the other VMs (and make sure that VM is running all the time).

Hyper-V “External” (special case) - If you only connect a spare unused physical LAN adapter on your host computer to the virtual switch and you don’t connect the host to that switch, then you can physically connect the VMs directly to the real network without going through the host OS. Each VM can have its own network address just like real computers on the physical network. The host can talk to them, but through the external network as if they were other real computers and not internal VMs. Typically this requires the host to have two LAN adapters. Of course, many people connect their laptop to the WiFi and they have a spare wired Ethernet port they aren’t using, but if that is not the case you can get an adapter card for a desktop or a USB Network Adapter for a laptop.

Hyper-V “External” Bridge - This is the more common configuration where you connect both a physical host LAN adapter and a virtual host LAN adapter to the same switch. Normally you ask the Hyper-V Manager to create both types of connections at the same time. After a brief break in network connectivity, the host OS still has a wired connection to the same network with the same network address as before. Now, however, it can share that LAN adapter and cable with the VMs connected to the switch. They also appear to be on the physical network, get the same type of network address that the host had, can talk to other computers on the network, and can share files and provide services to other computers.

Hyper-V “External” (physical private VM network) - The last type is something like the previous special case because you associate the virtual switch with a spare LAN adapter, but in this case you do not connect that adapter to the public network. You can connect it to a cable that runs between two computers, or to a private switch not connected to the internet. You may do most of your work on a laptop, but laptops are not powerful machines. You can use this to connect your laptop privately to a more powerful desktop workstation. Run Hyper-V on both the laptop and the desktop and the laptop host system you normally use where all your tools and files reside is not only able to talk to its own VMs but also to the VMs created by the connected desktop. Again you have to solve the problem of creating a gateway or router on either the laptop or the desktop so the VMs can install software and get updates from the internet.

Splitting the Physical Network Adapter

If you start out with a physical Network Adapter that is configured to the host OS, and you then associate it with a Hyper-V virtual switch, the configuration of the Network Adapter splits in half. On the host Windows 10 system, you start with one Network adapter and end up with two.

One network adapter on the host system represents the physical device that is now being shared with the VMs. If you look at it in Device Manager, it still has all the parameters associated with firmware (except for the Ethernet hardware address). If you want to allow Jumbo Frames, this is the device that manages those options.

A new Virtual Ethernet Adapter has been created in the Host Windows 10 system which gets the Ethernet Hardware (MAC) Address from the adapter and also all the higher level network drivers, especially the IPv4 and IPv6 configuration options. This is because the Host Windows 10 system must have its own addresses, both at the Ethernet level and at the Internet level. Other VMs will also be connected to the switch, and each will have its virtual Network Adapter with its own Ethernet hardware address and its own IPv4 and IPv6 configurations separate from the host.

Code Block
Name                      InterfaceDescription                    ifIndex Status MacAddress  
Ethernet                  Marvell AQtion 10Gbit Network Adapter        15 Up     70-85-C2-C7-BF-6E
vEthernet (Bridge)        Hyper-V Virtual Ethernet Adapter #3          13 Up     70-85-C2-C7-BF-6E

Here a Marvell AQtion 10Gbit adapter card has been shared with a Hyper-V virtual switch named “Bridge”. It has generated two Network Adapter entries. The first represents the card itself, while the second contains all the addresses that the host uses to send and receive data. Each VM attached to the switch will have its own distinct addresses. Data from the host and the VMs will go through the one adapter card to whatever physical switch the adapter is connected to.

VLANs

As mentioned above, you can spend $15 to buy a simple 8 port switch or $20 to buy a “smart switch” that supports VLANs. Corporations like Yale use VLANs to partition the campus network up into groups of devices for security or traffic management. Home users may want a VLAN to separate their Internet of Trash devices from work devices, but you can do that by physically separating the two, especially since the IOT is wireless and the work devices can connect to each other wired.

So despite what the letters “VLAN” stand for, in Hyper-V Virtual Machine networks the most interesting use of VLAN configuration is to give a Virtual Machine a physical network port (it is an anti-virtual trick turning virtual stuff into real hardware).

You spend $20 for 8 ports or $40 for a 16 port smart switch. You create a Bridge virtual switch on your host computer and connect the adapter you assign to it to one of the ports on the smart switch. If you have more than one host running VMs, you may want to connect each of them to a port on the switch. If you want to use this to access the internet you need another port to provide a connection to the gateway or to a firewall through which you can get to the gateway.

Now in a quick oversimplified version of the configuration, you read the manual on the switch, connect a browser and sign into the web based administration tool that runs in the switch, and assign a VLAN ID number to a set of empty ports. The number is arbitrary, so lets assume you assign individual VLAN IDs 11, 12, …, 16 to six currently empty ports on the switch. Ports can be assigned to multiple VLAN IDs if they are “tagged”, and you do this to the ports where you just connected the Bridge physical adapter from the host computers and you make them part of all six VLAN IDs (in this example, and more if you get a bigger switch).

Now in the Hyper-V Manager you can display the configuration of each Virtual Machines and click on the configuration of the virtual LAN adapter connected to this Bridge switch.

...

You can click the check box for Enable virtual LAN identifier and then in the text box below it type in one the the IDs you assigned to the smart switch ports (11 to 16 in this example).

If one VM is assigned to VLAN ID 14 and one port on the smart switch is assigned VLAN ID 14, then this physical port on the smart switch has become essentially a physical representation of what would have been the LAN adapter jack on the back of the physical computer if the VM has been magically turned into a real physical box. You can plug in a wire to that port and it is directly connected to this virtual adapter on this VM.

Creating a physical LAN port in the real world for something that is otherwise virtual may be a useful trick for specialized types of network connections. More generally, VLAN capability allows a single network adapter to behave as multiple LAN adapters connected to different devices or networks, which can save money and PCIe slots in more complicated networking situationsEvery Virtual Machine needs basic Internet access to apply maintenance, add optional features, and install programs and libraries. Hyper-V has a built in Default network that provides VMs with general network access without any configuration because it runs through a gateway in your native Windows 11 system and piggybacks on the networking you already have.

In technical terms, Default provides each VM with network addresses and parameters through DHCP, resolves network names on your host, provides a NAT gateway on the host, and uses the host routing tables to select the best choice from your wired, wireless, or VPN connections. There is no better solution for basic client access from any VM.

Info

Normally connect the first network adapter on a generic VM to the Default network and let it dynamically configure itself. If you need custom networking, add a second virtual network adapter to the VM.

With a connection to Default, a client program on the VM can access anything on the host computer, the local network (home or Yale), any VPN your computer is connected to, and the general Internet. Default allows client programs on the host computer to dynamically find and connect to VMs by hostname (using “hostname.local” dynamic name resolution).

You need a custom network to give a VM a static IP address, to expose services running on a VM to clients on another computer, or to make a VM look like a normal computer on your local network.

Hyper-V is not “Bare Metal” Virtualization

In large datacenters virtual machines are created by specialized hardware. These systems can have special network adapters that allow virtual machines to communicate directly at the hardware level.

Hyper-V can work on any computer that supports Windows, and it can run on any network adapter that runs with Windows, including adapters connected through USB or on a docking station. It emphasizes generality over optimization, so it cannot connect any hardware device directly to a VM. It is, however, built into the Windows Kernel rather than running as an application program.

The network adapters are installed into Windows, have Windows drivers, and appear in the Windows Device Manager. They may have hardware optimizations that can be turned on or configured on the host system. Most users will ignore these options, but anything configured in the native Windows system will also apply to all VMs.

...

Generic Virtual Network Adapters

The interface between an operating system and a network device drive is fairly simple, and many different types of software will generate what appears to be a network adapter but is really some type of software service. VPN software creates a simulated direct network connection to the campus, but actually sends the data on an encrypted session over the public internet. Simulated network adapters are part of WSL, Docker containers, and other software.

Hyper-V, like most virtual machine supervisors, has created its own virtual network device drivers that will be installed automatically when a Windows or Linux system discovers that it is running in a Hyper-V VM. Instead of simulating a hardware device, network communication is handled by translating software calls from the operating system in the VM to software calls from the VM to Hyper-V itself.

A Linux application does a system call to the Linux kernel, which then calls the Linux Hyper-V network device driver, which then calls out from the VM to Hyper-V running in the real computer. Hyper-V then processes the request by moving the data to another VM or to the host Windows system, where it will either be fed up through another Hyper-V device driver or passed to the Windows device driver of a real physical network adapter card.

The Virtual Switch Meme

Hyper-V networking has the same services and configuration options as competing options like VMware Workstation or Oracle VirtualBox. Other systems may create a named “virtual network” and then connect virtual adapters on each VM to that network by its name. Hyper-V does the same thing, but Microsoft has decided to call it a “virtual network switch” instead of a “virtual network”.

The only advantage of this meme is that a switch is a physical device in the real world, and when you are drawing diagrams in a tool like Visio, you can find a standard picture for a switch and add it to your diagram along with pictures of real or virtual computers connected to the switch:

...

Using the Hyper-V Manager or PowerShell scripts, an administrator connects a virtual network adapter configured on a VM to the Switch. The host Windows system can also get a virtual network adapter connected to the Switch, and optionally one physical network adapter on the host system can also be connected to the switch. Loosely speaking, Ethernet packets transmitted by any virtual adapter connected to the Switch, and packets received by the physical network adapter from an external network are examined by Hyper-V and based on the 6-byte Ethernet ID in the destination field of the packet, it is transferred to the appropriate virtual network adapter configured with that ID.

Physical Network Adapter Bridge

Through Hyper-V, the host Windows system can assign one physical network adapter to a Hyper-V Virtual Switch. VMs attached to the Switch appear to the external Ethernet network as individual real computers. They can be assigned IP addresses statically or dynamically (from the external DHCP server). The VMs can expose database services or Web applications to the external real computers.

Remember that through the Default network any client on a VM can access any external service that the host computer to access. The only reason to assign a physical adapter to Hyper-V is so that external clients can connect to servers on the VMs.

If you have an unused network adapter available, you can choose to dedicate it to a Hyper-V Switch. Then only the VMs will use it, and the host will continue to use other adapters.

However, you may have only one network adapter, and you may already be using it for all your internet access. You can only afford to share it with the VMs. It is already configured with your personal communication preferences (IP address, name servers, etc.) and you don’t want to have to redo all that.

Hyper-V has to operate inside the Windows Kernel using the existing rules for device drivers and network stacks. One device cannot be directly connected to two different networks. Hyper-V is already set up to create a virtual network adapter if the host operating system wants to talk to VMs through a custom Hyper-V switch.

The last piece of the puzzle is that Window has always had a relatively obscure option to connect two physical network adapters together so the Windows machine can be used as a bridge between two physical networks. This may go back 30 years to a time when network equipment was more expensive, but it hasn’t been removed even though it is almost never used.

At a high level, the way this works is:

Hyper-V creates a virtual network adapter in the Windows operating system and connects it to the Switch.

All the Ethernet and Internet communications configuration on the physical network adapter is moved from the physical adapter to the new virtual adapter. Any networking tables in Windows associated with the IP address or Ethernet ID or active sessions are changed to point to the new virtual adapter.

The physical adapter, no longer connected to anything, is set up to act as a bridge between the external network (whatever is on the other end of the RJ45 cable plugged into the adapter) and the Hyper-V “Virtual Switch” component (which itself is a kind of bridge between the host and VM adapters).

Windows does this reconfiguration as quickly as possible, but there is a warning that there may be a very short interruption of communication. When it is done, all the connections between host applications and external network services are still live.

If you look in Device Driver and Network Connections, you will now see the old physical network adapter and the new Hyper-V Virtual Network adapter. You may note that the physical network adapter no longer seems to have Internet access. This is because it is now only operating at the Ethernet packet level moving data between the external network and Hyper-V. Internet access now appears to be provided through the Virtual Network Adapter that connects you to the Virtual Switch and VMs. Once the physical adapter is owned by Hyper-V, the Virtual Switch is the way that the host Windows system accesses the external network.

...

Layers (abbreviated)

At this point anyone writing about networking is obligated to mention the 7 Layers of the OSI Networking Model. Now that I mentioned it, we can ignore the textbook stuff and just talk about how network stuff is done in the Windows Kernel.

An application calls some library of services to send a stream of bytes over a connection to some remote network endpoint known by its IP address or hostname and a port number.

Inside the Kernel part of the Windows networking code wraps the stream of data into a TCP “packet” associated with a port number destination. The TCP packet is then broken into one or more IP packets with the IP address of the destination. The IP packet is then broken into one or more 1500 byte Ethernet packets with a 6-byte Ethernet destination address of another device on the local network, which may be the final destination or else will be a gateway device that forwards the data to bigger networks and eventually the whole Internet.

This processing up to this point is universal. It doesn’t matter what you are doing (browsing the Web or backing up your disk files) and it doesn’t matter how the network connection is made (wired, Wi-Fi, or Bluetooth through a Intel, Realtek, or Broadcom chip that is on the motherboard, an adapter card, a USB port, or a Thunderbolt hub). The next step is a mess of possibilities. So, Hyper-V does not take the next step.

In every VM and on the host system, as soon as the data has been reduced to a bunch of Ethernet packets the Hyper-V virtual network adapter simply turns these packets over the Hyper-V system controlling the computer. Hyper-V can look at the 6-byte Ethernet ID destination in each packet. It knows every 6-byte Ethernet ID of every virtual adapter it created, and if it finds a match it can move the packet to the destination adapter in any VM or in the Windows host. If the destination is not known, but the Swtich is associated with a physical network adapter, then it can send the packets out on the external Ethernet network to have them delivered.

Configuring Hyper-V Virtual Switches

Every time your computer boots up, Hyper-V recreates and configures the Default Network/Switch. It has no configuration because it uses all the network configuration of the Windows host system to resolve names and route traffic through the fastest available network path. If you try to mess with it or delete it, it will be recreated fresh when you restart the system.

Other Virtual Switches can be configured using the graphic tool named Hyper-V Manager or by typing PowerShell commands into a Run as Administrator PowerShell session.

PowerShell is probably not the option you will choose, but it breaks the process down to a step by step procedure that explains the possibilities more clearly than using the GUI configuration panel.

Create

To create a naked Switch with nothing attached to it, you provide a Name. This simplest option is not the default for the command, so you add the “-SwitchType Private” option or the command will complain that you have forgotten other parameters

Code Block
PS C:\Windows\System32> New-VMSwitch -Name Example -SwitchType Private

A naked switch can then be connected to virtual network adapters on VMs. Once connected, the VMs can talk to each other, but not to the host or the Internet through this Switch.

Add the Host

Hyper-V provides communication from the host Windows system to the Switch, and therefore to the VMs connected to the switch, by creating a Hyper-V Virtual Network Adapter device in the host Windows 11 operating system.

If there was a command to create the host virtual network adapter, then you could execute it twice and get two of them. Hyper-V doesn’t want you to have two, so the adapter is created when you change the SwitchType from “Private” to “Internal” and is deleted if you then turn the SwitchType back from “Internal” to “Private”. You see the new virtual adapter in the list returned from “Get-Adapter”.

Code Block
PS C:\Windows\System32> Set-VMSwitch -Name Example -SwitchType Internal
PS C:\Windows\System32> Get-NetAdapter
Name                      InterfaceDescription                    ifIndex Status       MacAddress             LinkSpeed
Ethernet                  Intel(R) Ethernet Connection (18) I219…      23 Disconnected C4-C6-E6-30-3F-37          0 bps
vEthernet (Example)       Hyper-V Virtual Ethernet Adapter #4          66 Up           00-15-5D-02-A0-04        10 Gbps
...

Note that there is an unused Intel physical adapter named “Ethernet” that will be used in the next example.

Problem Adding a Physical Adapter to an existing Hyper-V Switch Network

Once you create a Private or Internal switch you can then connect it to VMs and configure them with network addresses so they can talk to each other. Suppose you assign them to the 192.168.10.* subnet.

A physical adapter is connected to external devices that are part of some physical network. Frequently addresses are assigned to a physical network by a DHCP server on a gateway router supplied by your ISP. For the example, assume the physical Ethernet uses the 192.168.3.* subnet.

Adding the physical adapter to the internal Hyper-V network would “bridge” two different networks with two different subnets. This would work, but nothing could talk to a device on the other subnet.

Info

If you have an existing Internal Switch and absolutely want to add a physical network adapter to it knowing the consequences, first change it to SwitchType Private to get rid of the existing host virtual network adapter connected to the Switch. Then use Set-VMSwitch to add both the physical network adapter and a newly generated host virtual network adapter to the Switch (implicitly changing it to SwitchType External) so Hyper-V will get the bridging set up correctly between the physical device and the new virtual device in the Windows Kernel.

Create a Switch with a Physical Network Adapter

The only operation with a sensible result is to attach the physical network adapter to a new Switch you create as part of a single operation.

Code Block
PS C:\Windows\System32> New-VMSwitch -Name HomeNet -NetAdapterName Ethernet -AllowManagementOS $true
Name    SwitchType NetAdapterInterfaceDescription
HomeNet External   Intel(R) Ethernet Connection (18) I219-LM
PS C:\Windows\System32> get-netadapter
Name                      InterfaceDescription                    ifIndex Status       MacAddress             LinkSpeed
Ethernet                  Intel(R) Ethernet Connection (18) I219…      23 Disconnected C4-C6-E6-30-3F-37          0 bps
vEthernet (HomeNet)       Hyper-V Virtual Ethernet Adapter #4          32 Disconnected C4-C6-E6-30-3F-37          0 bps

If you have an existing Internal or Private network connected to VM adapters, you can either reconnect the VM adapters to the new Switch or create new virtual adapters on some of the VMs and connect them to the new Switch while also leaving the VM connected to the old network with the old subnet.

Hyper-V Manager Switch Configuration

In the Actions menu, click on Virtual Switch Manager …

In this panel there is an entirely useless option list asking what type of Switch you want to create.

...

It is useless because all it does it set the default choice among three radio buttons on the next form, but you can always change that selection before you click the create button:

...

Using Hyper-V Manager you don’t have to remember PowerShell commands or the names of options, and you get a nice pulldown list of physical Ethernet adapters on the host system.

Note: this list includes adapters that are already being used with other switches and cannot be selected or you will get an error message instead of creating the switch.

Virtual Network Adapters in each VM

Each Hyper-V VM has a configuration including virtual disks and virtual network adapters. Each virtual disk is associated with a *.vhdx or *.iso file somewhere on the host disk, and each network adapter is either unconnected or connected to a named Virtual Switch.

...

Here there are two network adapters. The first adapter is connected to the Hyper-V Default switch/network. The second is connected to a Switch named “Bridge”. At any time you can disconnect a Virtual network adapter or connect it to another Switch. This simulates unplugging the Ethernet cable from a real computer and plugging in a cable connected to something else.

At any time you can add a new Network Adapter.

...

Adding an adapter to a running VM will work if the operating system reacts to the kind of hardware changes that happen when you plug a physical adapter into a USB port.

Once the adapter is defined, at any time you can connect or disconnect or change the virtual switch to which the adapter is attached. This is equivalent to plugging or unplugging an Ethernet cable to a physical adapter.

...

VLANs

If you don’t know about VLANs or do not use them, ignore this.

Since Hyper-V switches are themselves virtual, you can create as many as you want. The only use for VLANs is when you have a physical network adapter connected to a switch that is connected to a network that not only supports VLANs but where the connection to the adapter is configured as “tagged” (meaning that the adapter can send Ethernet packets with a prefix that selects which VLAN the packet is associated with).

Each VM virtual adapter can be configured with a specific numeric VLAN number, and if the host is sharing use of this physical adapter, then its dummy network adapter connected to the virtual switch can also be assigned a VLAN ID number.