A Every Virtual Machine runs an operating system that needs to be able to download programs, packages, and updatesneeds basic Internet access to apply maintenance, add optional features, and install programs and libraries. Hyper-V provides has a simple built in Default network connection that allows this basic function without any configuration or planning.
You have to be able to login to your VM in the same way you would sit at a screen and keyboard connected to any physical PC. The Virtual Machine Connection application associated with Hyper-V provides this function even when the VM is not connected to any network. This program allows disks on the host to be shared with the VM on all Windows systems and on Linux systems configured to support it (including the Linux Ubuntu system you can download using Quick Create), but you still need a virtual network to update software on the VM.
You have to configure a Hyper-V network if any VM is going to host a program that acts as a network server, like a database or a Web application. You may create an entirely private virtual network that only connects VMs to each other and to the host computer, or you can share a host physical network adapter with VMs and allow external physical computers in your personal environment to connect to the service.
In a datacenter large, specialized host devices may contain specialize network adapters that allow the adapter to talk directly to the VM. This type of hardware is not available on laptop or desktop computers. Each small scale VM supervisor (Hyper-V, VMware Workstation, Oracle VirtualBox, Linux KVM) presents a distinct interface and model for solving a common set of problems using completely different configuration options.
Hyper-V has decided to pretend that the VMs are like real computers connected to a wired network switch. You configure and name the “Virtual Switch”, then configure a virtual wired network adapter on each VM (and optionally on the host Windows system) and by command “connect” the virtual adapter to the switch. Optionally, you can associate a physical network adapter on the host computer with the “switch”, which then means that the VMs connected to that virtual switch can share that adapter, and optionally the host can continue to use it as well.
If you know nothing at all about how a real wired network switch works, then you better off in this one case. The Hyper-V “Virtual Switch” does not really have the kind of software or behavior that someone who understands networking would expect of any physical device. If your understanding is limited to “plug a bunch of computers into the same switch and they can talk to each other”, then that is a pretty good description of all that the Hyper-V networking configuration actually provides.
“Default” - Virtual Network without Configuration
When Hyper-V is installed, it creates a virtual switch called “Default”. You cannot delete it and you cannot configure it.
When you create a new VM, it usually gets a single virtual network adapter connected to “Default”.
The Default network assigns a randomly generated IP address to each VM (using the DHCP protocol).
It allows a VM to access the Yale Network, Home Network, and Internet through a Gateway function provided by the host Windows operating system. When any application on any VM tries to access a network service, it communicates through the Default Network to the Gateway. The Gateway separately connects to that remote service or computer on behalf of the client on the VM. The Gateway is an application on the Windows host system and uses whatever networks the host is currently connected to (wired, wireless). If you can access google.com from your browser on the host computer, the Gateway connects to it the same way. This means that a VM will transparently migrate with your laptop as you move from room to room and plug into or disconnect from any single network interface.
This behavior is so useful that I recommend that you configure every VM to have one adapter on the Default network to seamlessly support all your casual (non-developer) networking requirements.
The question then becomes whether you need a second network connection and how do you intend to use it?
A Simple set of Layers
If you read any book or take any course, you will be taught a list of 7 network Layers. To understand VM networking, we can reduce this to four layers.
The Program Interface - You may enter commands that talk to the network. You will provide these commands with the name of a computer or service, perhaps a port number, perhaps an application name, and perhaps a file name. The exact details depend on the operating system and programming language. Four our purposes, this all takes place in the “user” part of the system where you choose programs and, if you are a developer, where you write your own programs.
The Internet Protocol Support - This code existing in the Operating System Kernel. The Internet is based on two protocols named TCP and IP. IP routes your data through the Internet from your computer through intermediate gateways to the service you are using (google.com, youtube.com, weather.gov, etc.). TCP makes tracks the stream of bytes to make sure they all arrive and are reassembled in the correct order.
Ethernet - All networks today use Ethernet protocol to talk to small numbers of computers within a small area. Ethernet can be Wired, Wi-Fi, or Bluetooth. You cell phone probably support all three versions of Ethernet. What has made Ethernet successful is that any machine can connect to any network at any time. Each Ethernet adapter has its own 6-byte ID. Each packet of data has the 6-byte ID of the sender and the adapter to which it is being sent and the packet is normally limited to no more than 1500 bytes. There are then protocols for sending a packet to everyone on the network searching for a specific machine or service.
Hardware - Ethernet packets can run over a wire or radio. The adapter can be on the motherboard, or connected to a USB port, or on a docking station. It can be made by Intel, or RealTek, or Broadcom. This layer is a mess of different devices all doing the same thing but each in its own specialized way.
Hyper-V makes the rational decision to locate all its virtual networking logic at the Ethernet layer. Every Ethernet packet is no more than 1500 bytes long with a source and a destination. Ethernet packets can already be transmitted over wires, Wi-Fi, or Bluetooth, so why not just add Hyper-V as an alternate way to move the packets from one VM to another, or between VMs and the host computer.
Because the network is virtual, it is easiest to simulate a wired network. Wi-Fi has a connection process with channels and system ids and passwords. Bluetooth has pairing. With a physical wired network, you just plug each end of a cable into a jack, which you can simulate with virtual machine by a command or clicking a button on a configuration utility.
When someone plugs a wire into a real network switch, the switch doesn’t know what is at the other end of the wire. It could be a single computer, or it could be another switch connected to a hundred computers. The switch has to figure this out over time.
Hyper-V can cheat. It knows all the VMs and their virtual adapters. As soon as you connect something, Hyper-V knows its 6-byte Ethernet ID, and its IP addresses, and anything else that could be useful. Since it does not need to discover anything, it doesn’t need the logic or behavior of a real switch. So, there is no actual switch in a Hyper-V Virtual Switch. It is just a metaphor to guide network configuration.
Configured Hyper-V Virtual Switches
Default cannot be controlled. If you need the ability to assign addresses and configure networking on VMs, then you create your own named Hyper-V Virtual Switch.
There is a simple logic to all Hyper-V Virtual Switches, but it is obscured by a confusing utility and documentation that combines things that should be regarded as separate.
The Virtual Switch
The Switch has a name. Create a name that describes its intended purpose.
...
Unfortunately, the Hyper-V Manager GUI interface asks you to choose a “type of virtual switch” in order to create it. All switches are the same. At any time you can convert a Switch to External by connecting it to a Windows network adapter, and at any time you can make it Internal or Private by choosing to connect it to the host Windows 11 operating system or not. You can connect or disconnect it from anything at any time.
Network Adapters in the VM configuration
Each Hyper-V VM has a configuration including virtual disks and virtual network adapters. Each virtual disk is associated with a *.vhdx or *.iso file somewhere on the host disk, and each network adapter is either unconnected or connected to a named Virtual Switch.
...
Here there are two network adapters. The first adapter is connected to the Hyper-V Default switch/network. The second is connected to a Switch named “Bridge”. At any time you can disconnect a Virtual network adapter or connect it to another Switch. This simulates unplugging the Ethernet cable from a real computer and plugging in a cable connected to something else.
At any time you can add a new Network Adapter.
...
This is something like plugging a USB Ethernet adapter into a computer.
When you create a new Virtual Network Adapter you will be given a chance to connect it to any of the defined Virtual Switches or else to leave it unconnected for now:
...
Associate a Switch with a Physical Network Adapter and
Allow the Host Windows System to Connect to it
Any Virtual Switch can be exclusively associated with one physical network adapter on the host Windows system. You cannot attach two physical adapters to the same switch, and you cannot attach the same physical adapter to two switches.
When a Switch is associated with a physical adapter, then all of the VMs connected to that switch share that one adapter and can talk to whatever devices can be accessed through that adapter. If you know in advance that the Switch will always be associated with an adapter connected to a specific type of network, then you might name the Switch for that type of Network.
If you take the advice to always connect a VM to the Default Network and use it to connect to all public services on the Yale Network or Internet, then the only reason to have other adapters and switches is to have other types of small networks on which you have a special set of devices.
Having thought about this for a long time, the only clear suggestion I will make is to create a Switch associated with a physical wired Ethernet adapter that is connected one larger and more powerful machine (the “desktop” computer) which has more memory and disk storage than your laptop. While this desktop computer has its own connection to the Internet and may do other work on its own, you run a single Ethernet cable between your laptop and the desktop computer and use it to create a little private network that the two machines use to talk to each other. On each machine you create a Switch named Bridge that is associated with the Ethernet adapter connected to the other machine. Then VMs on one machine can talk to VMs on the other machine over the private Bridge.
There may be other uses for Switches and Adapters that arise from your own specific requirements. You could, for example, create one Switch called Yale that you use when your laptop is at Yale plugged into the Yale Network, and another Switch called Home that you use when your laptop is at home. As you move from work to home, you disconnect the Switch for one environment and connect the Switch for the other environment. That provides a way to manage VMs that should only run a Yale from others that should only run at home.
Separately, you can choose to connect the host Windows 11 system to a Switch by creating a Virtual Network Adapter in the real host Windows 11 system. Up to this point we have discussed virtual adapters on virtual machines, but this is a virtual adapter on your real laptop computer. It allows you to talk through the switch to your VMs.
It is very common that you start with a host operating system with one wired network adapter. You install Hyper-V and are about to create your first VM. You want to share your wired physical adapter with your VM. The way to do this is to create a Hyper-V Switch that is connected to the physical wired adapter, but which is also connected to the host operating system.
It is natural to think of a single operation to “share my wired adapter with Hyper-V VMs”. There is also a disruption in the host networking when you remove the physical adapter from the host system and attach it to the switch, then create a virtual adapter in the host operating system and attach it to the switch. More importantly, you may have configured network parameters for that adapter on the host (an IP address, network mask, gateway address, DNS server address, and other stuff that most people ignore but developers may carefully specify in advance). All this configuration is specific to the host Windows 11 operating system and is not something you share with the other VMS. So, what you want is for all that Internet configuration that is currently in the Windows configuration of the physical adapter to be moved from that now shared adapter and instead be used to configure the virtual network adapter that is being created to connect the Windows 11 host system to the Hyper-V virtual switch and through it to the now shared physical wired Ethernet adapter.
Removing the physical adapter from the host operating system and associating it with a Hyper-V switch is one configuration operation. Creating a new virtual adapter in the host system and attaching it to the switch is a separate operation. You could do them separately in either order, but then you would have to do all the manual reconfiguration over again. So, Hyper-V manager presents a GUI interface that combines the two operations, so the configuration moves automatically from the physical adapter to the virtual adapter when you share it, and if you decide to stop sharing it and return the physical adapter back to the exclusive use of the host Windows system the configuration moves back in the opposite direction. that provides VMs with general network access without any configuration because it runs through a gateway in your native Windows 11 system and piggybacks on the networking you already have.
In technical terms, Default provides each VM with network addresses and parameters through DHCP, resolves network names on your host, provides a NAT gateway on the host, and uses the host routing tables to select the best choice from your wired, wireless, or VPN connections. There is no better solution for basic client access from any VM.
| Info |
|---|
Normally connect the first network adapter on a generic VM to the Default network and let it dynamically configure itself. If you need custom networking, add a second virtual network adapter to the VM. |
With a connection to Default, a client program on the VM can access anything on the host computer, the local network (home or Yale), any VPN your computer is connected to, and the general Internet. Default allows client programs on the host computer to dynamically find and connect to VMs by hostname (using “hostname.local” dynamic name resolution).
You need a custom network to give a VM a static IP address, to expose services running on a VM to clients on another computer, or to make a VM look like a normal computer on your local network.
Hyper-V is not “Bare Metal” Virtualization
In large datacenters virtual machines are created by specialized hardware. These systems can have special network adapters that allow virtual machines to communicate directly at the hardware level.
Hyper-V can work on any computer that supports Windows, and it can run on any network adapter that runs with Windows, including adapters connected through USB or on a docking station. It emphasizes generality over optimization, so it cannot connect any hardware device directly to a VM. It is, however, built into the Windows Kernel rather than running as an application program.
The network adapters are installed into Windows, have Windows drivers, and appear in the Windows Device Manager. They may have hardware optimizations that can be turned on or configured on the host system. Most users will ignore these options, but anything configured in the native Windows system will also apply to all VMs.
...
Generic Virtual Network Adapters
The interface between an operating system and a network device drive is fairly simple, and many different types of software will generate what appears to be a network adapter but is really some type of software service. VPN software creates a simulated direct network connection to the campus, but actually sends the data on an encrypted session over the public internet. Simulated network adapters are part of WSL, Docker containers, and other software.
Hyper-V, like most virtual machine supervisors, has created its own virtual network device drivers that will be installed automatically when a Windows or Linux system discovers that it is running in a Hyper-V VM. Instead of simulating a hardware device, network communication is handled by translating software calls from the operating system in the VM to software calls from the VM to Hyper-V itself.
A Linux application does a system call to the Linux kernel, which then calls the Linux Hyper-V network device driver, which then calls out from the VM to Hyper-V running in the real computer. Hyper-V then processes the request by moving the data to another VM or to the host Windows system, where it will either be fed up through another Hyper-V device driver or passed to the Windows device driver of a real physical network adapter card.
The Virtual Switch Meme
Hyper-V networking has the same services and configuration options as competing options like VMware Workstation or Oracle VirtualBox. Other systems may create a named “virtual network” and then connect virtual adapters on each VM to that network by its name. Hyper-V does the same thing, but Microsoft has decided to call it a “virtual network switch” instead of a “virtual network”.
The only advantage of this meme is that a switch is a physical device in the real world, and when you are drawing diagrams in a tool like Visio, you can find a standard picture for a switch and add it to your diagram along with pictures of real or virtual computers connected to the switch:
...
Using the Hyper-V Manager or PowerShell scripts, an administrator connects a virtual network adapter configured on a VM to the Switch. The host Windows system can also get a virtual network adapter connected to the Switch, and optionally one physical network adapter on the host system can also be connected to the switch. Loosely speaking, Ethernet packets transmitted by any virtual adapter connected to the Switch, and packets received by the physical network adapter from an external network are examined by Hyper-V and based on the 6-byte Ethernet ID in the destination field of the packet, it is transferred to the appropriate virtual network adapter configured with that ID.
Physical Network Adapter Bridge
Through Hyper-V, the host Windows system can assign one physical network adapter to a Hyper-V Virtual Switch. VMs attached to the Switch appear to the external Ethernet network as individual real computers. They can be assigned IP addresses statically or dynamically (from the external DHCP server). The VMs can expose database services or Web applications to the external real computers.
Remember that through the Default network any client on a VM can access any external service that the host computer to access. The only reason to assign a physical adapter to Hyper-V is so that external clients can connect to servers on the VMs.
If you have an unused network adapter available, you can choose to dedicate it to a Hyper-V Switch. Then only the VMs will use it, and the host will continue to use other adapters.
However, you may have only one network adapter, and you may already be using it for all your internet access. You can only afford to share it with the VMs. It is already configured with your personal communication preferences (IP address, name servers, etc.) and you don’t want to have to redo all that.
Hyper-V has to operate inside the Windows Kernel using the existing rules for device drivers and network stacks. One device cannot be directly connected to two different networks. Hyper-V is already set up to create a virtual network adapter if the host operating system wants to talk to VMs through a custom Hyper-V switch.
The last piece of the puzzle is that Window has always had a relatively obscure option to connect two physical network adapters together so the Windows machine can be used as a bridge between two physical networks. This may go back 30 years to a time when network equipment was more expensive, but it hasn’t been removed even though it is almost never used.
At a high level, the way this works is:
Hyper-V creates a virtual network adapter in the Windows operating system and connects it to the Switch.
All the Ethernet and Internet communications configuration on the physical network adapter is moved from the physical adapter to the new virtual adapter. Any networking tables in Windows associated with the IP address or Ethernet ID or active sessions are changed to point to the new virtual adapter.
The physical adapter, no longer connected to anything, is set up to act as a bridge between the external network (whatever is on the other end of the RJ45 cable plugged into the adapter) and the Hyper-V “Virtual Switch” component (which itself is a kind of bridge between the host and VM adapters).
Windows does this reconfiguration as quickly as possible, but there is a warning that there may be a very short interruption of communication. When it is done, all the connections between host applications and external network services are still live.
If you look in Device Driver and Network Connections, you will now see the old physical network adapter and the new Hyper-V Virtual Network adapter. You may note that the physical network adapter no longer seems to have Internet access. This is because it is now only operating at the Ethernet packet level moving data between the external network and Hyper-V. Internet access now appears to be provided through the Virtual Network Adapter that connects you to the Virtual Switch and VMs. Once the physical adapter is owned by Hyper-V, the Virtual Switch is the way that the host Windows system accesses the external network.
...
Layers (abbreviated)
At this point anyone writing about networking is obligated to mention the 7 Layers of the OSI Networking Model. Now that I mentioned it, we can ignore the textbook stuff and just talk about how network stuff is done in the Windows Kernel.
An application calls some library of services to send a stream of bytes over a connection to some remote network endpoint known by its IP address or hostname and a port number.
Inside the Kernel part of the Windows networking code wraps the stream of data into a TCP “packet” associated with a port number destination. The TCP packet is then broken into one or more IP packets with the IP address of the destination. The IP packet is then broken into one or more 1500 byte Ethernet packets with a 6-byte Ethernet destination address of another device on the local network, which may be the final destination or else will be a gateway device that forwards the data to bigger networks and eventually the whole Internet.
This processing up to this point is universal. It doesn’t matter what you are doing (browsing the Web or backing up your disk files) and it doesn’t matter how the network connection is made (wired, Wi-Fi, or Bluetooth through a Intel, Realtek, or Broadcom chip that is on the motherboard, an adapter card, a USB port, or a Thunderbolt hub). The next step is a mess of possibilities. So, Hyper-V does not take the next step.
In every VM and on the host system, as soon as the data has been reduced to a bunch of Ethernet packets the Hyper-V virtual network adapter simply turns these packets over the Hyper-V system controlling the computer. Hyper-V can look at the 6-byte Ethernet ID destination in each packet. It knows every 6-byte Ethernet ID of every virtual adapter it created, and if it finds a match it can move the packet to the destination adapter in any VM or in the Windows host. If the destination is not known, but the Swtich is associated with a physical network adapter, then it can send the packets out on the external Ethernet network to have them delivered.
Configuring Hyper-V Virtual Switches
Every time your computer boots up, Hyper-V recreates and configures the Default Network/Switch. It has no configuration because it uses all the network configuration of the Windows host system to resolve names and route traffic through the fastest available network path. If you try to mess with it or delete it, it will be recreated fresh when you restart the system.
Other Virtual Switches can be configured using the graphic tool named Hyper-V Manager or by typing PowerShell commands into a Run as Administrator PowerShell session.
PowerShell is probably not the option you will choose, but it breaks the process down to a step by step procedure that explains the possibilities more clearly than using the GUI configuration panel.
Create
To create a naked Switch with nothing attached to it, you provide a Name. This simplest option is not the default for the command, so you add the “-SwitchType Private” option or the command will complain that you have forgotten other parameters
| Code Block |
|---|
PS C:\Windows\System32> New-VMSwitch -Name Example -SwitchType Private |
A naked switch can then be connected to virtual network adapters on VMs. Once connected, the VMs can talk to each other, but not to the host or the Internet through this Switch.
Add the Host
Hyper-V provides communication from the host Windows system to the Switch, and therefore to the VMs connected to the switch, by creating a Hyper-V Virtual Network Adapter device in the host Windows 11 operating system.
If there was a command to create the host virtual network adapter, then you could execute it twice and get two of them. Hyper-V doesn’t want you to have two, so the adapter is created when you change the SwitchType from “Private” to “Internal” and is deleted if you then turn the SwitchType back from “Internal” to “Private”. You see the new virtual adapter in the list returned from “Get-Adapter”.
| Code Block |
|---|
PS C:\Windows\System32> Set-VMSwitch -Name Example -SwitchType Internal
PS C:\Windows\System32> Get-NetAdapter
Name InterfaceDescription ifIndex Status MacAddress LinkSpeed
Ethernet Intel(R) Ethernet Connection (18) I219… 23 Disconnected C4-C6-E6-30-3F-37 0 bps
vEthernet (Example) Hyper-V Virtual Ethernet Adapter #4 66 Up 00-15-5D-02-A0-04 10 Gbps
... |
Note that there is an unused Intel physical adapter named “Ethernet” that will be used in the next example.
Problem Adding a Physical Adapter to an existing Hyper-V Switch Network
Once you create a Private or Internal switch you can then connect it to VMs and configure them with network addresses so they can talk to each other. Suppose you assign them to the 192.168.10.* subnet.
A physical adapter is connected to external devices that are part of some physical network. Frequently addresses are assigned to a physical network by a DHCP server on a gateway router supplied by your ISP. For the example, assume the physical Ethernet uses the 192.168.3.* subnet.
Adding the physical adapter to the internal Hyper-V network would “bridge” two different networks with two different subnets. This would work, but nothing could talk to a device on the other subnet.
| Info |
|---|
If you have an existing Internal Switch and absolutely want to add a physical network adapter to it knowing the consequences, first change it to SwitchType Private to get rid of the existing host virtual network adapter connected to the Switch. Then use Set-VMSwitch to add both the physical network adapter and a newly generated host virtual network adapter to the Switch (implicitly changing it to SwitchType External) so Hyper-V will get the bridging set up correctly between the physical device and the new virtual device in the Windows Kernel. |
Create a Switch with a Physical Network Adapter
The only operation with a sensible result is to attach the physical network adapter to a new Switch you create as part of a single operation.
| Code Block |
|---|
PS C:\Windows\System32> New-VMSwitch -Name HomeNet -NetAdapterName Ethernet -AllowManagementOS $true
Name SwitchType NetAdapterInterfaceDescription
HomeNet External Intel(R) Ethernet Connection (18) I219-LM
PS C:\Windows\System32> get-netadapter
Name InterfaceDescription ifIndex Status MacAddress LinkSpeed
Ethernet Intel(R) Ethernet Connection (18) I219… 23 Disconnected C4-C6-E6-30-3F-37 0 bps
vEthernet (HomeNet) Hyper-V Virtual Ethernet Adapter #4 32 Disconnected C4-C6-E6-30-3F-37 0 bps |
If you have an existing Internal or Private network connected to VM adapters, you can either reconnect the VM adapters to the new Switch or create new virtual adapters on some of the VMs and connect them to the new Switch while also leaving the VM connected to the old network with the old subnet.
Hyper-V Manager Switch Configuration
In the Actions menu, click on Virtual Switch Manager …
In this panel there is an entirely useless option list asking what type of Switch you want to create.
...
It is useless because all it does it set the default choice among three radio buttons on the next form, but you can always change that selection before you click the create button:
...
Using Hyper-V Manager you don’t have to remember PowerShell commands or the names of options, and you get a nice pulldown list of physical Ethernet adapters on the host system.
Note: this list includes adapters that are already being used with other switches and cannot be selected or you will get an error message instead of creating the switch.
Virtual Network Adapters in each VM
Each Hyper-V VM has a configuration including virtual disks and virtual network adapters. Each virtual disk is associated with a *.vhdx or *.iso file somewhere on the host disk, and each network adapter is either unconnected or connected to a named Virtual Switch.
...
Here there are two network adapters. The first adapter is connected to the Hyper-V Default switch/network. The second is connected to a Switch named “Bridge”. At any time you can disconnect a Virtual network adapter or connect it to another Switch. This simulates unplugging the Ethernet cable from a real computer and plugging in a cable connected to something else.
At any time you can add a new Network Adapter.
...
Adding an adapter to a running VM will work if the operating system reacts to the kind of hardware changes that happen when you plug a physical adapter into a USB port.
Once the adapter is defined, at any time you can connect or disconnect or change the virtual switch to which the adapter is attached. This is equivalent to plugging or unplugging an Ethernet cable to a physical adapter.
...
VLANs
If you don’t know about VLANs or do not use them, ignore this.
...