Every Virtual Machine runs an operating system that needs needs basic Internet access to apply monthly maintenance, add optional features, and install programs and libraries. Today all this basic maintenance is done through the Internet. Hyper-V has a built in Default network . “Default” is its explict name, and it is also the default network for new VMs. It is created by Hyper-V when Windows boots up.
The Default network supplies network addresses and other parameters though DHCP to each VM. It provides a DNS service that resolved names by querying the Windows host operating system for name information. It provides a gateway function (NAT) that receives packets and forwards them to other computers and the internet using the best routing logic of the host Windows system. It automatically switches between wired, Wi-Fi, and VPN when the host switches, and roams between access points as you move from room to room.
You cannot replicate all the things that Default does yourself. As a result, unless you have to test a special VM configuration that only supports some other network connection arrangement, the recommendation is
that provides VMs with general network access without any configuration because it runs through a gateway in your native Windows 11 system and piggybacks on the networking you already have.
In technical terms, Default provides each VM with network addresses and parameters through DHCP, resolves network names on your host, provides a NAT gateway on the host, and uses the host routing tables to select the best choice from your wired, wireless, or VPN connections. There is no better solution for basic client access from any VM.
| Info |
|---|
Normally connect the first network adapter on a generic VM to the Default network and let it dynamically configure itself. Then if If you need something else, create additional network adapters connected to custom network configurations. The Default network will provide service if your computer has any network access. |
...
custom networking, add a second virtual network adapter to the VM. |
With a connection to Default, a client program on the VM can access anything on the host computer, the local network (home or Yale) network, the Cisco VPNany VPN your computer is connected to, and the general Internet. A Default allows client program running programs on the host computer or on a VM can access another VM by using its hostname followed by “.local” (although to make this work, a Linux VM may have to install the “avahi-daemon" package if it is not installed by default).
The Hyper-V “Virtual Machine Connection” program provides on your Windows desktop a simulation of a screen, keyboard, and mouse directly connected to any virtual machine without using any simulated networking.
Hyper-V custom networks are needed if a VM needs a permanent static IP address, or is to appear to be a separate real computer on a physical local network, or if you need special routing other than the host default.
If you never expect to have any of these requirements, you can stop reading here.
Hyper-V is not “Bare Metal” Virtualization
In a Datacenter run by a university, company, or cloud vendor, there are large specialized systems that create hundreds of virtual machines. For large applications they may dedicate a physical disk or disk partition to the exclusive use of one VM. They may also provide specialized network adapters that each behave as if they were dozens of separate devices, and each simulated device can be hardware attached to a specific VM. The VM talks directly to the adapter and therefore needs a driver for that type of device.
Hyper-V runs on any desktop or Laptop Windows 11 system. It has no custom hardware. It supports just the standard Windows device drivers. This means that no VM will ever talk directly to dedicated hardware. VMs talk to Hyper-V, Hyper-V in the host Windows 11 Kernel talks to the standard Windows drivers for that device on the host system, and the Windows device drivers talk to the hardware.
Each model of each vendor’s network adapter card or chip has tuning parameters, or optional optimization features that an expert may choose to configure to optimize performance when the adapter is dedicated to a specific application or use. Most people don’t ever look at them, and few people understand how they work. The Windows Device Manager will display and set them, but in a desktop or laptop computer the general-purpose defaults are usually best:
...
This hardware configuration can be done in Device Manager on the host Windows 11 system. Hyper-V and the VMs have no visibility to the actual hardware.
Generic Virtual Network Adapters
All VM supervisors create in the VMs a single type of emulated virtual network adapter. When PC virtual machines was a new idea, the system emulated some simple, cheap, universally supported network adapter card for which all operating systems already had drivers. However, it is expensive to simulate the low level behavior of hardware chips. Today all VM supervisors create an entirely imaginary simple high level network adapter card, and they generally write and distribute their own device driver for Windows, Linux, and as many other operating systems as there is market share. They make the source available so developers of any other operating system can write their own drivers.
These drivers simply make a software system call to Hyper-V in order to communicate over the network.
In addition to a driver that runs when Windows is running in a VM, Hyper-V has a different driver that can be used on the host Windows 11 operating system. This driver runs in the host Kernel and makes calls to the Hyper-V component also running in the host Windows kernel.
These virtual network adapters support the standard interface used by that operating system to configure networking parameters. Each network adapter has a 6-byte Ethernet address, and while it may be automatically configured from the network, it may also be statically configured with an IP address, gateway address, and DNS servers and default suffix strings. The host Windows system can set these values, and each VM can set its own values.
Developers may turn Hyper-V on immediately on any new computer. Others may start with a simple Windows machine, configure networking the way they want it, and then enable Hyper-V later on.
While you might add a new adapter for Hyper-V, it is often easier to share an existing already configured network adapter with Hyper-V and its virtual machines. When you do this, Windows splits the physical adapter into two Windows Devices that show up separately in Device Manager and Network Connections.
...
Above is a display of the Network Connections after Ethernet 2 (a Realtek USB controller) was shared with Hyper-V. The original Ethernet 2 hardware device remains, but it is no longer connected to the Internet. A new Hyper-V Virtual Ethernet Adapter was created by Hyper-V. The host Windows system is now connected to the Internet through the new virtual adapter. In reality Ethernet 2 and the new vEthernet are two aspects in Windows of the same hardware device.
The Device Manager hardware optimization options belong to the Ethernet 2 device. The Internet configuration options (IP address, DNS servers, 6-byte Ethernet ID, etc.) have been moved to the new vEthernet device.
Network Connections is one of the old Control Panel tools that go back to Windows 95. Today Microsoft is trying to get you to use the new Windows Settings panels, where Network Settings rather interestingly recombines the two Devices to simplify the view of end users:
...
Here the Internet setting have been combined with the hardware device type under the old physical device name of Ethernet 2.
If you choose to dedicate a physical network adapter to be used only by Hyper-V, there is no need for a virtual host adapter and any previous Internet configuration will simply be discarded.
The Virtual Switch Meme
VMware Workstation, Oracle VirtualBox, and Hyper-V all have the same network configuration problem and the same set of options. Other software combines a set of adapters on VMs, an optional virtual network adapter on the host system, and an optional physical network adapter into a named configuration object called a “Network”. Microsoft has chosen instead to call it a “Switch”.
The metaphor of connecting virtual adapters on virtual machines to ports on a virtual network switch is nice and simplifies creating diagrams, because you probably already have a switch image in your list of Visio diagram elements:
...
But calling this a Switch is not really helpful if you are trying to really understand how the thing really works.
How it Really Works
Inside the Kernel of the operating system, there is software that wraps the data into a TCP “packet” associated with a port number destination with data that supports recovering if packets are lost or reordered. The TCP packet is then broken into IP packets with the IP address of the sender and destination. The IP packet is then broken into one or more Ethernet packets with the 6-byte Ethernet ID of the sender and destination on the LAN.
Up to this point everything has been universal and hardware independent. The next step depends on whether the data is going over a wire, Wi-Fi, or Bluetooth, what chip is used, is it on the motherboard or USB, and many other things.
Therefore, the strategic way to design virtual networking is to let each system (Windows, Linux, …) on the host or in a VM just run their normal processing through TCP and IP to the point where they have an Ethernet packet. Then instead of using any hardware device, turn the packet over to Hyper-V for delivery on a named Switch/Network. The packet contains a destination 6-byte Ethernet ID and Hyper-V knows the 6-byte Ethernet IDs of every virtual Ethernet adapter on the host or VMs. If the destination is not one managed by Hyper-V and the Switch/Network has an associated physical network adapter, then send the packet out on the physical network.
The Hyper-V device drivers in a Linux VM, Windows VM, or Windows on the host simply hand packets off to Hyper-V, and Hyper-V also creates something in the Windows Kernel that talks to the device driver of any physical network adapter that has been assigned to it.
Configuring Hyper-V Virtual Switches
Every time it starts up, Hyper-V generates a new Switch called Default. VMs connect to it by default. In the host system, it is connected to a Gateway service that provides automatic configuration through DHCP to the VMs, a DNS service using the host operating system current name resolution, and the host operating system Routing tables to select the best current way to send data to external networks. You cannot meaningly configure of delete this service because it is recreated from scratch every time you restart Windows.
Other Virtual Switches can be configured using the graphic tool named Hyper-V Manager or by typing PowerShell commands into a Run as Administrator PowerShell session.
PowerShell is probably not the option you will choose, but it allows us to describe the process as simply and cleanly as possible without some confusion built into the Manager tool.
Create
To create a naked Switch with nothing attached to it, you provide a Name and, because Microsoft does not expect that most people want to create a switch with nothing, you have to explitly confirm that you want it to be of type Private:
| Code Block |
|---|
PS C:\Windows\System32> new-vmswitch -Name Example -SwitchType Private
Name SwitchType NetAdapterInterfaceDescription
---- ---------- ------------------------------
Example Private |
A naked switch can be connected to virtual network adapters on VMs. VMs can use it to talk to each other.
Add just the Host
A switch with a host connection is identified by a SwitchType of Internal instead of Private.
You can create the switch with that SwitchType, or having previously create a naked Private switch you can change the type of the existing switch:to dynamically find and connect to VMs by hostname (using “hostname.local” dynamic name resolution).
You need a custom network to give a VM a static IP address, to expose services running on a VM to clients on another computer, or to make a VM look like a normal computer on your local network.
Hyper-V is not “Bare Metal” Virtualization
In large datacenters virtual machines are created by specialized hardware. These systems can have special network adapters that allow virtual machines to communicate directly at the hardware level.
Hyper-V can work on any computer that supports Windows, and it can run on any network adapter that runs with Windows, including adapters connected through USB or on a docking station. It emphasizes generality over optimization, so it cannot connect any hardware device directly to a VM. It is, however, built into the Windows Kernel rather than running as an application program.
The network adapters are installed into Windows, have Windows drivers, and appear in the Windows Device Manager. They may have hardware optimizations that can be turned on or configured on the host system. Most users will ignore these options, but anything configured in the native Windows system will also apply to all VMs.
...
Generic Virtual Network Adapters
The interface between an operating system and a network device drive is fairly simple, and many different types of software will generate what appears to be a network adapter but is really some type of software service. VPN software creates a simulated direct network connection to the campus, but actually sends the data on an encrypted session over the public internet. Simulated network adapters are part of WSL, Docker containers, and other software.
Hyper-V, like most virtual machine supervisors, has created its own virtual network device drivers that will be installed automatically when a Windows or Linux system discovers that it is running in a Hyper-V VM. Instead of simulating a hardware device, network communication is handled by translating software calls from the operating system in the VM to software calls from the VM to Hyper-V itself.
A Linux application does a system call to the Linux kernel, which then calls the Linux Hyper-V network device driver, which then calls out from the VM to Hyper-V running in the real computer. Hyper-V then processes the request by moving the data to another VM or to the host Windows system, where it will either be fed up through another Hyper-V device driver or passed to the Windows device driver of a real physical network adapter card.
The Virtual Switch Meme
Hyper-V networking has the same services and configuration options as competing options like VMware Workstation or Oracle VirtualBox. Other systems may create a named “virtual network” and then connect virtual adapters on each VM to that network by its name. Hyper-V does the same thing, but Microsoft has decided to call it a “virtual network switch” instead of a “virtual network”.
The only advantage of this meme is that a switch is a physical device in the real world, and when you are drawing diagrams in a tool like Visio, you can find a standard picture for a switch and add it to your diagram along with pictures of real or virtual computers connected to the switch:
...
Using the Hyper-V Manager or PowerShell scripts, an administrator connects a virtual network adapter configured on a VM to the Switch. The host Windows system can also get a virtual network adapter connected to the Switch, and optionally one physical network adapter on the host system can also be connected to the switch. Loosely speaking, Ethernet packets transmitted by any virtual adapter connected to the Switch, and packets received by the physical network adapter from an external network are examined by Hyper-V and based on the 6-byte Ethernet ID in the destination field of the packet, it is transferred to the appropriate virtual network adapter configured with that ID.
Physical Network Adapter Bridge
Through Hyper-V, the host Windows system can assign one physical network adapter to a Hyper-V Virtual Switch. VMs attached to the Switch appear to the external Ethernet network as individual real computers. They can be assigned IP addresses statically or dynamically (from the external DHCP server). The VMs can expose database services or Web applications to the external real computers.
Remember that through the Default network any client on a VM can access any external service that the host computer to access. The only reason to assign a physical adapter to Hyper-V is so that external clients can connect to servers on the VMs.
If you have an unused network adapter available, you can choose to dedicate it to a Hyper-V Switch. Then only the VMs will use it, and the host will continue to use other adapters.
However, you may have only one network adapter, and you may already be using it for all your internet access. You can only afford to share it with the VMs. It is already configured with your personal communication preferences (IP address, name servers, etc.) and you don’t want to have to redo all that.
Hyper-V has to operate inside the Windows Kernel using the existing rules for device drivers and network stacks. One device cannot be directly connected to two different networks. Hyper-V is already set up to create a virtual network adapter if the host operating system wants to talk to VMs through a custom Hyper-V switch.
The last piece of the puzzle is that Window has always had a relatively obscure option to connect two physical network adapters together so the Windows machine can be used as a bridge between two physical networks. This may go back 30 years to a time when network equipment was more expensive, but it hasn’t been removed even though it is almost never used.
At a high level, the way this works is:
Hyper-V creates a virtual network adapter in the Windows operating system and connects it to the Switch.
All the Ethernet and Internet communications configuration on the physical network adapter is moved from the physical adapter to the new virtual adapter. Any networking tables in Windows associated with the IP address or Ethernet ID or active sessions are changed to point to the new virtual adapter.
The physical adapter, no longer connected to anything, is set up to act as a bridge between the external network (whatever is on the other end of the RJ45 cable plugged into the adapter) and the Hyper-V “Virtual Switch” component (which itself is a kind of bridge between the host and VM adapters).
Windows does this reconfiguration as quickly as possible, but there is a warning that there may be a very short interruption of communication. When it is done, all the connections between host applications and external network services are still live.
If you look in Device Driver and Network Connections, you will now see the old physical network adapter and the new Hyper-V Virtual Network adapter. You may note that the physical network adapter no longer seems to have Internet access. This is because it is now only operating at the Ethernet packet level moving data between the external network and Hyper-V. Internet access now appears to be provided through the Virtual Network Adapter that connects you to the Virtual Switch and VMs. Once the physical adapter is owned by Hyper-V, the Virtual Switch is the way that the host Windows system accesses the external network.
...
Layers (abbreviated)
At this point anyone writing about networking is obligated to mention the 7 Layers of the OSI Networking Model. Now that I mentioned it, we can ignore the textbook stuff and just talk about how network stuff is done in the Windows Kernel.
An application calls some library of services to send a stream of bytes over a connection to some remote network endpoint known by its IP address or hostname and a port number.
Inside the Kernel part of the Windows networking code wraps the stream of data into a TCP “packet” associated with a port number destination. The TCP packet is then broken into one or more IP packets with the IP address of the destination. The IP packet is then broken into one or more 1500 byte Ethernet packets with a 6-byte Ethernet destination address of another device on the local network, which may be the final destination or else will be a gateway device that forwards the data to bigger networks and eventually the whole Internet.
This processing up to this point is universal. It doesn’t matter what you are doing (browsing the Web or backing up your disk files) and it doesn’t matter how the network connection is made (wired, Wi-Fi, or Bluetooth through a Intel, Realtek, or Broadcom chip that is on the motherboard, an adapter card, a USB port, or a Thunderbolt hub). The next step is a mess of possibilities. So, Hyper-V does not take the next step.
In every VM and on the host system, as soon as the data has been reduced to a bunch of Ethernet packets the Hyper-V virtual network adapter simply turns these packets over the Hyper-V system controlling the computer. Hyper-V can look at the 6-byte Ethernet ID destination in each packet. It knows every 6-byte Ethernet ID of every virtual adapter it created, and if it finds a match it can move the packet to the destination adapter in any VM or in the Windows host. If the destination is not known, but the Swtich is associated with a physical network adapter, then it can send the packets out on the external Ethernet network to have them delivered.
Configuring Hyper-V Virtual Switches
Every time your computer boots up, Hyper-V recreates and configures the Default Network/Switch. It has no configuration because it uses all the network configuration of the Windows host system to resolve names and route traffic through the fastest available network path. If you try to mess with it or delete it, it will be recreated fresh when you restart the system.
Other Virtual Switches can be configured using the graphic tool named Hyper-V Manager or by typing PowerShell commands into a Run as Administrator PowerShell session.
PowerShell is probably not the option you will choose, but it breaks the process down to a step by step procedure that explains the possibilities more clearly than using the GUI configuration panel.
Create
To create a naked Switch with nothing attached to it, you provide a Name. This simplest option is not the default for the command, so you add the “-SwitchType Private” option or the command will complain that you have forgotten other parameters
| Code Block |
|---|
PS C:\Windows\System32> New-VMSwitch -Name Example -SwitchType Private |
A naked switch can then be connected to virtual network adapters on VMs. Once connected, the VMs can talk to each other, but not to the host or the Internet through this Switch.
Add the Host
Hyper-V provides communication from the host Windows system to the Switch, and therefore to the VMs connected to the switch, by creating a Hyper-V Virtual Network Adapter device in the host Windows 11 operating system.
If there was a command to create the host virtual network adapter, then you could execute it twice and get two of them. Hyper-V doesn’t want you to have two, so the adapter is created when you change the SwitchType from “Private” to “Internal” and is deleted if you then turn the SwitchType back from “Internal” to “Private”. You see the new virtual adapter in the list returned from “Get-Adapter”.
| Code Block |
|---|
PS C:\Windows\System32> setSet-vmswitchVMSwitch -Name Example -SwitchType Internal PS C:\Windows\System32> getGet-netadapterNetAdapter Name InterfaceDescription ifIndex Status MacAddress LinkSpeed Ethernet Intel(R) Ethernet Connection (18) I219… 23 Disconnected C4-C6-E6-30-3F-37 0 bps vEthernet (Example) Hyper-V Virtual Ethernet Adapter #4 66 Up 00-15-5D-02-A0-04 10 Gbps ... |
Windows now has a new virtual network adapter connected to the switch. Note the currently disconnected first adapter named “Ethernet” for Note that there is an unused Intel physical adapter named “Ethernet” that will be used in the next example.
...
Problem Adding a Physical
...
There is a logical problem if you create an Internal Switch, use it for a while, and then decide to add a physical network adapter to it.
The existing physical adapter has Internet connection parameters associated with it (an IP address on the existing external physical network to which it was connected (say 192.168.3.*).
The existing host virtual adapter connected to the switch has connection parameters associated with it. Worse, the fact that it exists at all suggests that you configured an Internal network where all the adapters on all the VMs have internal IP addresses (say 192.168.10.*).
Adding this physical adapter to the switch physically bridges two networks with two different IP subnets. Now there is nothing wrong with that, and it could work, but Windows doesn’t know what to do with the IP address on the host virtual network adapter. So, it solves this problem in what may be the worst possible way by creating a second virtual host network adapter (as if your Device Manager was not bad enough already). Both end up connected to the Switch. The original virtual network adapter created when you made the switch Internal keeps its old IP address in 192.168.10.* while the new second virtual Ethernet adapter connected to the same switch gets the external IP address previously assigned to the physical network adapter in 192.168.3.*
That is probably not what you want. Start over.
Delete the old Internal switch and start over.
...
Adapter to an existing Hyper-V Switch Network
Once you create a Private or Internal switch you can then connect it to VMs and configure them with network addresses so they can talk to each other. Suppose you assign them to the 192.168.10.* subnet.
A physical adapter is connected to external devices that are part of some physical network. Frequently addresses are assigned to a physical network by a DHCP server on a gateway router supplied by your ISP. For the example, assume the physical Ethernet uses the 192.168.3.* subnet.
Adding the physical adapter to the internal Hyper-V network would “bridge” two different networks with two different subnets. This would work, but nothing could talk to a device on the other subnet.
| Info |
|---|
If you have an existing Internal Switch and absolutely want to add a physical network adapter to it knowing the consequences, first change it to SwitchType Private to get rid of the existing host virtual network adapter connected to the Switch. Then use Set-VMSwitch to add both the physical network adapter and a newly generated host virtual network adapter to the Switch (implicitly changing it to SwitchType External) so Hyper-V will get the bridging set up correctly between the physical device and the new virtual device in the Windows Kernel. |
Create a Switch with a Physical Network Adapter
The only operation with a sensible result is to attach the physical network adapter to a new Switch you create as part of a single operation.
| Code Block |
|---|
PS C:\Windows\System32> New-vmswitchVMSwitch -Name ExampleHomeNet -NetAdapterName Ethernet -AllowManagementOS $true Name SwitchType NetAdapterInterfaceDescription ExampleHomeNet External Intel(R) Ethernet Connection (18) I219-LM PS C:\Windows\System32> get-netadapter Name InterfaceDescription ifIndex Status MacAddress LinkSpeed Ethernet Intel(R) Ethernet Connection (18) I219… 23 Disconnected C4-C6-E6-30-3F-37 0 bps vEthernet (ExampleHomeNet) Hyper-V Virtual Ethernet Adapter #4 32 Disconnected C4-C6-E6-30-3F-37 0 bps |
You need to know the name of the physical netadapter (“Ethernet” from the previous example)If you have an existing Internal or Private network connected to VM adapters, you can either reconnect the VM adapters to the new Switch or create new virtual adapters on some of the VMs and connect them to the new Switch while also leaving the VM connected to the old network with the old subnet.
Hyper-V Manager Switch Configuration
...
It is useless because all it does it set the default choice among three radio buttons on the next form, but you can always change that selection before you click the create button:
...
You give it a Name at the top and can change your mind and click any of the three radio buttons for Private, Internal, or External (where you then choose a physical network adapter from the list and click the Allow Management OS checkbox to create a host virtual network adapter with the Switch.
You can come back to this form and change the type of switch with the radio buttons, but you have the same IP subnet conflict problem changing from an existing Internal to External.
Network Adapters in the VM configuration
Each Hyper-V VM has a configuration including virtual disks and virtual network adapters. Each virtual disk is associated with a *.vhdx or *.iso file somewhere on the host disk, and each network adapter is either unconnected or connected to a named Virtual Switch.
...
Here there are two network adapters. The first adapter is connected to the Hyper-V Default switch/network. The second is connected to a Switch named “Bridge”. At any time you can disconnect a Virtual network adapter or connect it to another Switch. This simulates unplugging the Ethernet cable from a real computer and plugging in a cable connected to something else.
At any time you can add a new Network Adapter.
...
This is something like plugging a USB Ethernet adapter into a computer.
When you create a new Virtual Network Adapter you will be given a chance to connect it to any of the defined Virtual Switches or else to leave it unconnected for now:Using Hyper-V Manager you don’t have to remember PowerShell commands or the names of options, and you get a nice pulldown list of physical Ethernet adapters on the host system.
Note: this list includes adapters that are already being used with other switches and cannot be selected or you will get an error message instead of creating the switch.
Virtual Network Adapters in each VM
Each Hyper-V VM has a configuration including virtual disks and virtual network adapters. Each virtual disk is associated with a *.vhdx or *.iso file somewhere on the host disk, and each network adapter is either unconnected or connected to a named Virtual Switch.
...
Here there are two network adapters. The first adapter is connected to the Hyper-V Default switch/network. The second is connected to a Switch named “Bridge”. At any time you can disconnect a Virtual network adapter or connect it to another Switch. This simulates unplugging the Ethernet cable from a real computer and plugging in a cable connected to something else.
At any time you can add a new Network Adapter.
...
Adding an adapter to a running VM will work if the operating system reacts to the kind of hardware changes that happen when you plug a physical adapter into a USB port.
Once the adapter is defined, at any time you can connect or disconnect or change the virtual switch to which the adapter is attached. This is equivalent to plugging or unplugging an Ethernet cable to a physical adapter.
...
VLANs
If you don’t know about VLANs or do not use them, ignore this.
...