Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 10 Next »

Summary

Hyper-V networks simulate wired networking and are configured as named virtual switches created by the Hyper-V Manager.

In the Settings of a VM you can create one or more virtual Network Adapters and connect each one to a named virtual switch.

VMs connected to the same virtual switch can communicate with each other in the same way physical computers connected to the same physical switch can communicate.

The Hyper-V manager can create a synthetic Network Adapter in the Host OS and connect it to a virtual switch. This allows the host to communicate with VMs attached to that switch.

The Hyper-V manager can associate s virtual switch with a physical LAN adapter in the host computer. The LAN adapter passes through all traffic from the external physical switch to which it is connected to the internal virtual switch with which it is associated. The physical and virtual switches are “connected” to each other in almost the same way that two physical switches are connected when you run a Ethernet cable between them.

You can both connect the host to a virtual switch and associate a physical LAN adapter with the switch. This is so common that it is usually done in a single operation that transfers the addresses and configuration that the physical Network Adapter previous had on the external network to the new synthetic network adapter that connects the host to the switch. The effect is to share what was previously a host network connection with the VMs. This works if the external network is prepared to talk to the VMs as if they were real computers.

Unconfigured Networks

Your ISP provides you with a gateway device that manages the connection to the ISP (for example, a cable modem for Comcast or another cable TV provider), provides WiFi and typically 2 or 4 wired network ports. The wired ports are a switch because devices connected to them can talk to each other as well as to the gateway and through it to the Internet. The gateway provides IP addresses to computers through DHCP. If you need more than the provided number of wired ports, you can buy a separate wired switch for less than $20. Typically you do not configure more than a WiFi password. Connect any device to the network and it just starts working.

Hyper-V networking, however, started in a machine room with Enterprise servers and exclusively wired network devices. It supports more technically sophisticated options that are exposed in the Hyper-V Manager.

Rather than dumb down the administrative tools, in Windows 10 Microsoft creates a network (virtual switch) named Default which you can treat just like your ISP gateway (without the WiFi). Create a VM and connect it to the Default network and it is automatically configured and is connected to the internet (assuming your host computer is connected to the internet first). You cannot get rid of Default, and you cannot reconfigure it. Microsoft does the equivalent of a “factory reset” on it every time you restart your system.

This paper is for people who want something other than Default.

The Virtual Switch

A virtual switch is a way that Microsoft chose to configure they way that VMs communicate with each other, with the host, and with an external real network connected to Hyper-V through a physical Network Adapter on the host computer.

Hyper-V does not simulate a real switch. It moves data between a VM and another VM, the host computer, or the physical Network Adapter based on the configuration of virtual switches “attached” to virtual switches. The important difference is that real switches can be connected one to another, and data can move from a computer through a sequence of physical switches to another device. Physical switches are all peers and they allow traffic to move through them freely.

A Hyper-V virtual switch, however, is like a suburban dead end street. You enter from one end (the host or physical Network Adapter, and you can then go to any address on the street. However, when you get to the end of the street you can only turn around and go back. Hyper-V requires that either the sender of the message be directly attached to the switch or else the receiver can be directly attached to the switch, but it is not a through street where traffic can just pass through on its way to and from somewhere else.

Therefore, you can connect the host Windows system to a switch and you can connect one (and only one) physical Network adapter to the switch. The host can serve as a gateway to the Internet, or the physical Network Adapter can be connected to your home network where your ISP provided a Gateway device.

If you want to create Linux VMs that simulate various network components, you can configure a Linux NAT Gateway or a Linux Router, but if you try to turn a Linux VM into a Bridge device to seamlessly connect two networks, that is the one thing that works with physical computers and real switches but doesn’t work with Hyper-V virtual switches.

Switch Types

The Microsoft Hyper-V Managers utility give three names to specific configurations and if you use the GUI you have to choose one of the names. The Powershell commands, however, allow you to add or remove physical LAN adapters and a virtual host LAN adapter to existing switches without regard to these limited names. In reality there are four possibilities and two ways to use the fourth option:

Hyper-V “Private” - A virtual switch that is neither connected to a LAN adapter or to the host operating system is “private”. You connect VMs to it and they can talk to each other. Since this would leave the VMs unable to update themselves if it were the only network they have, you typically connect at least one of the VMs to another switch that is connected out and have that VM serve as a NAT gateway or router for the other VMs.

Hyper-V “Internal” - A virtual switch that is connected to the Windows 10 host (through a Hyper-V virtual LAN) can provide the VMs with some type of protected client access to the real network and internet if the Windows 10 host will provide the router function. Any Windows 10 system can provide a NAT gateway using the Powershell New-NetNAT command, but Windows 10 doesn’t have a DHCP service. So either you have to configure static addresses for each VM, or you need one of the VMs to provide DHCP to all the other VMs (and make sure that VM is running all the time).

Hyper-V “External” (special case) - If you only connect a spare unused physical LAN adapter on your host computer to the virtual switch and you don’t connect the host to that switch, then you can physically connect the VMs directly to the real network without going through the host OS. Each VM can have its own network address just like real computers on the physical network. The host can talk to them, but through the external network as if they were other real computers and not internal VMs. Typically this requires the host to have two LAN adapters. Of course, many people connect their laptop to the WiFi and they have a spare wired Ethernet port they aren’t using, but if that is not the case you can get an adapter card for a desktop or a USB Network Adapter for a laptop.

Hyper-V “External” Bridge - This is the more common configuration where you connect both a physical host LAN adapter and a virtual host LAN adapter to the same switch. Normally you ask the Hyper-V Manager to create both types of connections at the same time. After a brief break in network connectivity, the host OS still has a wired connection to the same network with the same network address as before. Now, however, it can share that LAN adapter and cable with the VMs connected to the switch. They also appear to be on the physical network, get the same type of network address that the host had, can talk to other computers on the network, and can share files and provide services to other computers.

Hyper-V “External” (physical private VM network) - The last type is something like the previous special case because you associate the virtual switch with a spare LAN adapter, but in this case you do not connect that adapter to the public network. You can connect it to a cable that runs between two computers, or to a private switch not connected to the internet. You may do most of your work on a laptop, but laptops are not powerful machines. You can use this to connect your laptop privately to a more powerful desktop workstation. Run Hyper-V on both the laptop and the desktop and the laptop host system you normally use where all your tools and files reside is not only able to talk to its own VMs but also to the VMs created by the connected desktop. Again you have to solve the problem of creating a gateway or router on either the laptop or the desktop so the VMs can install software and get updates from the internet.

Splitting the Physical Network Adapter

If you start out with a physical Network Adapter that is configured to the host OS, and you then associate it with a Hyper-V virtual switch, the configuration of the Network Adapter splits in half. On the host Windows 10 system, you start with one Network adapter and end up with two.

One network adapter on the host system represents the physical device that is now being shared with the VMs. If you look at it in Device Manager, it still has all the parameters associated with firmware (except for the Ethernet hardware address). If you want to allow Jumbo Frames, this is the device that manages those options.

A new Virtual Ethernet Adapter has been created in the Host Windows 10 system which gets the Ethernet Hardware (MAC) Address from the adapter and also all the higher level network drivers, especially the IPv4 and IPv6 configuration options. This is because the Host Windows 10 system must have its own addresses, both at the Ethernet level and at the Internet level. Other VMs will also be connected to the switch, and each will have its virtual Network Adapter with its own Ethernet hardware address and its own IPv4 and IPv6 configurations separate from the host.

Name                      InterfaceDescription                    ifIndex Status MacAddress  
Ethernet                  Marvell AQtion 10Gbit Network Adapter        15 Up     70-85-C2-C7-BF-6E
vEthernet (Bridge)        Hyper-V Virtual Ethernet Adapter #3          13 Up     70-85-C2-C7-BF-6E

Here a Marvell AQtion 10Gbit adapter card has been shared with a Hyper-V virtual switch named “Bridge”. It has generated two Network Adapter entries. The first represents the card itself, while the second contains all the addresses that the host uses to send and receive data. Each VM attached to the switch will have its own distinct addresses. Data from the host and the VMs will go through the one adapter card to whatever physical switch the adapter is connected to.

VLANs

As mentioned above, you can spend $15 to buy a simple 8 port switch or $20 to buy a “smart switch” that supports VLANs. Corporations like Yale use VLANs to partition the campus network up into groups of devices for security or traffic management. Home users may want a VLAN to separate their Internet of Trash devices from work devices, but you can do that by physically separating the two, especially since the IOT is wireless and the work devices can connect to each other wired.

So despite what the letters “VLAN” stand for, in Hyper-V Virtual Machine networks the most interesting use of VLAN configuration is to give a Virtual Machine a physical network port (it is an anti-virtual trick turning virtual stuff into real hardware).

You spend $20 for 8 ports or $40 for a 16 port smart switch. You create a Bridge virtual switch on your host computer and connect the adapter you assign to it to one of the ports on the smart switch. If you have more than one host running VMs, you may want to connect each of them to a port on the switch. If you want to use this to access the internet you need another port to provide a connection to the gateway or to a firewall through which you can get to the gateway.

Now in a quick oversimplified version of the configuration, you read the manual on the switch, connect a browser and sign into the web based administration tool that runs in the switch, and assign a VLAN ID number to a set of empty ports. The number is arbitrary, so lets assume you assign individual VLAN IDs 11, 12, …, 16 to six currently empty ports on the switch. Ports can be assigned to multiple VLAN IDs if they are “tagged”, and you do this to the ports where you just connected the Bridge physical adapter from the host computers and you make them part of all six VLAN IDs (in this example, and more if you get a bigger switch).

Now in the Hyper-V Manager you can display the configuration of each Virtual Machines and click on the configuration of the virtual LAN adapter connected to this Bridge switch.

You can click the check box for Enable virtual LAN identifier and then in the text box below it type in one the the IDs you assigned to the smart switch ports (11 to 16 in this example).

If one VM is assigned to VLAN ID 14 and one port on the smart switch is assigned VLAN ID 14, then this physical port on the smart switch has become essentially a physical representation of what would have been the LAN adapter jack on the back of the physical computer if the VM has been magically turned into a real physical box. You can plug in a wire to that port and it is directly connected to this virtual adapter on this VM.

Creating a physical LAN port in the real world for something that is otherwise virtual may be a useful trick for specialized types of network connections. More generally, VLAN capability allows a single network adapter to behave as multiple LAN adapters connected to different devices or networks, which can save money and PCIe slots in more complicated networking situations.

  • No labels