Every Virtual Machine needs basic Internet access to apply maintenance, add optional features, and install programs and libraries. Hyper-V has a built in Default network that provides VMs with general network access without any configuration because it runs through a gateway in your native Windows 11 system and piggybacks on the networking you already have.
In technical terms, Default provides each VM with network addresses and parameters through DHCP, resolves network names on your host, provides a NAT gateway on the host, and uses the host routing tables to select the best choice from your wired, wireless, or VPN connections. There is no better solution for basic client access from any VM.
Normally connect the first network adapter on a generic VM to the Default network and let it dynamically configure itself. If you need custom networking, add a second virtual network adapter to the VM.
With a connection to Default, a client program on the VM can access anything on the host computer, the local network (home or Yale), any VPN your computer is connected to, and the general Internet. Default allows client programs on the host computer to dynamically find and connect to VMs by hostname (using “hostname.local” dynamic name resolution).
You need a custom network to give a VM a static IP address, to expose services running on a VM to clients on another computer, or to make a VM look like a normal computer on your local network.
Hyper-V is not “Bare Metal” Virtualization
In large datacenters virtual machines are created by specialized hardware. These systems can have special network adapters that allow virtual machines to communicate directly at the hardware level.
Hyper-V can work on any computer that supports Windows, and it can run on any network adapter that runs with Windows, including adapters connected through USB or on a docking station. It emphasizes generality over optimization, so it cannot connect any hardware device directly to a VM. It is, however, built into the Windows Kernel rather than running as an application program.
The network adapters are installed into Windows, have Windows drivers, and appear in the Windows Device Manager. They may have hardware optimizations that can be turned on or configured on the host system. Most users will ignore these options, but anything configured in the native Windows system will also apply to all VMs.
Generic Virtual Network Adapters
The interface between an operating system and a network device drive is fairly simple, and many different types of software will generate what appears to be a network adapter but is really some type of software service. VPN software creates a simulated direct network connection to the campus, but actually sends the data on an encrypted session over the public internet. Simulated network adapters are part of WSL, Docker containers, and other software.
Hyper-V, like most virtual machine supervisors, has created its own virtual network device drivers that will be installed automatically when a Windows or Linux system discovers that it is running in a Hyper-V VM. Instead of simulating a hardware device, network communication is handled by translating software calls from the operating system in the VM to software calls from the VM to Hyper-V itself.
A Linux application does a system call to the Linux kernel, which then calls the Linux Hyper-V network device driver, which then calls out from the VM to Hyper-V running in the real computer. Hyper-V then processes the request by moving the data to another VM or to the host Windows system, where it will either be fed up through another Hyper-V device driver or passed to the Windows device driver of a real physical network adapter card.
The Virtual Switch Meme
Hyper-V networking has the same services and configuration options as competing options like VMware Workstation or Oracle VirtualBox. Other systems may create a named “virtual network” and then connect virtual adapters on each VM to that network by its name. Hyper-V does the same thing, but Microsoft has decided to call it a “virtual network switch” instead of a “virtual network”.
The only advantage of this meme is that a switch is a physical device in the real world, and when you are drawing diagrams in a tool like Visio, you can find a standard picture for a switch and add it to your diagram along with pictures of real or virtual computers connected to the switch:
Using the Hyper-V Manager or PowerShell scripts, an administrator connects a virtual network adapter configured on a VM to the Switch. The host Windows system can also get a virtual network adapter connected to the Switch, and optionally one physical network adapter on the host system can also be connected to the switch. Loosely speaking, Ethernet packets transmitted by any virtual adapter connected to the Switch, and packets received by the physical network adapter from an external network are examined by Hyper-V and based on the 6-byte Ethernet ID in the destination field of the packet, it is transferred to the appropriate virtual network adapter configured with that ID.
Physical Network Adapter Bridge
Through Hyper-V, the host Windows system can assign one physical network adapter to a Hyper-V Virtual Switch. VMs attached to the Switch appear to the external Ethernet network as individual real computers. They can be assigned IP addresses statically or dynamically (from the external DHCP server). The VMs can expose database services or Web applications to the external real computers.
Remember that through the Default network any client on a VM can access any external service that the host computer to access. The only reason to assign a physical adapter to Hyper-V is so that external clients can connect to servers on the VMs.
If you have an unused network adapter available, you can choose to dedicate it to a Hyper-V Switch. Then only the VMs will use it, and the host will continue to use other adapters.
However, you may have only one network adapter, and you may already be using it for all your internet access. You can only afford to share it with the VMs. It is already configured with your personal communication preferences (IP address, name servers, etc.) and you don’t want to have to redo all that.
Hyper-V has to operate inside the Windows Kernel using the existing rules for device drivers and network stacks. One device cannot be directly connected to two different networks. Hyper-V is already set up to create a virtual network adapter if the host operating system wants to talk to VMs through a custom Hyper-V switch.
The last piece of the puzzle is that Window has always had a relatively obscure option to connect two physical network adapters together so the Windows machine can be used as a bridge between two physical networks. This may go back 30 years to a time when network equipment was more expensive, but it hasn’t been removed even though it is almost never used.
At a high level, the way this works is:
Hyper-V creates a virtual network adapter in the Windows operating system and connects it to the Switch.
All the Ethernet and Internet communications configuration on the physical network adapter is moved from the physical adapter to the new virtual adapter. Any networking tables in Windows associated with the IP address or Ethernet ID or active sessions are changed to point to the new virtual adapter.
The physical adapter, no longer connected to anything, is set up to act as a bridge between the external network (whatever is on the other end of the RJ45 cable plugged into the adapter) and the Hyper-V “Virtual Switch” component (which itself is a kind of bridge between the host and VM adapters).
Windows does this reconfiguration as quickly as possible, but there is a warning that there may be a very short interruption of communication. When it is done, all the connections between host applications and external network services are still live.
If you look in Device Driver and Network Connections, you will now see the old physical network adapter and the new Hyper-V Virtual Network adapter. You may note that the physical network adapter no longer seems to have Internet access. This is because it is now only operating at the Ethernet packet level moving data between the external network and Hyper-V. Internet access now appears to be provided through the Virtual Network Adapter that connects you to the Virtual Switch and VMs. Once the physical adapter is owned by Hyper-V, the Virtual Switch is the way that the host Windows system accesses the external network.
Layers (abbreviated)
At this point anyone writing about networking is obligated to mention the 7 Layers of the OSI Networking Model. Now that I mentioned it, we can ignore the textbook stuff and just talk about how network stuff is done in the Windows Kernel.
An application calls some library of services to send a stream of bytes over a connection to some remote network endpoint known by its IP address or hostname and a port number.
Inside the Kernel part of the Windows networking code wraps the stream of data into a TCP “packet” associated with a port number destination. The TCP packet is then broken into one or more IP packets with the IP address of the destination. The IP packet is then broken into one or more 1500 byte Ethernet packets with a 6-byte Ethernet destination address of another device on the local network, which may be the final destination or else will be a gateway device that forwards the data to bigger networks and eventually the whole Internet.
This processing up to this point is universal. It doesn’t matter what you are doing (browsing the Web or backing up your disk files) and it doesn’t matter how the network connection is made (wired, Wi-Fi, or Bluetooth through a Intel, Realtek, or Broadcom chip that is on the motherboard, an adapter card, a USB port, or a Thunderbolt hub). The next step is a mess of possibilities. So, Hyper-V does not take the next step.
In every VM and on the host system, as soon as the data has been reduced to a bunch of Ethernet packets the Hyper-V virtual network adapter simply turns these packets over the Hyper-V system controlling the computer. Hyper-V can look at the 6-byte Ethernet ID destination in each packet. It knows every 6-byte Ethernet ID of every virtual adapter it created, and if it finds a match it can move the packet to the destination adapter in any VM or in the Windows host. If the destination is not known, but the Swtich is associated with a physical network adapter, then it can send the packets out on the external Ethernet network to have them delivered.
Configuring Hyper-V Virtual Switches
Every time your computer boots up, Hyper-V recreates and configures the Default Network/Switch. It has no configuration because it uses all the network configuration of the Windows host system to resolve names and route traffic through the fastest available network path. If you try to mess with it or delete it, it will be recreated fresh when you restart the system.
Other Virtual Switches can be configured using the graphic tool named Hyper-V Manager or by typing PowerShell commands into a Run as Administrator PowerShell session.
PowerShell is probably not the option you will choose, but it breaks the process down to a step by step procedure that explains the possibilities more clearly than using the GUI configuration panel.
Create
To create a naked Switch with nothing attached to it, you provide a Name. This simplest option is not the default for the command, so you add the “-SwitchType Private” option or the command will complain that you have forgotten other parameters
PS C:\Windows\System32> New-VMSwitch -Name Example -SwitchType Private
A naked switch can then be connected to virtual network adapters on VMs. Once connected, the VMs can talk to each other, but not to the host or the Internet through this Switch.
Add the Host
Hyper-V provides communication from the host Windows system to the Switch, and therefore to the VMs connected to the switch, by creating a Hyper-V Virtual Network Adapter device in the host Windows 11 operating system.
If there was a command to create the host virtual network adapter, then you could execute it twice and get two of them. Hyper-V doesn’t want you to have two, so the adapter is created when you change the SwitchType from “Private” to “Internal” and is deleted if you then turn the SwitchType back from “Internal” to “Private”. You see the new virtual adapter in the list returned from “Get-Adapter”.
PS C:\Windows\System32> Set-VMSwitch -Name Example -SwitchType Internal PS C:\Windows\System32> Get-NetAdapter Name InterfaceDescription ifIndex Status MacAddress LinkSpeed Ethernet Intel(R) Ethernet Connection (18) I219… 23 Disconnected C4-C6-E6-30-3F-37 0 bps vEthernet (Example) Hyper-V Virtual Ethernet Adapter #4 66 Up 00-15-5D-02-A0-04 10 Gbps ...
Note that there is an unused Intel physical adapter named “Ethernet” that will be used in the next example.
Problem Adding a Physical Adapter to an existing Hyper-V Switch Network
Once you create a Private or Internal switch you can then connect it to VMs and configure them with network addresses so they can talk to each other. Suppose you assign them to the 192.168.10.* subnet.
A physical adapter is connected to external devices that are part of some physical network. Frequently addresses are assigned to a physical network by a DHCP server on a gateway router supplied by your ISP. For the example, assume the physical Ethernet uses the 192.168.3.* subnet.
Adding the physical adapter to the internal Hyper-V network would “bridge” two different networks with two different subnets. This would work, but nothing could talk to a device on the other subnet.
Ultimately, both the PowerShell commands and the Hyper-V Manager tool allow you to do it, but they generate a mess you certainly don’t want.
The only operation with a sensible result is to attach the physical network adapter to a new Switch you create as part of a single operation.
PS C:\Windows\System32> New-VMSwitch -Name HomeNet -NetAdapterName Ethernet -AllowManagementOS $true Name SwitchType NetAdapterInterfaceDescription HomeNet External Intel(R) Ethernet Connection (18) I219-LM PS C:\Windows\System32> get-netadapter Name InterfaceDescription ifIndex Status MacAddress LinkSpeed Ethernet Intel(R) Ethernet Connection (18) I219… 23 Disconnected C4-C6-E6-30-3F-37 0 bps vEthernet (HomeNet) Hyper-V Virtual Ethernet Adapter #4 32 Disconnected C4-C6-E6-30-3F-37 0 bps
If you have an existing Internal or Private network connected to VM adapters, you can either reconnect the VM adapters to the new Switch or create new virtual adapters on some of the VMs and connect them to the new Switch while also leaving the VM connected to the old network with the old subnet.
Hyper-V Manager Switch Configuration
In the Actions menu, click on Virtual Switch Manager …
In this panel there is an entirely useless option list asking what type of Switch you want to create.
It is useless because all it does it set the default choice among three radio buttons on the next form, but you can always change that selection before you click the create button:
Using Hyper-V Manager you don’t have to remember PowerShell commands or the names of options, and you get a nice pulldown list of physical Ethernet adapters on the host system.
Note: this list includes adapters that are already being used with other switches and cannot be selected or you will get an error message instead of creating the switch.
Virtual Network Adapters in each VM
Each Hyper-V VM has a configuration including virtual disks and virtual network adapters. Each virtual disk is associated with a *.vhdx or *.iso file somewhere on the host disk, and each network adapter is either unconnected or connected to a named Virtual Switch.
Here there are two network adapters. The first adapter is connected to the Hyper-V Default switch/network. The second is connected to a Switch named “Bridge”. At any time you can disconnect a Virtual network adapter or connect it to another Switch. This simulates unplugging the Ethernet cable from a real computer and plugging in a cable connected to something else.
At any time you can add a new Network Adapter.
Adding an adapter to a running VM will work if the operating system reacts to the kind of hardware changes that happen when you plug a physical adapter into a USB port.
Once the adapter is defined, at any time you can connect or disconnect or change the virtual switch to which the adapter is attached. This is equivalent to plugging or unplugging an Ethernet cable to a physical adapter.
VLANs
If you don’t know about VLANs or do not use them, ignore this.
Since Hyper-V switches are themselves virtual, you can create as many as you want. The only use for VLANs is when you have a physical network adapter connected to a switch that is connected to a network that not only supports VLANs but where the connection to the adapter is configured as “tagged” (meaning that the adapter can send Ethernet packets with a prefix that selects which VLAN the packet is associated with).
Each VM virtual adapter can be configured with a specific numeric VLAN number, and if the host is sharing use of this physical adapter, then its dummy network adapter connected to the virtual switch can also be assigned a VLAN ID number.