Table of Contents
- Connecting Hyper-V Virtual Machines to the Physical Network
- Hyper-V Virtual Network Components
- Hyper-V Extensible Switch Types and Use Cases
- Converged Networking
- Creating A New Hyper-V Virtual Switch
- Takeaways
There are many crucial components that make up any virtualization environment including the physical hosts, the storage, and the networking components. Focusing more on the networking side of things, the networking components allow the physical hosts to communicate with one another, with management tools, with storage and allows the virtual machines to communicate within the constructs of the virtual environment and the physical network.
Microsoft Windows Server Hyper-V networking has powerful capabilities built right into the hypervisor that allows plumbing network traffic between virtual machines and into the physical network in a very granular and manageable way.
In this post, we will take a look at Hyper-V network configuration to connect Hyper-V virtual machines to the physical network and see what mechanisms are available for doing so.
Hyper-V Virtual Network Components
An extremely important part of the Hyper-V virtual network is the virtual network interface card or vNIC. Typically, most are familiar with the network interface card or NIC in the physical world. This is the piece of hardware that allows connecting a physical server or workstation to the physical network and allowing network communication.
In the virtual world, the vNIC has very much the same role as the physical NIC. It allows connecting virtual machines into the virtual network and thereby connecting them into the physical network via the same TCP/IP communication protocols. These virtual network interface cards must have a mechanism that allows them to connect into the physical network from the virtual.
How does this happen? This is done by way of the Hyper-V Extensible Switch.
The Hyper-V Extensible Switch is also known as the Hyper-V Virtual Switch. This is the virtual ethernet component where the Hyper-V virtual machine NICs plug into. The Hyper-V Virtual Switch is then bound to a physical network adapter(s) on the physical Hyper-V Host which then plugs into the physical network. The Hyper-V Virtual Switch is a software that runs inside the management operating system of the Hyper-V parent partition.
Part of the reason the Hyper-V Extensible Switch is called an “extensible” switch is that it supports the capability to be extended by independent software vendors that want to enhance the default functionality. This is accomplished by way of NDIS filter drivers, known as extensions which can bind themselves within the virtual switch driver stack. After installation, they can be enabled or disabled on separate instances of a Hyper-V extensible switch.
When a Hyper-V virtual machine is started, the Hyper-V Extensible Switch creates a port before the VM NIC is exposed within the guest OS. The virtual machine network adapter is then enumerated and connected to the Hyper-V Virtual Switch.
Hyper-V supports different kinds of Virtual Switches that allow controlling virtual machine traffic in different ways. This allows greater flexibility in defining how virtual network traffic is connected to the physical network.
Let’s take a look at each of these different switch types and see how they behave and control traffic differently.
Hyper-V Extensible Switch Types and Use Cases
Hyper-V supports the creation and use of three different Virtual Switch types:
- External Virtual Switch
- Internal Virtual Switch
- Private Virtual Switch
Let’s take a look at each of the different types of Hyper-V Virtual Switches and see how they allow administrators to control the flow of traffic from the virtual to the physical network.
External Virtual Switch
The External Virtual Switch is perhaps the most common switch that is created in the Hyper-V environment. The External Virtual Switch enables connecting virtual machines to the physical network. It allows network traffic to be able to egress from the virtual network out to the physical network connected to the Hyper-V host. The External Virtual Switch is the default switch type that you will see selected when you create a new virtual switch in Hyper-V manager.
Internal Virtual Switch
The Internal Virtual Switch is a type of switch that allows create isolated virtual network environments on which to place Hyper-V virtual machines. The Internal Virtual Switch is a perfect choice for DEV/TEST/STG environments where entire networks may be simulated to have isolation from production. All the virtual machines that are placed on the Internal Virtual Switch can be communicate to one another, but not to any other virtual machines outside the specific Internal Virtual Switch they are placed.
There are use cases involving an Internal Virtual Switch where virtual security appliances running on a Hyper-V host may be provisioned with two virtual network adapters, one of which is connected to the Internal Virtual Switch. The other virtual network adapter is connected to an External Virtual Switch. This can serve the purpose of further scrutinizing traffic if traffic from any of the virtual machines on the Internal Virtual Switch needs to access the physical network for some reason. This can be common in a high security environment that may require extra security measures from a network perspective.
Private Virtual Switch
The Private Virtual Switch has a very specific purpose. When using this type of Hyper-V Virtual Switch, the host itself is not able to see IP communication from the VMs that are attached to this type of Virtual Switch. You can connect to these VMs via the console, but not via the network. Again, the virtual machines on this type of Virtual Switch are able to communicate with one another as is the case with the Internal Virtual Switch, but the host is not able to communicate with these VMs. This is the difference between the Internal and Private Virtual Switches.
A very common use case with the Private Virtual Switch is using this type of Virtual Switch when creating a network for cluster traffic. This is needed if you created a guest cluster of Windows Server virtual machines inside of Hyper-V and are provisioning the cluster network for the heartbeat communication between the cluster nodes.
You can also connect a VM to both an External Virtual Switch and a Private Virtual Switch as is the case mentioned above with the Internal Virtual Switch. This would allow a VM to communicate with other VMs on the Private Virtual Switch as well as with external resources on the physical network.
Converged Networking
When thinking about the actual physical network adapters that exist on a Hyper-V host, the number of physical connections and uplinks can add up. With Windows Server 2016, Microsoft introduced a new type of supported network configuration from the host side called Converged Network that allows exposing RDMA through a host-partition virtual NIC. This allows the host partition services to access RDMA on the same NICs that are used for Hyper-V guest operating system network communication.
Before Windows Server 2016, RDMA and guest operating system traffic required the use of separate, dedicated physical network interface cards. Now, with Windows Server 2016, the Converged NIC, these two workloads cannot co-exist on the same physical NICs on the Hyper-V host. This leads to having to install fewer NICs in the Hyper-V hosts as well as fewer uplinks into the physical network.
Creating A New Hyper-V Virtual Switch
In the Hyper-V Manager, creating a new Hyper-V Virtual Switch is accomplished in the Virtual Switch Manager found in the Hyper-V Manager utility.
As you can see, you have the three different Virtual Switch types available – External, Internal, and Private.
When you select an External Virtual Switch, you will be asked to configure the physical network connect the External Virtual Switch will be connected to.
When you select an External Virtual Switch, you will be asked to configure the physical network, the External Virtual Switch will be connected to.
Takeaways
Hyper-V network configuration options are very powerful for getting virtual traffic from the Hyper-V environment connected to the physical network. By using the various Virtual Switch types from the Hyper-V Extensible Switch, administrators have a great deal of flexibility in controlling how traffic can be contained or traverse externally outside the Hyper-V host.
Using the new converged networking feature in Windows Server 2016 and higher, Hyper-V hosts can be configured with fewer network adapters and will be able to use fewer up-links to the physical network. Creating the various networks is easily accomplished in the Virtual Switch Manager via the Hyper-V Manager console. By understanding the features and functionality of the various network capabilities found in Hyper-V, administrators can effectively and efficiently control and funnel traffic based on business needs and use cases.
Related Posts:
Hyper-V Virtual Switch Part 1 : Overview
Hyper-V Virtual Switch – part 2 – Creating Hyper-V Virtual Switches
Hyper-V Virtual Switch – Part 3 – Managing Hyper-V virtual switches
Hyper-V Virtual Switch Using NAT Setup
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.
