Virtual switches are the components on Hyper-V that are responsible for controlling the network traffic between the virtual machine, the host, and the physical network. Their supporting features and advanced management capabilities limit, secure, isolate, protect, and control the way VMs send and receive network data.
The virtual switches available in Windows 2016 Hyper-V come with some interesting features such as private VLANs, bandwidth management, spoofing protection, and other components that we will cover in this recipe.
Before we start with advanced components, you will see the basic switch options, and how to create and add a virtual switch to a virtual machine.
To use the external switches on Hyper-V, make sure that the network drivers are installed and the network adapter is enabled on the host computer.
The following steps cover the process of creating a new virtual switch and configuring its common settings.
- To create a new virtual switch, open the Hyper-V Manager and click on Virtual Switch Manager in the action pane.
- Select the type of virtual switch you want to create, the choice is between External, Internal, or Private and click on Create Virtual Switch, as shown in the following screenshot:
Virtual Switch Manager
- A new virtual switch will be available on the left-hand side. Specify a name and a description for your virtual switch in the pane on the right-hand side.
- For the Connection type option, you can select External, Internal, or a Private network. For external networks, you have two options—Allow management operating system to share this network adapter and Enable single-root I/O virtualization (SRIOV). For external networks, select the network adapter from the host computer that will be bound to the virtual switch in the drop-down list. In the following screenshot, a virtual switch has been created using the external network option:
New virtual switch
- If necessary, enable the VLAN ID by clicking on Enable virtual LAN identification for management operating system and specify an ID for it under VLAN ID.
- To confirm the options that have been chosen and to create your new virtual switch, click on OK.
- To add the new virtual switch to a virtual machine, open Hyper-V Manager, select the virtual machine you want to change, and click on Settings in the action pane.
- In the virtual machine settings, select an existing network adapter or add a new one using the Add Hardware option in the pane on the left-hand side.
- In the network adapter, under Virtual switch, from the drop-down list, select the virtual switch that you want to add to your VM. In the following screenshot, the virtual switch created in the previous task—External Virtual Switch—has been added:
Binding a new VM to a new virtual switch
- To create a network bandwidth limit for your VM, check the Enable bandwidth management option and specify the Minimum bandwidth and Maximum bandwidth, as shown in the preceding screenshot and click on OK.
- After that, your virtual machine will use the created virtual switch and you will be able to change the network settings within the VM.
As with the previous versions, Hyper-V still has the same three network types when creating a new virtual switch: external, internal, and private network.
The external network is used when you want to allow the virtual machine to access the physical network. Essentially, a physical network adapter is bound to the virtual switch and Hyper-V takes over the control and the access between the virtual machines using the virtual network and the network adapter on the host computer.
While creating an external network, you can specify to share the external network adapter with the host computer by selecting Allow management operating system to share this network adapter. Although this option is good for test and development environments and the obvious example of when there's only one physical network adapter, it is recommended to use either a dedicated physical network adapter or a virtual network adapter for the host computer, and a different physical network adapter or a virtual network adapter per external network, based on the Hyper-V hosts networking requirements, for example, to support cluster or Live Migration traffic.
The second network, called the internal network, allows communication between all the virtual machines amongst themselves as well as with the host computer. This network doesn't have a physical network adapter attached to it. It's very common for test and development scenarios when the VMs need local and restricted network access. It also creates a NIC in the parent partition, allowing the administrator to configure the network for accessing VMs connected to the same internal network.
Private networks don't have a physical network adapter bound to a physical network adapter either. It limits all the communication to the virtual machines only. They don't have access to the host and the physical network when using the private networks. The only network traffic within a private network is between its virtual machines.
When adding the same virtual switch for multiple virtual machines, you may require some isolation between them. For example, when you have an internal network being used for 20 VMs, you can isolate them in two groups of 10 virtual machines. In a physical network, this is known as Virtual Local Area Networks (VLAN). If your physical network adapter has support, you can do the same via Hyper-V by setting up all the virtual machines with the same VLAN ID.
When you specify a virtual switch in a VM, there is another feature that can create a QoS policy called bandwidth management. With this, you can limit the network usage per virtual machine by setting up the minimum and maximum values so that Hyper-V can block the bandwidth usage when it reaches the specified limits, or the inverse by adding a high reservation to make sure that your VM has a dedicated workload on that network adapter.
The virtual switch drivers are loaded when the virtual machines and their integration services start. If you have VMs with no support for integration services, or if you need to boot the VM via the network and it's a Generation 1 VM, the normal virtual switch will not work. In these cases, you can add the legacy network adapter. To add this adapter, open the virtual machine settings, click on Add Hardware in the top-left pane, select Legacy Network Adapter, and click on Add.
A new legacy network adapter will show up in the pane on the left-hand side, as shown in the following screenshot:
Binding a new VM with a legacy NIC to a new virtual switch
Under Virtual Switch, select the switch you want to use on the virtual machine and click on OK. Your virtual machine will start and will automatically recognize the new network adapter, allowing you to boot over the network, or in VMs that are without the integration components.