How does basic networking work in Hyper-V?


While it is possible to create some complex networking environments in Hyper-V, the basic concepts are relatively straight forward. This post walks some simple scenarios and how the main components operate in terms of the flow of data.

Let’s start by setting a level playing field and a “best practice”.

  • When adding the Hyper-V role in a full installation of Windows Server 2008, you have the option to create one or more external virtual network switches. (This option is not available in server core installations of Windows Server 2008). I’m going to assume that no external virtual network switches were created during installation, and the Hyper-V role is enabled.
  • Our recommendation, in a simple deployment, is to have at least two physical NICs in a physical machine– one (or more) dedicated to the physical machine, and one (or more) for virtual machines. The reason will become obvious as you work through this post.

To constrain the starting point, I’m assuming (for simplicity, not by recommendation) the physical machine contains a single physical NIC.

If you open Network Connections (Start/Control Panel/Network and Sharing Center, or Start ncpa.cpl), you would see something like below – a single connection.

1

And to get some more information, I’ve used View/Detail in the next screenshot:

2

Let’s look at the network bindings by selecting the NIC, right-clicking and choosing properties. Notice that (in this simple example), all protocols are bound to the NIC except the Microsoft Virtual Network Switch Protocol.

3

Let’s see what changes when we create an External Virtual Network Switch. Here, I’m using Hyper-V Manager, selected Virtual Network Manager, added an External Virtual Network named “Test External Network” and selected my single Physical NIC in the drop-down.  On hitting apply, you will get a warning that you may temporarily lose network connectivity while we reconfigure everything.

4 

5
Now let’s go back to Network Connections and see what has changed.

6

Notice that there are now two network connections listed, but with different Device Names. Let’s look at the top one first which has the device name matching the type of physical device and open the properties to examine the bindings. 

 7

Notice that nothing is bound except the Microsoft Virtual Network Switch Protocol. Now let’s open the other bottom one which has the device name matching the name I entered when creating the external virtual network switch, “Test External Network”.

8

Notice that everything is bound except the Microsoft Virtual Network Switch Protocol.

So what does this mean? Well, to explain, let’s take a physical switch. Let’s pretend it’s a simple “unmanaged” switch – the type you can buy as a commodity $30 device down at your local computer store. It typically has 8 ports on it. You can’t add ports to it. You can’t take them away. It has, and will only ever have 8 ports.

Now go “virtual” for one moment and in your mind create a Virtual network switch. It’s still conceptually a box with ports. Where things get a little different is that in the virtual world, ports can be added and removed dynamically as needed, without the need for a soldering iron.

Now let’s map this into what we just did above.

  • We created a new virtual network switch with two ports.
  • We added another NIC to the physical computer (it just happens that it’s a Virtual NIC, not a physical NIC)
  • We logically labeled the switch “Test External Network”.
  • We ran a couple of bits of “virtual” network plumbing
    • A pseudo virtual CAT5 cable from the virtual network switch to the physical NIC. (*)
    • A virtual CAT5 cable from the Virtual NIC into the virtual network switch
  • We re-jigged some network bindings.

(*) Bear with me on this point – it will make sense soon why there’s some software magic in this bit of virtual cable. Obviously words are nowhere as easy to understand as a picture. Here’s what we’ve done:

9 

On the top right, there is a networking application. Let’s assume it’s “ping”. What ping does is send a IP packet out to somewhere, and waits for a response to come back. With some gross over-simplification, here’s the steps:

  • Ping uses the Windows networking stack to determine where the IP protocol is bound. There is only one choice – it’s on the Virtual NIC.
  • An IP packet is sent down to the networking stack bound to the Virtual NIC. This is the flow labeled “1”.
  • The Virtual NIC has a bit of virtual CAT5 cable plugged into it. The virtual NIC does what any physical NIC would do:  Put the packet on the (virtual) wire. This is the flow labeled “2”.
  • The other end of the virtual CAT5 cable is plugged into a (virtual) port on the Virtual Network Switch called “Test External Network”. The packet appears at the switch port.
  • (Simplying again…) The Virtual Network Switch does what a physical counterpart would do and routes the packet to its destination. Without going into the detail of routing and learning algorithms, suffice to say it makes the packet makes it’s way to the other virtual port on the switch, coloured in blue. This is the flow labeled “3”.
  • At this point, remember that we’re dealing with a virtual network switch. This switch knows about the Microsoft Virtual Network Switch Protocol, and can therefore do some “magic” in software. The magic is basically getting the packet to the physical NIC. That’s the flow labeled “4”.
  • Once on the physical NIC, we’re down to physical networking, so the flows marked 5 and 6 show the data entering the physical world in the form of a Physical Network Switch and then onwards to some other server.
  • A packet coming the other way follows the same path in reverse.

Now as I said, I’ve over simplified.  Let’s take a look at one aspect of this model. First, you’ll notice that I’m running the networking application, ping, on the physical computer, not in a virtual machine. Notice that all networking traffic from the physical computer is going through the Virtual NIC and the Virtual Network Switch. Hopefully, it therefore becomes obvious why I stated at the top that it is our “recommendation to have at least two physical NICs in a physical machine.

Here’s the diagram where two physical NICs are in the physical machine, and a single external Virtual Network Switch has been created:

10

If a networking application running on the physical computer, or parent partition to put it into Hyper-V terminology, tries to access a separate physical server, the path to get “out” is much shorter. Of course, the astute among you may have noticed that there’s a second longer path as shown below:

11 

Whereas this alternate path may be used while the networking stack has not learnt the best (least cost) route, it will generally only be used for a very short period of time. As soon as the least cost route is learnt, the first path with be used.

As we’ve covered the basics from the parent partition perspective, let’s introduce a virtual machine. After all, chances are if you’ve read this far, you want to know how virtual machines interact.

Here’s an extension to the previous diagrams. At the top, we have a virtual machine with a virtual NIC. To distinguish this virtual NIC from the Virtual NIC in the parent partition, I’ll call it a Virtual Machine NIC. It doesn’t matter if this is a “synthetic” or “legacy” network adapter from the virtual machine configuration perspective; the concepts for data flow are the same.

The Virtual Machine NIC has a virtual piece of CAT5 cable connected from it to a new port on the external virtual network switch.

12

In the diagram, a networking application is running in the virtual machine and trying to connect to something externally. The data flows are very similar to before and hopefully the diagram speaks for itself.

You may ask, what if the virtual machine is communicating with the parent partition? Well, there’s two options for this, again the actual one used is a routing decision, but this time inside the Virtual Network Switch. Let’s start with the longer route where the packets from the virtual machine are sent out on the physical wire. Here, the physical switch routes the packets back up to the server using Physical NIC #2.

13 

And in the more efficient route:

14 

The essential difference between the last two diagrams is what happens inside the Virtual Network Switch. In both cases, it’s the flow labeled “3” which is interesting. The Virtual Network switch includes a learning algorithm. When it knows the most efficient virtual switch port to direct traffic to, it will do exactly that. However, for a short period of time, it does not know, so will act as a “hub” rather than a switch and send packets out on all virtual switch ports.

Cheers,
John.

P.S. Thanks to my colleague, Keith Mange, for his assistance with this post πŸ™‚


Comments (89)

  1. Anonymous says:

    Getting Started with Microsoft Hyper-V Understanding Hyper-V partitions and device drivers Migrating

  2. Anonymous says:

    Scott – So to confirm you have disabled through ncpa.cpl OR removed the virtual NIC in the parent partition for the external virtual network in use by the VMs? If so, I’m not sure why you are referring to a seperate IP address for the parent vNIC as there shouldn’t be a NIC…. Can you be a bit more explicit about the exact config? As for unregistering DNS, once the appropriate vNIC is disabled and/or removed, you can go into DNS snapin on a DNS server to remove the offending entry. You can also run ipconfig /registerdns on the Hyper-V machine to ensure that only the other NIC without an external virtual network is registered in DNS.

    Thanks,

    John.

  3. Anonymous says:

    I had a discuss a couple days ago at TechEd with some people about Blogs and what information was "appropriate"

  4. Anonymous says:

    U zadnje vrijeme sam imao podosta obaveza pa ne stigoh osvjeziti blog novostima, stoga slijedi izvjestaj

  5. Anonymous says:

    Bonder – you don’t say if you are running 2008 or 2008 R2. If the latter, there is a good chance you are hitting a known Hypervisor bug. There is a hotfix available in KB974909. Can you apply that if applicable?

    Thanks,

    John.

  6. Anonymous says:

    psprout – no, the virtual switch doesn’t have an IP address. Network cards which have IP bound to them have an IP address. If a VM is reporting unplugged, it will be because in the settings for the VM, when you select the network card, it will be "not connected". You need to create a switch using network manager if you haven’t already, and then change the network card settings for the VM to be connected to the switch you just created. Once done, treat your virtual machine exactly the same as any other physical machine on your network from a networking configuration.

    Cheers,

    John.

  7. Anonymous says:

    Thanks Saif.  It sounds like you are using a Legacy Network Adapter in the VM rather than Network Adapter. Legacy will always show 100MBps, Synthetic will show 10GBps. However, those speeds being shown are artificial – you’re actually limiited by software. You should always use synthetic over legacy if possible. The speed shown in the VM has nothing to do with the physical link speed though. We cannot exceed physical capabilities. Remember the VM is connected to a virtual switch, and the virtual switch is connected to physical. The speed shown in the VM (although as I say artificial) is the speed between the VM and the switch, not the switch and the physical NIC.

    Hope that helps.

    Cheers,

    John.

  8. Anonymous says:

    David – yes, entirely possible, and correct, definitely not recommended to have only a single NIC. For Hyper-V Server (or Server core installations), outside of scripting, you would use Hyper-V Manager remotely to configure networking on the server. The steps are no different to a full GUI-installation of Windows Server 2008. With a single NIC, you would simply create an external network (and in the case of running R2, you would ensure that the checkbox to allow the management operating system to share the physical NIC is checked).

    For scripting, my colleague Ben has a script to create an external network here: http://blogs.msdn.com/virtual_pc_guy/archive/2009/02/19/script-creating-an-external-virtual-network-with-hyper-v.aspx

    Cheers,

    John.

  9. Anonymous says:

    Hyper-V HW & SW requirement: http://technet.microsoft.com/en-us/library/cc816844.aspx Hyper-V RTM

  10. Anonymous says:

    I thought I’d start a series of posts highlighting some of the smaller changes in Hyper-V in Windows

  11. Anonymous says:

    If you followed yesterdays post explaining the basics of networking in Hyper-V, you may be wondering

  12. Anonymous says:

    Correct (for ipv4).

    Cheers,

    John.

  13. Anonymous says:

    Tim

    Have you installed the integration services inside the VM itself, and applied KB950050 on both the parent partition and the VM to get to Hyper-V RTM?

    Thanks,

    John.

  14. Anonymous says:

    Cecilc – looks like there were some infrastructure issues with the blogs.technet.com site yesterday. All seems to be working now though.

    Thanks,

    John.

  15. Anonymous says:

    Chris – I cannot recommend doing this to force network seperation. The fact that you mention a router implies to me that the webserver is Internet facing? I would strongly recommend you use two external virtual networks and seperate them that way. Obviously a third NIC on the physical machine for management of the parent partition would also be beneficial.

    Hope that helps

    John.

  16. Anonymous says:

    Jonathan – I’m not sure I understand the question. Can you explain what you’re trying to do.

    Thanks,

    John.

  17. Anonymous says:

    Lance – I confess, I’ve never installed or run Ubuntu. Emulation will be relatively significant in terms of overhead compared to synthetic devices, particularly on the send path (receive is somewhat better than send). Can you define a little clearer what "slow" means? On receive, on send? Have you looked at the logical processor and virtual processor counters in perfmon in the root partition – they may give some indication if you are bottlenecked on CPU. Have you compared performance between a supported child operating system and Ubuntu?

    Having only one physical NIC won’t affect performance of networking in a virtual machine – however it’s not recommended as it affects networking  performance from the root partition. Have you tried running a steady n/w load test inside the VM to measure the throughput and/or LP load?

    One other thing – what sort of physical NIC is in the machine. Could it be a case of needing later drivers for the physical NIC or changing the offload settings for it. I’ve seen a few reports (on Dell 2950s with Broadcom Nics IIRC) that offload settings can affect network performance.

    Thanks,

    John.

  18. Anonymous says:

    Zullu – sincere apologies – completely missed your comment before. To make a passthrough disk available for use in a VM, you need to mark it offline in the parent partition, either using diskmgmt.msc or diskpart.

    Thanks,

    John.

  19. Anonymous says:

    Simone – indeed, you are correct and that was deliberate. So far, I was just explaining the possible traffic flows under different circumstances. However, yes, you are correct, virtual network switches operate at level 2 in the OSI stack, below TCP/IP. To achieve routing at higher levels, you need to use a router, the same as you do in a physical environment. You can use ISA 2006 to achieve this very successfully using Hyper-V (I have run this many times in a variety of scenarios).

    Thanks,

    John.

  20. Anonymous says:

    With the RTM release of Hyper-V just around the corner, I thought it would be a good idea to re-visit

  21. Anonymous says:

    Hi John,

    I’ve started using Hyper-V just today, but I got some questions about Hyper-V Networking:

    Here we have 2 physical NICs, where #1 is used only for the parent partition, and while installing Hyper-V I bounded the external network to the NIC #2.

    First question: the "extra" NIC that appears in Network Connections window, at the parent partition, is the Virtual NIC or the Virtual Switch?

    Second one: Do I have to associate a IP address to it? I mean, the parent partition doesn’t really need it (it has his own physical NIC).

    Thanks in advance! Your post helped me a lot πŸ˜‰

    Eduardo

  22. Anonymous says:

    Martin – 169.x.x.x address are APIPA address and get assigned when you can’t get a "real" IP address from a DHCP server. The most common reason is an unplugged network cable. Before you created the external switch, were you able to get a "real" IP address on that physical NIC? That would rule out a faulty network cable.

    As for touching the configuration on the virtual NIC – that’s really so dependent on what you’re trying to do and how your environment is setup. When you have a second physical NIC though, you probably don’t even need a virtual NIC on the first external switch – you really want a "dedicated" switch where no virtual network is present (see my related second post – explains that a little more).

    Thanks,

    John.

  23. Anonymous says:

    Tony. Thanks!

    What you have should work absolutely fine, although obviously not desirable for a production environment. It also means that all traffic to/from the parent partition goes through the external virtual network switch now. I’m a little confused by one bit you state where you say that after setting the IP address on the VNic on the physical server to *.5, you can ping *.1 and *.5. If you can ping *.1, that sounds like another machine.

    Can you drop me an email using the link at the top, and include and output of ipconfig /all from the parent partition, and from one of the virtual machines which the parent partition can’t communicate with (eg by ping).

    If possible, temporarily turn the firewall off on the parent and virtual machine just to validate that it’s not simply the firewall getting in the way. Also worth verifying whether the parent and VMs are private not public networks in the network and sharing centre.

    Also useful would be ascreenshot of the virtual network in Hyper-V manager, and the settings for one of the VMs highlighting the NIC.

    Thanks,

    John.

  24. Anonymous says:

    AC

    Where are you seeing "100Mbps". Is this in a virtual machine or in the parent partition?

    Can you also confirm what physical NIC you are using, and especially if the 100MBPs is in a virtual machine, I suspect you are running with a "Legacy Network Adapter" rather than a "Synthetic" network adapter. If so, please switch your VM configuration to network adapter and ensure the Integration Services are installed in the virtual machine. Hopefully that will resolve the issue you are seeing.

    Thanks,

    John.

  25. Anonymous says:

    While it is possible to create some complex networking environments in Hyper-V, the basic concepts are

  26. Anonymous says:

    Darius

    Sure. So best practice regardless is to always have at least two NICs – one for VMs, one for the parent partition. Now especially in a DMZ scenario, ensuring the parent partition does not have access to the DMZ is critical. Ideally, you would create a dedicated network which does not have the parent partition vNIC (see comments for links to scripts, or built in for R2). You have the two other alternatives, but neither are ideal as ultimately it is still possible to either re-enable the NIC accidentally, or to add the bindings back on. There’s nothing stopping you disabling the NIC and disabling the bindings though. However, all three solutions solve the problem and leave the same security profile – the parent partition will be isolated from the VMs.

    Additionally, if you are running both DMZ VMs and backend VMs, from a security perspective, it is probably better to seperate these two security levels by placing them on different physical boxes. While technically, two virtual switches would work, it’s more of a security best practice to do this level of isolation, and isn’t strictly anything related to Hyper-V itself.

    One other thing – it is best to keep your parent partition on a seperate physical management network from your VMs (again essential in the DMZ scenario). The use of VLANs to further isolate traffic is also a good thing to put in place.

    HTH

    Cheers,

    John.

  27. Anonymous says:

    No, the above applies to R2 SP1 as well.

  28. Anonymous says:

    BarkingDog – it’s involved as networking is a complex area. If we didn’t have a parent virtual NIC, the parent partition (unless there is a second physical NIC available) would have no connectivity after the switch is created. We copy the IP and MAC address across so that parent connectivity remains status-quo after the external switch is created, and so that it can still be remotely managed. The original physical NIC has no connectivity except to the external switch after the switch is created. It is purely a means to get data out onto the physical network.

    Thanks,

    John.

  29. Anonymous says:

    Chuck. Thanks πŸ™‚

    Sure, either drop me an email using the link at the top of the page with a bit more information (ipconfig /all, a few screenshots if appropriate, configuration done etc). Alternately, there’s plenty of helpful folks including others from the product group and MVPs who hang out on the Technet Hyper-V forum http://forums.technet.microsoft.com/en-US/winserverhyperv/threads/.

    Cheers,

    John.

  30. Anonymous says:

    Martin – there are a couple of known bugs around the area of copying across the IP settings in RC1 builds, so this may have to be done manually.

    I haven’t had a chance to put a script together yet, sorry. It’s on my list though…. (along with many other things!).

    Thanks,

    John.

  31. Anonymous says:

    Jeff – sorry, I missed you comment from a couple of weeks back.

    Can you provide a little more information: First thing to verify is that you are running Hyper-V RTM, not beta, RC0 or RC1 – there are several networking fixes along the line which you could have been hitting.

    Assuming you are on RTM, can you describe the symptoms: Is it networking in all VMs that lost, just one VM. What were you doing at the time? Have you got the latest drivers from the OEM installed for the physical NIC? Does the parent partition also lose network connectivity? Can you also confirm whether you are using a legacy NIC in the VM or a synthetic NIC?

    Thanks,

    John.

  32. Anonymous says:

    John – The Hyper-V Virtual Switch does not natively support multiple NICs connected to the same switch. I’m assuming you’re asking as you want multiple NICs for either load balancing or fail over. Vendors and OEMs such as Intel, Broadcom, HP…. support teaming solutions for Windows Server – you need to go to the vendor website for specific information about how to configure their solution and in particular, how to configure their solution when used with Hyper-V. They all have their own guidance. On a teamed solution, the virtual switch is effectively hooked to a bonded NIC which appears, to us, as a single physical NIC. Under the covers though, it is two NICs.

    Thanks,

    John.

  33. Anonymous says:

    Good overview and guide.

    Thanks

  34. Hi John,

    wow, thanks for this impressive overview of the networking feature within Hyper-V, real good job!

    Greetings from Austria (not Australia) *gg*

    Peter Forster

    MVP Virtual Machine

  35. Lance Fishre says:

    Hi, I followed your excellent instructions on getting Hyper-V to work on a Server Core installation.  I’m now running two Server 2008 VMs on it, and they seem to run great.  Thanks!

    I recently created a Ubuntu Server VM to host a wiki, and it runs really slow.  Could this be because I have only one NIC in the server?  The wiki on the Ubuntu server is using a DB on one of the Server 2008 VMs.  Or is the slowness probably just that the Ubuntu server doesn’t have the advantage of integration services?  How would I go about measuring for the bottleneck?  Thanks for any tips.

  36. Simone says:

    Hi John.

    In you article there is no mention to subnets. Indeed if you create two Internal (or Private) Networks in H-V and put two Virtual machines on separate IP Subnet they cannot communicate each other. In other words, the virtual switch works at level 2 only.

    Is there a way to have a layer 3 routing within H-V? I need this cause i’m trying to simulate a scenario with a DMZ and a LAN using one Host only.

  37. Martin Herbener says:

    John,

    If I look at the tcp/ip properties of the host/root partition’s virtual NIC, they are unusual –  using a 169… address that our DHCP servers certainly didn’t give out, no default gateway, etc.  Is there any reason to ever touch this NIC’s configuration?  Is it a good idea or a bad idea to remove this virtual NIC if there is a 2nd physical NIC for host machine traffic (and assuming we will not use internal or private configs)?

    thanks!

    Martin

  38. Martin says:

    John,

    Not sure what the sequence would have been in my existing case.

    In general, if I have a physical NIC with a valid, complete tcp/ip config, and I create a external virtual network using that NIC, should the resultant virtual NIC adopt the tcp/ip config of the physical NIC?

    Also, re your second post, any guess when we would have info on how to create a dedicated switch?

    thanks

    Martin

  39. Martin says:

    John,

    But by design/intention, the virtual NIC should get the physical NIC’s config?

    thanks

    Martin

  40. Andrew says:

    Hi,

    If I understood correctly Windows Sever 2008 Core has no support for any of these features? So one has to bind each VM to a physical NIC? If so this would be a disappointment as Sever Core 2008 with Hyper-V seemed to be a good alternative to ESXi.

  41. robertplant says:

    If you may,please clarify one or two points…

    one physical nic on host -> local area connection

    one virtual external nic on the child partition with server 2008 -> local area connection 3

    every nic (physical,virtual on host and vmbus on guest) is on defaults automatic / dhcp configuration

    1.you mentioned that no bindings except virtual switch is to be enabled on the physical nic

    what is the case when using 3d party firewall/antivirus

    like eset smart security/kaspersky antivirus which both add bindings?

    if left unchecked, is the physical connection still protected by the firewall/antivirus or is it in passthrough mode?

    I’m concerned about the protection on both the host and the guest,that’s why I’m asking.

  42. robertplant says:

    2.I’ve had some trouble figuring out the ideal configuration

    That’s the situation:(everything on dhcp) when nothing is connected (no cable at all) the host reports that the virtual nic has IP 169.254.163.198 and the guest shows for vmbus net adapter IP 169.254.56.11 both with netmask 255.255.0.0 (same subnet right?)

  43. Tim says:

    Configuration… 2008 Full Version, running on 2008 Core.

    Will not load the VMBus drivers.  System just says "This device cannot start. (Code 10)" in the Device Manager.  Using an External Network Type on the Hyper-V Network.

  44. Tim says:

    John,

    This is a newly created VM, newly created disk nothing from an old system, or migration  I did do the HAL Detect trick, and the ACPI was showing correct.  None of the errors are (Code 12) errors, but there are three yellow exclaims in device manager.  One under human interface (i’d assume mouse) one under unknown drivers, and one under Networking.

    Getting frustrated, as with VMWARE you just load the tools and voila, everthing is there.  It seems like the drivers are not even loaded, but when I search, it says they are up to date.

    When I get to the office tomorrow I’ll check the other errors.  One was the same (Code 10), the other I can’t remember.

    Tim

  45. Tim says:

    John,

    One more note.  The Core (x64 Enterprise)  was built from the media sent along with the eval kits, and the Full version (x86 Server) on the VM was using Technet media.

    Tim

  46. david zhang says:

    Thanks for such a good resource. This definitely demystifies some of the magic behind networking in Hyper-V.

  47. Chuck vdL says:

    Great stuff John..  Wonderful graphics as well (reminds me of some of what Ben Armstrong put up when he discussed some of the same stuff (but not with this depth) back in Jan08..

    For those of us having issues with networking and Hyper-V, what’s a good resource for help?  I don’t want to bug you here in your blog..

    (for reference the problem is that once I have two networks connected as described, when I try to connect to shares on the server from an outside system, or even ping it, the traffic seems to be trying to use the virtual nic, not the physical nic (what would be physical nic 2 in your diagrams above)

  48. Jeff25 says:

    I’ve got a server configured with two NICs and set up as described. My VM will be active for a while then suddenly lose its connection and I have to jump through the whole configuration dance to get connectivity again.

    Any ideas why?

  49. Chuck vdL says:

    Thanks for the tip on the technet forums, I’ll try there.  

    I tried the MSDN forum for virtualization <http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=2015&SiteID=1&gt; and it was dead.. nobody is even marking things as answered (really un-usual given my experiences in the MSDN forum for VSTS2008 web and load testing, which was very active and you got very rapid answers)

    Maybe the technet one will be better..

  50. Tony Nicholls says:

    Great article!

    I wonder if you could explain/validate something for me.

    I have a physical Windows Server 2008 Data Centre with a single physical NIC IP4 addres x.y.z.1 which I have to access via RDP.  I installed Hyper-V, and created an external virtual network. As you described I got a new virtual NIC on the physical server and the physical NIC was bound to just the Virtual Network Switch Protocol. Since I only had a single physical NIC on the server, I lost the abilityy to use RDP so I had to have the IP4 protocol re-attached with IP x.y.z.1 so that I could reach the physical server.

    All seemed to work so I then built a few virtual machines for test and set their virtual NIC IP4s: to x.y.x.2, x.y.z.3, x.y.z.4

    Now I can access the physical server using RDP against IP4 x.y.z.1, but the physical server cannot access any of the virtual machine IPs. The Hyper-V manager can control everything just fine.

    The vitrual machines can all access each other, but they can’t access the physical server or the external network.

    In the spirit of investigation, I set the virtual NIC on the physical server IP4 to x.y.z.5. Now the physical server can ping x.y.z.1 and x.y.z.5. It seems that the primary partition and the virtual servers are operating on two separate and disconnected networks.

    So I guess my question is: "Is it actually essential that there are at least two physical NICs on a Hyper-V server?" One of which must only be bound to the Virtual Network Switch Protocol and the other dedicated to connecting the physical server to the Internet.

    Is the fact that I have my only physical NIC bound to both VNSP and IP creating the logical break between my primary partition and virtual servers?

    I’m going to get a second physical NIC installed on the physical server and configured but I would appreciate your feedback and comments. Did I correctly understand the problem and will a second NIC fix it?

    Cheers, Tony

  51. Dave says:

    Hi John,

    I have a windows 2008 enterprise 2008 server running DNS, AD, Print server, and all the goodies.  The server runs fine but when I install hyper-v into this server all the computers in the domain cannot obtain an IP from the DHCP server.  Is there a workaround for this problem?

  52. sponder says:

    Nice Article!!

    Could someone point me in the direction of any good comparisons between Hyper-V and VMWare’s version? My company wants to go the VMWare route, but I’m trying to convince them otherwise.

    Thanks

    Sam

  53. William Fields says:

    Thank you for this incredibly enlightening post. The graphics make all the difference.

    The image in 14_thumb.jpg implies that there would be no traffic flowing between the physical NIC’s in the system, at least once the virtual switch has "learnt" that the parent partition can be access through the virtual NIC.

    My issue (OK, I have a couple), is that the network traffic in my system seems to be operating more like image 13_thumb.jpg… Out the box from NIC1, across my GB full duplex switch, then back into the box through NIC2. With the virtual switch inbetween.

    Also, I’m only getting the data transfer rate (large file copy) of a poorly performing 100Mb network, less than 5,000,000 bytes/sec on average.

    Note, my child partition is a WinXP x86 SP3 system w/ Integration Components installed.

    On my system, I should be seeing >20,000,000 bytes/sec transfer rate (which is what I was getting under Virtual Server 2005 on this same hardware using Vista Ultimate x64.

    Any feedback would be appreciated, any performance numbers posted would be wonderful.

    Thanks.

  54. William Fields says:

    Hmm… I peformed the same file transfer test beween my parent, and a Vista Ultimate x64 child and performance shot up considerably. But, performance monitor still shows that traffic is passing out of the box, across the physical switch, and back into the box.

    The virtual switch was registering >20,000,000 bytes/sec at times. Much better, but I’m curious why the WinXP system did so poorly even though it’s a 32 bit OS.

    Thanks.

  55. AC says:

    Thanks for the well written article. My problem still remains that the Phyisical adapter though being a 1Gbps, when Hyper-V role is installed, automatically it turns to 100Mbps and would not negotiate with the Cisco6500 Switch. And I have proved the throughput to be 1% on a Virtual Server that is using this nic. Can you help me how to get the Physical nic back to 1Gbps FULL speed?

  56. AL says:

    As you say the recommendations is to have 2 physical NICs on your server. I’m not so experienced in networking, so I’m wondering what the IP addresses of those NICS might be? Would they be different IP addresses on the same network? Could you give an example of they might be configured?

  57. Saif says:

    This is a well explained article. I was stuck on getting my VMs on the network. After looking at this all is set, however I am having the same issue as AL, where my VMs network adapter shows 100MB but the physical NIC is 1GB. I am also using GB switches.

  58. Saif says:

    You are correct. I was on Legacy. I’d installed Windows Server 2003 and had to enable Legacy in order to get network Access to download SP2 before the VM Client components could be installed. I’ll switch to Synthetic. You’ve been a great help!

  59. Barkingdog says:

    Your writing is clear but I’m still confused why networking is so involved. What is the value of introducing a second (virtual) NIC into the drama? Why not just have all communication  (Guest and Host) go through a single, or user designated, NIC(s). I don’t like the fact that the IP address of the orginal NIC is moved onto a virtual NIC. And what about the MAC address of the original NIC? It now has no associatd IP address.

  60. cecilc says:

    seems like the JPGs in the article no longer appear.  would help a lot if i could see them.  thanks.

  61. oso says:

    Hi John, like you described in article in beginning Is not possible to make external network switch in server core instalation, I have running free version of microsoft hyper-v server with two physical NIC’s. I was able to bound  an external network switch to physical nic and run three VM through it, second physical nic is iSCSI. Is there some changes to core instalation where it is no possible? I’m litle bit confused about it.

    My idea is to make a network team of two physical nic using HP network utility, on extrenal cisco switch we made trunk port with  

    3 VLAN’s "internal id1",  "dmz id 2" and "iSCSI id ", when I run utility it makes me a three network adapter, Now I see three network adapter with names above on host. My question is that is possible bound  vm’s to this software network adapters with external hyper-v switches? When I trying it, I lose connections from my managment vista machine, and can’t ping host anymore. What I’m doing wrong?

    Thank you for answer.

    Best regards

  62. psprout says:

    I’m trying to figure this "Virtual switch" thing out.  Does the virtual switch need a static IP address?  Currently my v-switch is using an APIPA address.  My virtual Machines are reporting the the "cable is unplugged" for what ever reasone.  I have 2 physical NICS and bound on of them to hyper-v at installation.  I can’t figure this out so far and am thinking of removing the role and installing VMWARE Server instead.  Any one know how to configure or setup Hyper-V’s networking?  My physical server acts as my DC. DNS, DHCP,Hyper-V.

  63. WebDave says:

    Thanks for the useful article on HyperV. It does give a very basic idea fo the entire thing for the noobs and is very useful.

  64. Chris says:

    Hi John,

    I have a situation where i have the following setup:

    1 host : 2 physical NICs

    2 Hyper-V Machines, 1 = SBS08, 2 = 08 Standard (Web Server)

    What i want to do is to have these on seperate networks so i keep the web server isolated from the internal network.

    can i have these two servers use 1 physical NIC but be on different subnets?  Or do i need to create a seperate external virtual network, binding it to my second physical NIC and then configure my router to deal with the traffic?  Or can i just have Hyper-V do it all?

    I can’t find anything to help with this and was hoping you could share your wisdom on the matter?

    Thanks

    Chris

  65. Jarryd says:

    Hi Howard,

    If you are still out there, I posted something up to microsoft.public.virtualserver.  The subject is: "Can’t ping hyper-v host from management station – normal?"

    I would be really greatful if you could take a look and let me know if this is normal or not.

    TIA.

    Jarryd

  66. KPersaud says:

    Hi Howard;

    Good job on "How does basic networking work in Hyper-V". I have a situtation I don’t seem to overcome, plus I sent weeks on it. I have a virtualized EBS 2008 on a windows server 2008 ent host, 2 NIC. One for the internal virtual network for the 3 servers + host, the other for external virtual network for the Security Server. It works, all servers ping each other and connected to the internet, however I cannot get a workstation to connect to the EBS network. I don’t get an IP to the LAN physical switch. I installed a 3rd NIC but don’t know what to do with it. What is missing? Your help is appreciated!

    Thanks,

    KPersaud

  67. KPersaud says:

    Hi John,

    I got it. I had setup internal virtual network adapter for the EBS servers instead of external virtual network adapter.

    KPersaud

  68. David says:

    Hi John,

    Nice article, and easy to follow if you have a 2008 server.

    However, if using "Hyper-V Server" with only the command line interface it is a little more difficult.

    I know that only having one NIC is not recommended, but it is supposed to be possible with Hyper-V server – and I am trying to get a test machine (laptop) to work with only one NIC.

    Do you know of any article which explains how to do this?

    regards

    David

  69. David says:

    John,

    Thanks for that – it works – despite the vbscript reporting that it had failed. My virtual machine now has external network access, and I still have access in from Hyper-V Manager on another physical Vista Machine, all with just one NIC.

    regards

    David

  70. DARIUS says:

    Hi John,

    Maybe you can tell is there is any best practices how to deal with virtual host nic (the one created when creating virtual switch) in case you do not want to use it for communication between host and vm’s as for example when creating virtual machines for DMZ? I’m wondering is there is any recommendations from security perspective? Should all bindings be removed from host virtual nic? Or maybe virtual nic should be even disabled? Any ideas?

    Br,

    Darius

  71. Jonathan Camilleri says:

    I would like to know whether to flag any flags e.g. Microsoft Virtual Switch Protocol when I browse to the LAN connections.

    I am running Win Server 2008 64 bit with one physical LAN card atm.

    Email: slyth@hotmail.com

  72. John Wagner says:

    I’ve been unsucessful finding anything, either from microsoft or any forums in regards to have mutilple nics assigned to the SAME virtual switch. (Much like can be done with Vmware…) Anyone offer any help or insight on this? Maybe I’m missing something really obvious?

    thanks,

    John

  73. Zullu says:

    Hi, I know it could be a bit off-topic, but looking at the experiences of the guys from the posts and comments above, I was tempted to ask this here.

    I am trying to get access to my external HDD from the virtual machine on a Hyper-V. My host can see this drive but the virtual machine cannot.

    I read somewhere that this is by design for security purposes.

    Is that what I have to live with?

    As my VM is also not able to download anything from the internet sites (I have tried a couple of ways, adding to trusted site, using regsvr32, etc but nothing has worked for me), I am kind of in a fix.

    I have installed the SQL Server 2008 on Win Server 2008 on my VM using the "Media – DVD – Insert Disk" option. Now I need to install the SQL 2008 SP1(exe).

    Any suggestions?

    Thanks in advance.

    Zullu.

  74. bonder says:

    I’m having trouble with my VMs keeping internet connectivity.  Things will work for a while but then both my machines lose connectivity to the internet at the same time, while the host server still has it (I assume because of the second NIC card it can route through).

    To fix this, I have to reboot the entire host server.

    Any thoughts on what I can look at?

  75. Scott says:

    Hi John, nice article.  I have a Dell PE 2950 w/dual Broadcom NICs that runs Server 2008 Std x64.  I have one Virtual machine running Server 2003 x32 STD I use as a print server.  I attempted assigning 1 Broadcom for exclusve use of the Virtual Network (success!), but the Virtual NIC registered itself in DNS and appears to be the primary ("local and internet") path for the host machine.  The virtual NIC has a separate address assigned to it from the Virtual Machine.  Is there a way I can unregister DNS from the Virtual NIC and change the host networking path to the physical NIC?

  76. Marcel says:

    Suppose i have two nics in the host one for vm's and one for the host. With multiple vm's and the host on the same vlan, how do i setup the default gateway for the two nic's?

  77. Excellent article, thank you. Is there some change with Hyper-V 2008 R2 SP1?

  78. Dude999 says:

    Hallo John

    I see you still answer questions πŸ™‚

    I still have some problem wrapping my mind about this.

    I have question about picture blogs.technet.com/…/9_thumb.jpg

    After creating the "test external network" you have two entry in network connection.

    But picture has "Physical NIC", "Virtual Netowork Switch" and "Virtual NIC"

    Which one isnt listed in Network Connections?

    Also you mention in one of your answer to a different post, that you have a "2nd part" of this article, but I cant see any link.

    Maybe that could answer my 2nd question.

    In a 2-physical nic configuration, what should tcpip settings be on the nic named "Test External Network"?

    (I hope my questions makes sence)

  79. Malik says:

    Great Article!

    Dear John

    I have two machines. On machine1 I have Windows Server 2008 Enterprise with two physical NIC IP4 addres 10.0.0.1 and 10.0.0.2.  This server have AD & DNS roles. I installed Hyper-V manager, and created an external virtual network. As you described I got a new virtual NIC on the physical server and the physical NIC was bound to just the Virtual Network Switch Protocol.

    On the machine2, I installed Hyper V server (core installation). This machine also have two NIC ip 10.0.0.3 & 10.0.0.4. All seemed to work so I then built two virtual machines for test and set their virtual NIC IP4s: to 10.0.0.11 & 10.0.0.12.

    Now I can access the virtual machine from Hyper V Manager.

    Machine1 and Machine is able to ping each other, but the virtual machines I created in machine are unable to ping Machine1 10.0.0.1.

    I would appreciate your feedback and comments.

    Regards

  80. Mahr Haider Iqbal says:

    I started to configure  window server 2012, I have some problem in networking hyper-v configuration

    how I started step-by step.

    1- I Installed role of active directory and DNS was installed with itself.

    2- I installed role of hyper-v without selection of any network adapter.

    I want to know how to make a virtual  network adapter for hyper-v clients

    Thanks

  81. Jeb says:

    I need help routing two networks in VM ware workstation

  82. Urrrm – that's really a question for the VMWare folks on their forums….

  83. galazus says:

    Using VM qirkstation 9.I have setup 2 domain controllers each running exchange 2010.one has IP 192.168.1.1 and the other 192.168.2.1.exchange is running fine and the users in the respective domains can email each thru outlook.but the problem is; how do I route the 2 networks to have users email across the domains.I tried to configure 2 servers as routers but am stuck.. This my school project. Guys help:-)

  84. communities.vmware.com/…/workstation is the place to ask this. It has nothing to do with Hyper-V.

  85. galazus says:

    Thanks

  86. Andrew_Dell says:

    Hi John. At the end of your blog you state this: The Virtual Network switch includes a learning algorithm. When it knows the most efficient virtual switch port to direct traffic to, it will do exactly that.
    Can this learning algorithm on the virtual switch route traffic between two VLANs ? I have two NICs on my server one bound to the virtual switch and the other your standard NIC for the OS and both on seperate VLANs. I have network traffic (user profile disk reads/write) from the VMs connected to the virtual switch on one VLAN that goes out over the network on the other VLAN (that of the OS NIC) without being routed. I am assuming the traffic is routed internally between the two VLANs by the virtual switch rather than it going to the router to be routed ?

  87. Cat5 Phoenix says:

    Thanks for sharing this information.