Hyper-V: What are the uses for different types of virtual networks?

If you followed yesterdays post explaining the basics of networking in Hyper-V, you may be wondering what the different types of virtual networks are, when you should use them, and how they look in terms of traffic flow.

When you open Virtual Network Manager from Hyper-V Manager, there are three types of virtual network which can be created: External, Internal and Private. There is also a fourth type which can only be created through WMI and doesn’t have an official name, but I’ll call it a “Dedicated” virtual network (thanks Jake who came up with the suggestion!). Let’s look at each type, and when it is appropriate to use them.


External virtual networks are used where you want to allow communications between

  • Virtual machine to virtual machine on the same physical server
  • Virtual machine to parent partition (and visa-versa)
  • Virtual machine to externally located servers (and visa-versa)
  • (Optional) Parent partition to externally located servers (and visa-versa)



Internal virtual networks are used where you want to allow communications between

  • Virtual machine to virtual machine on the same physical server
  • Virtual machine to parent partition (and visa-versa)

In a block diagram, an internal network is an external network without the binding to a physical NIC. An internal network would commonly be used to build a test environment where you need network connectivity into the virtual machines from the parent partition itself.



Private virtual networks are used where you want to allow communications between

  • Virtual machine to virtual machine on the same physical server

In a block diagram, a private network is an internal network without a virtual NIC in the parent partition. A private network would commonly be used where you need complete isolation of virtual machines from external and parent partition traffic. DMZ workloads running on a leg of a tri-homed firewall, or an isolated test domain are examples where this type of network may be useful.



Dedicated networks are in some ways one of the most useful type of virtual network where you dedicate a physical NIC for use just by virtual machines. They allow communication between:

  • Virtual machine to virtual machine on the same physical server
  • Virtual machine to externally located servers (and visa-versa)

Note that the parent partition is unable to use a dedicated virtual network for its own communication. You would normally have a second physical NIC for use by the parent partition, as was discussed yesterday. In a block diagram, a dedicated network is an external network without a virtual NIC in the parent partition.



Note that you can achieve something functionally identical to a dedicated network by creating an external virtual network, and unbinding the protocols from the newly created virtual NIC in the parent partition. However, I would personally recommend you deploy a dedicated virtual network “correctly” to avoid accidental changing of bindings on the virtual NIC, or to avoid confusion as to what is present in the network adapters control panel applet. (And before you ask, I don’t have a sample script to create a dedicated virtual network yet. A post for another day).


Comments (51)

  1. Ben – disable for the virtual NIC created for the physical NIC which is being used for virtual machines. You’ll hit all sorts of problems with two default gateways on two NICs in the parent partition.



  2. Anonymous says:

    U zadnje vrijeme sam imao podosta obaveza pa ne stigoh osvjeziti blog novostima, stoga slijedi izvjestaj

  3. Anonymous says:

    Performance Tuning Guidelines for Windows Server 2008 Hyper-V Release Notes Planning for Hyper-V Security

  4. Ron – see the first diagram at the top of this post.

    You need an external virtual network on the parent partition bound to your one physical NIC, exposing a virtual NIC to the parent partition so that it can have network connectivity.

    Each VM is simply connected to the external virtual network in the NIC portion of the VM settings. You should not need to use a legacy NIC.


  5. Mike2

    netsh interface show interface

    –> to get the interface name for the adapter you want to disable

    netsh interface set interface "interface name from above" disabled



  6. YahyaZahedi says:


    this is  Great overview . But i can create Dedicated switch .

    how can i make dedicated switch ?

  7. Anonymous says:

    Getting Started with Microsoft Hyper-V Understanding Hyper-V partitions and device drivers Migrating

  8. Reuvens. There is no operational/practical difference between a dedicated network and an external network with a disabled virtual NIC in the parent partition. However, when you have multiple physical NICs, it can quickly become very confusing when looking at ncpa.cpl to see one or more disabled NICs and you risk accidental exposure of the parent to that network should it be enabled.

    Second question – nothing more than an oversight. Really! And yes, it is the recommended production deployment configuration for physical NICs "dedicated" to VM traffic.

    Third question. Look at the first picture above and compare with the dedicated network picture. It doesn’t matter what you disable in the virtual NIC as that isn’t being used for VM traffic. It’s the physical NIC which has the Microsoft Virtual Network Switch Protocol bound which is being used for traffic. It’s really nothing to do with bridging – we implement as the diagram suggests a layer 2 switch in software. The closest I could point you to current "official" documentation is http://technet.microsoft.com/en-us/library/cc816585.aspx (which is largely based on the post above  🙂 )



  9. Syl – within 180 days of the RTM of Windows Server 2008.



  10. ITGuy – no, each virtual NIC will appear as a completely seperate entity on the physical network when viewed from outside the Hyper-V box itself. Each will have it’s own MAC address, and the IP address will be entirely dependent on what you manually configure it to be in the VM, or what is assigned by DHCP. Essentially at this point, forget they are virtual machines – they are just another machine on the network and it happens to be a virtual machine.



  11. Ben

    Treat each virtual machine like you would any other physical machine and assign the virtual NIC in the VM an appropriate IP address. That information will be stored in the operating system image contained in the VHD. The NIC instance itself though is stored in the configuration file for the VM, therefore if you move a VM from one server to another, you need to move both using the export & import function in Hyper-V Manager.



  12. Colin – the only way you can have a virtual network span two different hyper-v machines is if the two machines have a piece of physical wire between them. Now that doesn’t have to be the "real" network you describe if you have an unused physical NIC on each machine – create an external virtual network on each server, without a vNIC in the parent partition. Connect both physical NICs together either with a crossover cable or via a dedicated hardware switch/hub.



  13. Ewdev – yes, this is somethig we’re looking at for a future version. Glad you got it working.



  14. Anonymous says:

    I thought I’d start a series of posts highlighting some of the smaller changes in Hyper-V in Windows

  15. Anonymous says:

    Hyper-V HW & SW requirement: http://technet.microsoft.com/en-us/library/cc816844.aspx Hyper-V RTM

  16. Scott – I apologise, I haven’t had a chance to get round to putting it together. Published in the last few days though are some sample scripts for the WMI APIs for Hyper-V, although it will require a bit of piecing together. Specifically, you need the Msvm_VirtualSwitchManagementService class, the sample code for the methods being http://msdn.microsoft.com/en-us/library/cc723875(VS.85).aspx.

    Alternately, as I mentioned in the main body of the the text, you can functionally create something identical to a dedicated network by creating an external virtual network switch in the user interface. Once created, on the new virtual NIC which is created in the parent partition, remove all bindings: Start/ncpa.cpl. Select the appropriate NIC and choose properties. De-select all bindings. The only difference between this approach and using WMI is that you have a virtual NIC instance in the parent partition. However, with no bindings applied to it, it can’t be used for anything.

    I will get round to the script. Just need to find some time. Sorry!



  17. Anonymous says:

    With the RTM release of Hyper-V just around the corner, I thought it would be a good idea to re-visit

  18. Anonymous says:

    A few questions:

    1. Can you explain what the pratical difference is between the "external" and "dedicated" network types. Another words, why would I want to choose one over the other.

    2. Going on the last question, I have to ask why there isn’t a dedicated network option in the UI, but instead only via WMI (or scripting). Is this some hidden option that wasn’t meant for production?

    3. Can you explain how when you disable the virtual interface or even deselect all of the items in the NIC properties (and therefore that NIC doesn’t have an IP address) the VMs assigned to that interface can still contact the network? I’ve seen people explain this by using the concept of "bridging" but I wondered if there is any documentation about how this works?

    Good Post!



  19. Gul – Hyper-V doesn’t expose (or have) capabilities from the parent partition to set these parameters inside a VM. The parent is ‘blind’ to how the OS instance in a VM itself is configured.



  20. Ewdev – good catch, thank you. My bad – I meant unbind the protocols (which are all except the virtual network switch protocol) from the virtual NIC in the parent partition. I’ll correct the text. You won’t be able to delete the virtual NIC itself (you shouldn’t any way).



  21. Longwind1979 – if you are using Windows 7 as the client, there is a checkbox in the network settings for an external network connection. Alternatively, a script sample is linked to in the comments above.

    Yes, you can create an external network on one NIC for one VM, and another external network on another NIC for another VM. If you use that script, or don’t check the box, it will be exclusive for just that VM.

    No, don’t create a switch on the parent NIC. Just use it as a regular NIC.



  22. David – not unless you believe all 12 VMs are going to need a whole (I assume) gigabit each simultaneously – generally that’s pretty unlikely and you would be able to share several VMs through a single NIC. Obviously though, it depends entirely on the network profile of each workload to determine what it reasonable to share on a single NIC and when you need more than one. Being in a SAN should make no difference from the networking side though (unless you’re referring to storage over networking as in iSCSI?)



  23. Hi Martin – yes, this will be equivalent from a functionality perspective. Personally, I prefer the unbinding to disabling as it’s harder to accidentally re-bind than it is to accidentally re-enable the NIC.



  24. @nvvn. Thanks. Your request has been on my list for a few months. I will get round to this just as soon as I can.



  25. YahyaZahedi says:

    Thanks For great article .

  26. Syl says:

    When Hyper-V finale release come ?

  27. Ewdev says:

    Fantastic article John, came at just the right moment for me.  I am trying to create something like a dedicated network but was a little confused with the sentence "unbinding the Microsoft Virtual Network Switch Protocol from the virtual NIC in the parent partition".  It seems that it is the physical NIC that has the Virtual Network Switch Protocol.  Would you not simply delete the virtual NIC from the parent partition, if you can?

    I shall be trying this out today as I am trying to see if I can set up a Virtual ISA2006 server.  I will report back my findings.

  28. Ewdev says:

    Well it is all up and working now, a little painful perhaps but I now have a DC/DNS/DHCP/WINS on the host VM plus three  Windows Server 2008 x64 child VM’s for SQL Server 2005, IIS7 and Exchange 2007.  All of these are attached to an External virtual network and protected by a fourth child VM running Windows Server 2003 + SP2 x86 with ISA2006 and two virtual NIC’s, one on the External vrtual network and the other on a Dedicated virtual network as discussed above.  Just to re-iterate, the dedicated network was simulated by unbinding ALL protocols off the dedicated virtual NIC from the host VM so as to eliminate the problem of the host bypassing the ISA firewall.  The only cable coming out of my box at present is one attached to the Dedicated NIC which goes straight to the Internet, although there is an external physical port for additional physical machines on the internal network if wished (This is the port for the "External" virtual network where the word "External" simply means external to the physical machine). The ISA2006 edge firewall setup works a treat and this seems such an obvious setup that I wonder if the concept of the Dedicated virtual network should perhaps be in the final build for Hyper-V?

  29. Scott Klassen says:

    So how about that script for making a dedicated type?  Failing that, could anyone here point me to step-by-step manual instructions to "deploy a dedicated virtual network “correctly”"?


  30. Martin Herbener says:


    If I want something like a dedicated virtual network, is there any reason not to DISABLE the virtual NIC in the host as opposed to unbinding?



  31. Ben Allen says:

    Hyperv Networking and Dedicated Rotable IP Addresses.

    Hi Martin

    Can you confirm the correct place to apply a front facing ip address for my machines. My normal process is to setup a server and assign one or more ip addresses from my /22 range.

    These are usually used by me for hosting or for clients. Normally i would assign the ip addresses within the machines OS. From reading through all the published stuff its not clear to me if this is still doen within the virtual server or if its placed on the physical machine. My concern is that if its not assined within the virtual machine and then you moved it to another machine how would the ip address assigned to it move unless it was within the contents of the .vhd file?? I hope you can clear up the process for me because its delyaing me moving ahead with my testing prior to prodcution. At present i have one server running datacetre edition 2008, the parent is running ssvmm2008 beta. The proliant dl360 server has 2gb nics in it.

    I look forward to your response.

  32. Ben Allen says:

    Hi John

    Followed you advice and got it working, However now i experiencing intermitant loss of connectivity using 2 nics per server. So in desperation as it was interupting service i have reverted to a single nic on both servers and it seems stable again. The setup is as follows:

    2 x HP DL360 Server, dual quad core xeon.

    14GB & 10GB of memory, storage at present is local, testing for fibre channel will be done once this issue is resolved.

    1 server has 4 VMS & ONE HAS 3 VMS running 2008 datacentre 64

    Ok i setup the nics as follows initially 1 nic set as external & virtual switch. i assigned to the nic on and gateway is

    Dns set to which is the dns running on the DC and sec dns to which is my main public dns server.

    Ok so that all seemed fine, from reading you tutorial it seemed you recommned using the second nic as the main route to internet thus allowing the 1st nic labelled external to pass that traffic to the second for ongoing routing.

    So i setup the second nic with on

    Gateway set to dns and

    I then assumed i needed to remove the gateway address from the external nic so it would route traffic for the internet via the second nic, however in my mind i wonder how redundant that is as if the card was to fail the virtual wouldnt be able to take advantage of the fact it could route the traffic itself. Either way i have had lots of complaints on drop in and out of connection, it appears one min you can get to VMS and then next you cant. Please advise if i have misunderstood how to setup and if using the inforamtion i have given can pin point the mistake mean time i have gone back to the one card to try to keep things stable.



  33. nvvn says:

    Excellent job, keep up good work, also for part 1. However I would like to see if it is possible step by step guide or how-to for VLAN’s. For example, Win Svr 2008 with HyperV server have two physical NIC’s. NIC2 is connected to physical port onto physical swtich with two VLAN, ie 11 for data, 12 for voip. How can I have also these two VLAN’s in virtual servers.

    Best regards

  34. Micromega says:

    Founds this…..Howto create a Virtual Swich for External without creating a Virtual NIC on the root

  35. David says:


    Running 12 VM’s in a SAN; is there any advantage to using 12 physical NIC’s?

  36. mike says:

    I have eight NICs in my 8×32 HP blades and using Fiber Channel with Clustering.  I am curious what the recommended ‘Dedicated Network’ configuration would be leveraging the most NICs without running into gateway issues?  I also have the ability to team the NICs but have been cautioned about using teaming with Hyper-V.

    NIC1 – Parent Partition NIC ?

    NIC2 – Heartbeat ?

    NIC3 –

    NIC4 –

    NIC5 –

    NIC6 –

    NIC7 –

    NIC8 –

  37. mike says:

    can you share which stencil you use for the switch and NICS?



  38. Mike2 says:

    How would I unbind all protocolls from or simply disable the virtual NIC on the parent under WS2008 Core or HVS2008?

    I tried the registry, netsh, devcon.exe… no success….



  39. ITGuy says:

    John, I am setting up a system having a single NIC and two VMs using an external virtual network. I am wondering, will the external IP address for both VMs appear the same to an external device?


  40. gul says:

    Nice explantion, however i am searching for one thing that can i set IP address, Default gateway etc to the virtual machine nIC using powersheell or WMI.




  41. shiva says:

    Hi John,

      Your forum is of amazing help to our project. Thanks for your support.  I got a question in networking. We are trying to configure network to a VM programmatically via WMI. While configuring the network adapter with the channel instance id, we require a VM restart to make the IP configuration successfull. Is this the expected behaviour or are we doing it wrong? Please suggest us.



  42. colin says:

    Is it possible to have a virtual network span 2 different hyper-v hosts.  We have 2 boxes capable of running 7 virtual machines each and we’d like them all interacting as though they were on the same lan.  We don’t want to connect them to the real network because it will act as a closed lab with routing to the real network.  This way, our real lan will appear as a remote site

  43. Longwind1979 says:

    Hi John,

    How can I create an external virtual network without a vNIC in the parent partition?

    I am buy a physical server with 4 network ports. I will use this server as a domain controller and exchange server. So what I will do is to install Hypter-v in the parent partition, and create to VMs, one for DC, the other for Exhchange. I will reserve one NIC for the parent partition. Also, I want to assign two NICs for each of the VMs; that is, each VM has a dedicated physical NIC. How can I do this configuration? Do I need to create two separate external virtual networks for the two VMs? Creating a virtual network will also create a virtual NIC in the parent partition which is useless. How can I avoid creating this virtual NIC? And do I need to create a virtual network on the NIC reserved for the parent partition?

  44. Jky says:


    With hyper-v setup on my 08 R2 server, I am trying to build a 03 std server VM.

    There's only 1 physical NIC and I have just created an "external" virtual network in hyper-v.

    1) Inside "Network Connection" of my 08 server,   see a new "local area connection 3"  is created, is this a "virtual NIC" or a "virtual network" ?

    2) I assume it's a virtual NIC, so is this only reserved for the 08 server itself?

    2) Do I need to create another "external" virtual network in hyper-v causing a new "local area connection 4" appears and assign it to my 03 server VM ?



  45. ayaz says:

    I have installed Hyper V server on bare metal in work group environment and It has three virtual machine SBS, TMG, Win7

    I am using windows 7 physical machine to run Hyper V manager.

    All works fine with in virtual environment but I want to join a physical machine (windows XP) to this virtual SBS domain .

    can someone explain me how to achieve this, its even better if John article explains connectivity with physical machine and internet in his ariticle diagrams

  46. Ron says:

    Hi I need help setting up the NICs in Windows Server 2008. I am using Hyper-v in Windows Server 2008 and i am trying to set up my one network card (the only one i have on my computer) to network with windows server-core as the guest.

    I have been trying and trying to set it up the right way using legacy adapters on server-core (the guest), and External and Internal, adapters on windows server 2008, (the host) but i just can't get it to work right. Can someone please e-mail or post step by step instructions on how to solve this problem. Thanks very much. I'm sure this a DNS problem. e-mail bigronb10001@yahoo.com


  47. NaveenS says:

    How to enable and set the VLAN identifier on an external virtual network on a parent partition ih Hyper V.

  48. PMoreno02 says:

    I have a virtual machine with Linux and tow (2) virtual network cards [Ftp Server], one virtual card will use in my network [] and the other virtual card will use the other network [].

    ¿ How Hyper V can use the 2 virtual network on separate network?

    Best Regards


  49. Alok kumar sharma says:

    Hi ,

    Thanks to share this article.

    Please help me.

    How can get list of network adapter of Virtual Machine using C#?

    Example:- Local Area Connection 1 ,Local Area Connection 2,Local Area Connection 2 ,….etc.