Understanding Hyper-V VLANs
(please note part II to this post which covers other advanced scenarios)
If you are interested in this feature, it’s assumed you are familiar with the basic concept of a VLAN. Therefore I’ll focus just on using VLAN IDs with Hyper-V here. A VLAN ID is the integer which uniquely identifies a node as belonging to a particular VLAN. As per the 802.1Q specification, the VLAN ID itself is encapsulated within the Ethernet frame, which is how multiple VMs using the same physical NIC can communication on different VLANs simultaneously.
Firstly, you need physical NICs which support VLAN tagging and you need to enable the feature. However, you should generally not set the VLAN ID at the physical NIC, it should be set on either the Virtual Switch or the individual Virtual Machine’s configuration. The VLAN ID on the Virtual Switch is what the Host or Parent Partition uses. The VLAN ID setting on the individual Virtual Machine’s settings is what each VM will use.
VLAN ID setting at the Host’s Virtual Switch
VLAN ID setting at the Virtual Machine
When creating an External network in Hyper-V, a virtual network switch is created and bound to the selected physical adapter. A new virtual network adapter is created in the parent partition and connected to the virtual network switch. Child partitions can be bound to the virtual network switch by using virtual network adapters. The diagram below illustrates the architecture.
In addition to the above scenarios, Hyper-V also supports the use of VLANs and VLAN IDs with the virtual network switch and virtual network adapters. Hyper-V leverages 802.1q VLAN trunking to achieve this objective. To utilize this functionality, a virtual network switch must be created on the host and bound to a physical network adapter that supports 802.1q VLAN tagging. VLAN IDs are configured in two places:
· The virtual network switch itself which sets the VLAN ID the parent partition’s virtual network adapter will use
· The virtual network adapter of each guest which will sets the VLAN ID the guest will use
The diagram below illustrates an example of using a single physical NIC in the host which is connected to an 802.1q trunk on the physical network carrying three VLANs (5, 10, 20). The design objective in this example are:
· An 802.1q trunk carrying 3 VLANs (5, 10, 20) is connected to a physical adapter in the host
· A single virtual switch is created and bound to the physical adapter
· The VLAN ID of the virtual switch is configured to 5 which would allow the virtual NIC in the parent to communicate on VLAN 5
· The VLAN ID of the virtual NIC in Child Partition #1 is set to 10 allowing it to communicate on VLAN 10
· The VLAN ID of the virtual NIC in Child Partition #2 is set to 20 allowing it to communicate on VLAN 20
The expected behavior is that there is a single virtual switch, the parent and two children can only talk on their respective VLANs, and they can’t talk to eachother.
Comments
- Anonymous
November 14, 2008
PingBack from http://www.tmao.info/understanding-hyper-v-vlans/ - Anonymous
March 11, 2009
Do you have to explicitly account for the trunk port setting anywhere in the process, or does the fact that assigning vlan id's at the virtual switch and in the child partition virtual nics automatically convert the physcial nic to trunk mode?On the nics we are currently using there is a place within it's own device configuration to set it's VLAN ID, but there is no specific place to change it from 'access' (single VLAN) to 'trunk' (multiple VLANs). - Anonymous
March 16, 2009
Dan, definitely check with your NIC manufacturer (i.e. the user manual for the NIC). In all cases I have seen, it is not necessary to do anything other than ensure the VLAN feature is enabled on the Host (ctrl pnl, network connections, properties of NIC, configure, advanced). Do not set a network address or assign a VLAN here to use VLANs on V-Switches or VMs.Cheers. - Anonymous
March 31, 2009
Dear,I have the same scenario as per the second diagram and described as following:I want to utilize a single physical network card for the parent partition and two child machine and I need to segregate them into different VLANs. I would appreciate it you send me detailed step by step for that configuration where I followed the above steps but didn’t work. I found the following article that states“Virtual Switches in Hyper-V support only one VLAN per virtual switch. Because it is not possible to have multiple virtual switches controlling the same NIC’s you have to plan for at least one physical network card per VLAN.”Please advice on that issue and you fast response is appreciated.Regards,Rewees - Anonymous
April 01, 2009
It sounds like your scenario should be working. Yes, it's true you can only assign 1 VLAN ID on the Virtual Switch itself, but that does not mean the VMs cannot all be on different VLANs as well. As illustrated above, the V-Switch (parent partition) can operate on one VLAN, and the VMs (child partitions) can operate on different VLANs.If it's not working, I would typically suspect the NIC. Make sure you are using the latest drivers, VLAN is enabled on the NIC properties (set on the Hyper-V Host), and there are no known issues, such as was the case for a long time with certain Broadcom NICs. The other possible cause is the trunk is not properly configured on the physical switch that the Host's V-Switch is using.If you need further help please try the Hyper-V TechNet forums http://social.technet.microsoft.com/forums/en/winserverhyperv/threads/Thanks - adam - Anonymous
April 28, 2009
Thanks. Nice and clearly explained.