Jaa


Hyper-V: What are the uses for different types of virtual networks?

If you followed yesterdays post explaining the basics of networking in Hyper-V, you may be wondering what the different types of virtual networks are, when you should use them, and how they look in terms of traffic flow.

When you open Virtual Network Manager from Hyper-V Manager, there are three types of virtual network which can be created: External, Internal and Private. There is also a fourth type which can only be created through WMI and doesn’t have an official name, but I’ll call it a “Dedicated” virtual network (thanks Jake who came up with the suggestion!). Let’s look at each type, and when it is appropriate to use them.

External

External virtual networks are used where you want to allow communications between

  • Virtual machine to virtual machine on the same physical server
  • Virtual machine to parent partition (and visa-versa)
  • Virtual machine to externally located servers (and visa-versa)
  • (Optional) Parent partition to externally located servers (and visa-versa)

external  

Internal

Internal virtual networks are used where you want to allow communications between

  • Virtual machine to virtual machine on the same physical server
  • Virtual machine to parent partition (and visa-versa)

In a block diagram, an internal network is an external network without the binding to a physical NIC. An internal network would commonly be used to build a test environment where you need network connectivity into the virtual machines from the parent partition itself.

internal

Private

Private virtual networks are used where you want to allow communications between

  • Virtual machine to virtual machine on the same physical server

In a block diagram, a private network is an internal network without a virtual NIC in the parent partition. A private network would commonly be used where you need complete isolation of virtual machines from external and parent partition traffic. DMZ workloads running on a leg of a tri-homed firewall, or an isolated test domain are examples where this type of network may be useful.

private

Dedicated

Dedicated networks are in some ways one of the most useful type of virtual network where you dedicate a physical NIC for use just by virtual machines. They allow communication between:

  • Virtual machine to virtual machine on the same physical server
  • Virtual machine to externally located servers (and visa-versa)

Note that the parent partition is unable to use a dedicated virtual network for its own communication. You would normally have a second physical NIC for use by the parent partition, as was discussed yesterday. In a block diagram, a dedicated network is an external network without a virtual NIC in the parent partition.

 

dedicated

Note that you can achieve something functionally identical to a dedicated network by creating an external virtual network, and unbinding the protocols from the newly created virtual NIC in the parent partition. However, I would personally recommend you deploy a dedicated virtual network “correctly” to avoid accidental changing of bindings on the virtual NIC, or to avoid confusion as to what is present in the network adapters control panel applet. (And before you ask, I don’t have a sample script to create a dedicated virtual network yet. A post for another day).

Cheers,
John.

Comments

  • Anonymous
    January 01, 2003
    Ben - disable for the virtual NIC created for the physical NIC which is being used for virtual machines. You'll hit all sorts of problems with two default gateways on two NICs in the parent partition. Thanks, John.

  • Anonymous
    January 01, 2003
    U zadnje vrijeme sam imao podosta obaveza pa ne stigoh osvjeziti blog novostima, stoga slijedi izvjestaj

  • Anonymous
    January 01, 2003
    Performance Tuning Guidelines for Windows Server 2008 Hyper-V Release Notes Planning for Hyper-V Security

  • Anonymous
    January 01, 2003
    Ron - see the first diagram at the top of this post. You need an external virtual network on the parent partition bound to your one physical NIC, exposing a virtual NIC to the parent partition so that it can have network connectivity. Each VM is simply connected to the external virtual network in the NIC portion of the VM settings. You should not need to use a legacy NIC. John.

  • Anonymous
    January 01, 2003
    Mike2 netsh interface show interface --> to get the interface name for the adapter you want to disable netsh interface set interface "interface name from above" disabled Cheers, John.

  • Anonymous
    January 01, 2003
    Hi this is  Great overview . But i can create Dedicated switch . how can i make dedicated switch ?

  • Anonymous
    January 01, 2003
    Getting Started with Microsoft Hyper-V Understanding Hyper-V partitions and device drivers Migrating

  • Anonymous
    January 01, 2003
    Reuvens. There is no operational/practical difference between a dedicated network and an external network with a disabled virtual NIC in the parent partition. However, when you have multiple physical NICs, it can quickly become very confusing when looking at ncpa.cpl to see one or more disabled NICs and you risk accidental exposure of the parent to that network should it be enabled. Second question - nothing more than an oversight. Really! And yes, it is the recommended production deployment configuration for physical NICs "dedicated" to VM traffic. Third question. Look at the first picture above and compare with the dedicated network picture. It doesn't matter what you disable in the virtual NIC as that isn't being used for VM traffic. It's the physical NIC which has the Microsoft Virtual Network Switch Protocol bound which is being used for traffic. It's really nothing to do with bridging - we implement as the diagram suggests a layer 2 switch in software. The closest I could point you to current "official" documentation is http://technet.microsoft.com/en-us/library/cc816585.aspx (which is largely based on the post above  :) ) Thanks, John.

  • Anonymous
    January 01, 2003
    Good overview.

  • Anonymous
    January 01, 2003
    Syl - within 180 days of the RTM of Windows Server 2008. Cheers, John.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Ben Treat each virtual machine like you would any other physical machine and assign the virtual NIC in the VM an appropriate IP address. That information will be stored in the operating system image contained in the VHD. The NIC instance itself though is stored in the configuration file for the VM, therefore if you move a VM from one server to another, you need to move both using the export & import function in Hyper-V Manager. Thanks, John.

  • Anonymous
    January 01, 2003
    Colin - the only way you can have a virtual network span two different hyper-v machines is if the two machines have a piece of physical wire between them. Now that doesn't have to be the "real" network you describe if you have an unused physical NIC on each machine - create an external virtual network on each server, without a vNIC in the parent partition. Connect both physical NICs together either with a crossover cable or via a dedicated hardware switch/hub. Thanks, John.

  • Anonymous
    January 01, 2003
    Ewdev - yes, this is somethig we're looking at for a future version. Glad you got it working. Cheers, John.

  • Anonymous
    January 01, 2003
    I thought I’d start a series of posts highlighting some of the smaller changes in Hyper-V in Windows

  • Anonymous
    January 01, 2003
    Hyper-V HW & SW requirement: http://technet.microsoft.com/en-us/library/cc816844.aspx Hyper-V RTM

  • Anonymous
    January 01, 2003
    Scott - I apologise, I haven't had a chance to get round to putting it together. Published in the last few days though are some sample scripts for the WMI APIs for Hyper-V, although it will require a bit of piecing together. Specifically, you need the Msvm_VirtualSwitchManagementService class, the sample code for the methods being http://msdn.microsoft.com/en-us/library/cc723875(VS.85).aspx. Alternately, as I mentioned in the main body of the the text, you can functionally create something identical to a dedicated network by creating an external virtual network switch in the user interface. Once created, on the new virtual NIC which is created in the parent partition, remove all bindings: Start/ncpa.cpl. Select the appropriate NIC and choose properties. De-select all bindings. The only difference between this approach and using WMI is that you have a virtual NIC instance in the parent partition. However, with no bindings applied to it, it can't be used for anything. I will get round to the script. Just need to find some time. Sorry! Cheers, John.

  • Anonymous
    January 01, 2003
    With the RTM release of Hyper-V just around the corner, I thought it would be a good idea to re-visit

  • Anonymous
    January 01, 2003
    A few questions:

  1. Can you explain what the pratical difference is between the "external" and "dedicated" network types. Another words, why would I want to choose one over the other.
  2. Going on the last question, I have to ask why there isn't a dedicated network option in the UI, but instead only via WMI (or scripting). Is this some hidden option that wasn't meant for production?
  3. Can you explain how when you disable the virtual interface or even deselect all of the items in the NIC properties (and therefore that NIC doesn't have an IP address) the VMs assigned to that interface can still contact the network? I've seen people explain this by using the concept of "bridging" but I wondered if there is any documentation about how this works? Good Post! Thanks, Reuven
  • Anonymous
    January 01, 2003
    Gul - Hyper-V doesn't expose (or have) capabilities from the parent partition to set these parameters inside a VM. The parent is 'blind' to how the OS instance in a VM itself is configured. Thanks, John.

  • Anonymous
    January 01, 2003
    Ewdev - good catch, thank you. My bad - I meant unbind the protocols (which are all except the virtual network switch protocol) from the virtual NIC in the parent partition. I'll correct the text. You won't be able to delete the virtual NIC itself (you shouldn't any way). Thanks, John.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    David - not unless you believe all 12 VMs are going to need a whole (I assume) gigabit each simultaneously - generally that's pretty unlikely and you would be able to share several VMs through a single NIC. Obviously though, it depends entirely on the network profile of each workload to determine what it reasonable to share on a single NIC and when you need more than one. Being in a SAN should make no difference from the networking side though (unless you're referring to storage over networking as in iSCSI?) Thanks, John.

  • Anonymous
    January 01, 2003
    Hi Martin - yes, this will be equivalent from a functionality perspective. Personally, I prefer the unbinding to disabling as it's harder to accidentally re-bind than it is to accidentally re-enable the NIC. Cheers, John.

  • Anonymous
    January 01, 2003
    @nvvn. Thanks. Your request has been on my list for a few months. I will get round to this just as soon as I can. Thanks, John.

  • Anonymous
    January 01, 2003
    Thanks For great article .

  • Anonymous
    June 19, 2008
    When Hyper-V finale release come ?

  • Anonymous
    June 25, 2008
    Fantastic article John, came at just the right moment for me.  I am trying to create something like a dedicated network but was a little confused with the sentence "unbinding the Microsoft Virtual Network Switch Protocol from the virtual NIC in the parent partition".  It seems that it is the physical NIC that has the Virtual Network Switch Protocol.  Would you not simply delete the virtual NIC from the parent partition, if you can? I shall be trying this out today as I am trying to see if I can set up a Virtual ISA2006 server.  I will report back my findings.

  • Anonymous
    July 02, 2008
    The comment has been removed

  • Anonymous
    July 19, 2008
    So how about that script for making a dedicated type?  Failing that, could anyone here point me to step-by-step manual instructions to "deploy a dedicated virtual network “correctly”"? Thanks.

  • Anonymous
    August 08, 2008
    John, If I want something like a dedicated virtual network, is there any reason not to DISABLE the virtual NIC in the host as opposed to unbinding? thanks Martin

  • Anonymous
    October 21, 2008
    Hyperv Networking and Dedicated Rotable IP Addresses. Hi Martin Can you confirm the correct place to apply a front facing ip address for my machines. My normal process is to setup a server and assign one or more ip addresses from my /22 range. These are usually used by me for hosting or for clients. Normally i would assign the ip addresses within the machines OS. From reading through all the published stuff its not clear to me if this is still doen within the virtual server or if its placed on the physical machine. My concern is that if its not assined within the virtual machine and then you moved it to another machine how would the ip address assigned to it move unless it was within the contents of the .vhd file?? I hope you can clear up the process for me because its delyaing me moving ahead with my testing prior to prodcution. At present i have one server running datacetre edition 2008, the parent is running ssvmm2008 beta. The proliant dl360 server has 2gb nics in it. I look forward to your response.

  • Anonymous
    November 09, 2008
    The comment has been removed

  • Anonymous
    November 11, 2008
    Excellent job, keep up good work, also for part 1. However I would like to see if it is possible step by step guide or how-to for VLAN's. For example, Win Svr 2008 with HyperV server have two physical NIC's. NIC2 is connected to physical port onto physical swtich with two VLAN, ie 11 for data, 12 for voip. How can I have also these two VLAN's in virtual servers. Best regards

  • Anonymous
    December 04, 2008
    Founds this.....Howto create a Virtual Swich for External without creating a Virtual NIC on the root

  • Anonymous
    December 11, 2008
    John, Running 12 VM's in a SAN; is there any advantage to using 12 physical NIC's?

  • Anonymous
    December 20, 2008
    I have eight NICs in my 8x32 HP blades and using Fiber Channel with Clustering.  I am curious what the recommended 'Dedicated Network' configuration would be leveraging the most NICs without running into gateway issues?  I also have the ability to team the NICs but have been cautioned about using teaming with Hyper-V. NIC1 - Parent Partition NIC ? NIC2 - Heartbeat ? NIC3 - NIC4 - NIC5 - NIC6 - NIC7 - NIC8 -

  • Anonymous
    December 20, 2008
    can you share which stencil you use for the switch and NICS? Thanks, Mike

  • Anonymous
    February 02, 2009
    How would I unbind all protocolls from or simply disable the virtual NIC on the parent under WS2008 Core or HVS2008? I tried the registry, netsh, devcon.exe... no success.... Thanks, Mike2

  • Anonymous
    February 25, 2009
    Ben Armstrong has posted a script that creates a dedicated network: http://blogs.msdn.com/virtual_pc_guy/archive/2009/02/19/script-creating-an-external-only-virtual-network-with-hyper-v.aspx

  • Anonymous
    March 03, 2009
    John, I am setting up a system having a single NIC and two VMs using an external virtual network. I am wondering, will the external IP address for both VMs appear the same to an external device? Thanks

  • Anonymous
    July 20, 2009
    Nice explantion, however i am searching for one thing that can i set IP address, Default gateway etc to the virtual machine nIC using powersheell or WMI. Thanks Regards Gul

  • Anonymous
    August 06, 2009
    Hi John,   Your forum is of amazing help to our project. Thanks for your support.  I got a question in networking. We are trying to configure network to a VM programmatically via WMI. While configuring the network adapter with the channel instance id, we require a VM restart to make the IP configuration successfull. Is this the expected behaviour or are we doing it wrong? Please suggest us. Thanks Shiva

  • Anonymous
    November 26, 2009
    Is it possible to have a virtual network span 2 different hyper-v hosts.  We have 2 boxes capable of running 7 virtual machines each and we'd like them all interacting as though they were on the same lan.  We don't want to connect them to the real network because it will act as a closed lab with routing to the real network.  This way, our real lan will appear as a remote site

  • Anonymous
    February 21, 2010
    Hi John, How can I create an external virtual network without a vNIC in the parent partition? I am buy a physical server with 4 network ports. I will use this server as a domain controller and exchange server. So what I will do is to install Hypter-v in the parent partition, and create to VMs, one for DC, the other for Exhchange. I will reserve one NIC for the parent partition. Also, I want to assign two NICs for each of the VMs; that is, each VM has a dedicated physical NIC. How can I do this configuration? Do I need to create two separate external virtual networks for the two VMs? Creating a virtual network will also create a virtual NIC in the parent partition which is useless. How can I avoid creating this virtual NIC? And do I need to create a virtual network on the NIC reserved for the parent partition?

  • Anonymous
    December 22, 2010
    John, With hyper-v setup on my 08 R2 server, I am trying to build a 03 std server VM. There's only 1 physical NIC and I have just created an "external" virtual network in hyper-v.

  1. Inside "Network Connection" of my 08 server,   see a new "local area connection 3"  is created, is this a "virtual NIC" or a "virtual network" ?
  2. I assume it's a virtual NIC, so is this only reserved for the 08 server itself?
  3. Do I need to create another "external" virtual network in hyper-v causing a new "local area connection 4" appears and assign it to my 03 server VM ? Regards, Jky
  • Anonymous
    February 09, 2011
    I have installed Hyper V server on bare metal in work group environment and It has three virtual machine SBS, TMG, Win7 I am using windows 7 physical machine to run Hyper V manager. All works fine with in virtual environment but I want to join a physical machine (windows XP) to this virtual SBS domain . can someone explain me how to achieve this, its even better if John article explains connectivity with physical machine and internet in his ariticle diagrams

  • Anonymous
    April 29, 2011
    The comment has been removed

  • Anonymous
    June 06, 2011
    How to enable and set the VLAN identifier on an external virtual network on a parent partition ih Hyper V.

  • Anonymous
    December 04, 2011
    The comment has been removed

  • Anonymous
    May 16, 2013
    Hi , Thanks to share this article. Please help me. How can get list of network adapter of Virtual Machine using C#? Example:- Local Area Connection 1 ,Local Area Connection 2,Local Area Connection 2 ,....etc. Thanks Alok