This section describes the basics of virtual networking in Hyper-V and the different types of virtual networks you can configure. Networking in Hyper-V works differently than networking in Virtual Server 2005, and these differences are also discussed. Before configuring a virtual network, you should determine the design and type of virtual network you plan to use. You should be aware that Hyper-V does not support wireless networks.
For step-by-step instructions to configure a virtual network, see Step-by-Step Guide to Getting Started with Hyper-V (http://go.microsoft.com/fwlink/?LinkID=119207).
Virtual network types
You can create virtual networks on the server running Hyper-V to define various networking topologies for virtual machines and the virtualization server. Using Virtual Network Manager (accessed from Hyper-V Manager), you have three different types of virtual networks to choose from.
-
External virtual networks. Use this type when you want to allow virtual machines to communicate with externally located servers and the management operating system (sometimes referred to as the parent partition). This type also allows virtual machines on the same physical server to communicate with each other.
-
Internal virtual networks. Use this type when you want to allow communication between virtual machines on the same physical server and virtual machines and the management operating system. An internal virtual network is a virtual network that is not bound to a physical network adapter. It is commonly used to build a test environment where you need to connect to the virtual machines from the management operating system.
-
Private virtual networks. Use this type when you want to allow communication only between virtual machines on the same physical server. A private virtual network is a virtual network without a virtual network adapter in the management operating system. Private virtual networks are commonly used when you want to isolate virtual machines from network traffic in the management operating system and in the external networks.
Virtual networking basics
While Hyper-V allows you to configure complex virtual network environments, the basic concept of virtual networking is straightforward. For a simple virtual network configuration, we recommend that you have at least two network adapters on the server running Hyper-V: one network adapter dedicated to the physical machine for remote management, and one or more network adapters dedicated to the virtual machines. If you are running an Internet SCSI (iSCSI) initiator for virtual hard disk storage, we recommend that you use additional network adapters in the management operating system. The management operating system is a partition that calls the Windows hypervisor and requests that new partitions are created. There can be only one management operating system. For information on the backup and recovery strategy for a virtualized server environment, see Planning for Backup.
When you add the Hyper-V role during a full installation of Windows Server 2008, you have the option to configure one or more external virtual networks.
.gif) Note |
|
This option is not available when performing a Server Core installation of Windows Server 2008. The virtual network adapters can be renamed to reflect if they are assigned to the physical machine or the virtual machines. |
When you install Hyper-V and create an external virtual network, the management operating system uses a new virtual network adapter to connect to the physical network. The network connections consist of the original network adapter and the new virtual network adapter. The original physical network adapter does not have anything bound to it. However, the virtual network adapter has all of the standard protocols and services bound to it.
Hyper-V binds the Virtual Network Service Protocol to a physical network adapter when an external virtual network is created. You should be aware that external network connectivity will be temporarily disrupted when an external virtual network is created or deleted.
Once it is created, a virtual network works just like a physical network except that the switch is software based and ports can be added or removed dynamically as they are needed.
Once an external virtual network is configured, all networking traffic is routed though the virtual switch. For this reason, we recommend using at least one additional physical network adapter for managing network traffic. The virtual switch functions as a physical switch would and routes networking traffic through the virtual network to its destination. The following image is an example of an external virtual network.
.gif)
For internal virtual networks, only communication between virtual machines on the same physical server and between virtual machines and the management operating system is allowed. The following image is an example of an internal virtual network.
.gif)
Use a private virtual network when you want to allow communication only between virtual machines on the same physical server. The following image is an example of a private virtual network.
.gif)
Networking and virtual machines
In Hyper-V, when a virtual machine is created and attached to a virtual network, it connects using a virtual network adapter. There are two types of network adapters available for Hyper-V: a network adapter and a legacy network adapter. For the network adapter to work, integration services must be installed, which is part of the Hyper-V installation. If integration services cannot be installed because of the version of the operating system, the network adapter cannot be used. Instead, you need to add a legacy network adapter that emulates an Intel 21140-based PCI Fast Ethernet Adapter and works without installing a virtual machine driver. A legacy network adapter also supports network-based installations because it includes the ability to boot to the Pre-Boot Execution Environment (PXE). The legacy network adapter is also required if a virtual machine needs to boot from a network. You will need to disable the network adapter after the PXE boot.
The virtual machine is logically connected to a port on the virtual network. For a networking application on the virtual machine to connect to something externally, it is first routed through the virtual network adapter to the virtual port on the external virtual network to which the virtual machine is attached. The networking packet is then directed to the physical network adapter and out to an external physical network.
For the virtual machine to communicate with the management operating system, there are two options. One option is to route the network packet through the physical network adapter and out to the physical network, which then returns the packet back to the server running Hyper-V using the second physical network adapter. Another option is to route the network packet through the virtual network, which is more efficient. The option selected is determined by the virtual network. The virtual network includes a learning algorithm, which determines the most efficient port to direct traffic to and will send the network packet to that port. Until that determination is made by the virtual network, network packets are sent out to all virtual ports.
Configuring virtual local area networks (VLANs)
Hyper-V supports virtual local area networks (VLANs), and because a VLAN configuration is software-based, computers can easily be moved and still maintain their network configurations. For each virtual network adapter you connect to a virtual machine, you can configure a VLAN ID for the virtual machine. You will need the following to configure VLANs:
-
A physical network adapter that supports VLANs.
-
A physical network adapter that supports network packets with VLAN IDs that are already applied.
On the management operating system, you will need to configure the virtual network to allow network traffic on the physical port. This is for the VLAN IDs that you want to use internally with virtual machines. Next, you configure the virtual machine to specify the virtual LAN that the virtual machine will use for all network communications.
There are two modes in which you can configure a VLAN: access mode and trunk mode. In access mode, the external port of the virtual network is restricted to a single VLAN ID in the UI. You can have multiple VLANs using WMI. Use access mode when the physical network adapter is connected to a port on the physical network switch that also is in access mode. To give a virtual machine external access on the virtual network that is in access mode, you must configure the virtual machine to use the same VLAN ID that is configured in the access mode of the virtual network. Trunk mode allows multiple VLAN IDs to share the connection between the physical network adapter and the physical network. To give virtual machines external access on the virtual network in multiple VLANs, you need to configure the port on the physical network to be in trunk mode. You will also need to know the specific VLANs that are used and all of the VLAN IDs used by the virtual machines that the virtual network supports.
To allow Hyper-V to use a VLAN
-
Open Hyper-V Manager.
-
From the Actions menu, click Virtual Network Manager.
-
Select the virtual network you want to edit, and, in the right pane, check to select Enable virtual LAN identification.
-
Enter a number for the VLAN ID. All traffic for the management operating system that goes through the network adapter will be tagged with the VLAN ID you set.
To allow a virtual machine to use a VLAN
-
Open Hyper-V Manager.
-
In the results pane, under Virtual Machines, select the virtual machine that you want to configure to use a VLAN.
-
In the Action pane, under the virtual machine name, click Settings.
-
Under Hardware, select the virtual network adapter connected to the external virtual network.
-
In the right pane, select Enable virtual LAN identification, and then enter the VLAN ID you plan to use.
If you need the virtual machine to communicate using additional VLANs, connect additional network adapters to the appropriate virtual network and assign the VLAN ID. Make sure to configure the IP addresses correctly and that the traffic you want to move across the VLAN is also using the correct IP address.