John Howard - Senior Program Manager in the Hyper-V team at Microsoft

Senior Program Manager, Hyper-V team, Windows Core Operating System Division.

Hyper-V: What are the uses for different types of virtual networks?

Hyper-V: What are the uses for different types of virtual networks?

  • Comments 51
  • Likes

If you followed yesterdays post explaining the basics of networking in Hyper-V, you may be wondering what the different types of virtual networks are, when you should use them, and how they look in terms of traffic flow.

When you open Virtual Network Manager from Hyper-V Manager, there are three types of virtual network which can be created: External, Internal and Private. There is also a fourth type which can only be created through WMI and doesn’t have an official name, but I’ll call it a “Dedicated” virtual network (thanks Jake who came up with the suggestion!). Let’s look at each type, and when it is appropriate to use them.

External

External virtual networks are used where you want to allow communications between

  • Virtual machine to virtual machine on the same physical server
  • Virtual machine to parent partition (and visa-versa)
  • Virtual machine to externally located servers (and visa-versa)
  • (Optional) Parent partition to externally located servers (and visa-versa)

external  

Internal

Internal virtual networks are used where you want to allow communications between

  • Virtual machine to virtual machine on the same physical server
  • Virtual machine to parent partition (and visa-versa)

In a block diagram, an internal network is an external network without the binding to a physical NIC. An internal network would commonly be used to build a test environment where you need network connectivity into the virtual machines from the parent partition itself.

internal

Private

Private virtual networks are used where you want to allow communications between

  • Virtual machine to virtual machine on the same physical server

In a block diagram, a private network is an internal network without a virtual NIC in the parent partition. A private network would commonly be used where you need complete isolation of virtual machines from external and parent partition traffic. DMZ workloads running on a leg of a tri-homed firewall, or an isolated test domain are examples where this type of network may be useful.

private

Dedicated

Dedicated networks are in some ways one of the most useful type of virtual network where you dedicate a physical NIC for use just by virtual machines. They allow communication between:

  • Virtual machine to virtual machine on the same physical server
  • Virtual machine to externally located servers (and visa-versa)

Note that the parent partition is unable to use a dedicated virtual network for its own communication. You would normally have a second physical NIC for use by the parent partition, as was discussed yesterday. In a block diagram, a dedicated network is an external network without a virtual NIC in the parent partition.

 

dedicated

Note that you can achieve something functionally identical to a dedicated network by creating an external virtual network, and unbinding the protocols from the newly created virtual NIC in the parent partition. However, I would personally recommend you deploy a dedicated virtual network “correctly” to avoid accidental changing of bindings on the virtual NIC, or to avoid confusion as to what is present in the network adapters control panel applet. (And before you ask, I don’t have a sample script to create a dedicated virtual network yet. A post for another day).

Cheers,
John.

Comments
  • When Hyper-V finale release come ?

  • Syl - within 180 days of the RTM of Windows Server 2008.

    Cheers,

    John.

  • Getting Started with Microsoft Hyper-V Understanding Hyper-V partitions and device drivers Migrating

  • U zadnje vrijeme sam imao podosta obaveza pa ne stigoh osvjeziti blog novostima, stoga slijedi izvjestaj

  • Fantastic article John, came at just the right moment for me.  I am trying to create something like a dedicated network but was a little confused with the sentence "unbinding the Microsoft Virtual Network Switch Protocol from the virtual NIC in the parent partition".  It seems that it is the physical NIC that has the Virtual Network Switch Protocol.  Would you not simply delete the virtual NIC from the parent partition, if you can?

    I shall be trying this out today as I am trying to see if I can set up a Virtual ISA2006 server.  I will report back my findings.

  • With the RTM release of Hyper-V just around the corner, I thought it would be a good idea to re-visit

  • Ewdev - good catch, thank you. My bad - I meant unbind the protocols (which are all except the virtual network switch protocol) from the virtual NIC in the parent partition. I'll correct the text. You won't be able to delete the virtual NIC itself (you shouldn't any way).

    Thanks,

    John.

  • Well it is all up and working now, a little painful perhaps but I now have a DC/DNS/DHCP/WINS on the host VM plus three  Windows Server 2008 x64 child VM's for SQL Server 2005, IIS7 and Exchange 2007.  All of these are attached to an External virtual network and protected by a fourth child VM running Windows Server 2003 + SP2 x86 with ISA2006 and two virtual NIC's, one on the External vrtual network and the other on a Dedicated virtual network as discussed above.  Just to re-iterate, the dedicated network was simulated by unbinding ALL protocols off the dedicated virtual NIC from the host VM so as to eliminate the problem of the host bypassing the ISA firewall.  The only cable coming out of my box at present is one attached to the Dedicated NIC which goes straight to the Internet, although there is an external physical port for additional physical machines on the internal network if wished (This is the port for the "External" virtual network where the word "External" simply means external to the physical machine). The ISA2006 edge firewall setup works a treat and this seems such an obvious setup that I wonder if the concept of the Dedicated virtual network should perhaps be in the final build for Hyper-V?

  • Ewdev - yes, this is somethig we're looking at for a future version. Glad you got it working.

    Cheers,

    John.

  • So how about that script for making a dedicated type?  Failing that, could anyone here point me to step-by-step manual instructions to "deploy a dedicated virtual network “correctly”"?

    Thanks.

  • Scott - I apologise, I haven't had a chance to get round to putting it together. Published in the last few days though are some sample scripts for the WMI APIs for Hyper-V, although it will require a bit of piecing together. Specifically, you need the Msvm_VirtualSwitchManagementService class, the sample code for the methods being http://msdn.microsoft.com/en-us/library/cc723875(VS.85).aspx.

    Alternately, as I mentioned in the main body of the the text, you can functionally create something identical to a dedicated network by creating an external virtual network switch in the user interface. Once created, on the new virtual NIC which is created in the parent partition, remove all bindings: Start/ncpa.cpl. Select the appropriate NIC and choose properties. De-select all bindings. The only difference between this approach and using WMI is that you have a virtual NIC instance in the parent partition. However, with no bindings applied to it, it can't be used for anything.

    I will get round to the script. Just need to find some time. Sorry!

    Cheers,

    John.

  • John,

    If I want something like a dedicated virtual network, is there any reason not to DISABLE the virtual NIC in the host as opposed to unbinding?

    thanks

    Martin

  • Hi Martin - yes, this will be equivalent from a functionality perspective. Personally, I prefer the unbinding to disabling as it's harder to accidentally re-bind than it is to accidentally re-enable the NIC.

    Cheers,

    John.

  • Hyperv Networking and Dedicated Rotable IP Addresses.

    Hi Martin

    Can you confirm the correct place to apply a front facing ip address for my machines. My normal process is to setup a server and assign one or more ip addresses from my /22 range.

    These are usually used by me for hosting or for clients. Normally i would assign the ip addresses within the machines OS. From reading through all the published stuff its not clear to me if this is still doen within the virtual server or if its placed on the physical machine. My concern is that if its not assined within the virtual machine and then you moved it to another machine how would the ip address assigned to it move unless it was within the contents of the .vhd file?? I hope you can clear up the process for me because its delyaing me moving ahead with my testing prior to prodcution. At present i have one server running datacetre edition 2008, the parent is running ssvmm2008 beta. The proliant dl360 server has 2gb nics in it.

    I look forward to your response.

  • Ben

    Treat each virtual machine like you would any other physical machine and assign the virtual NIC in the VM an appropriate IP address. That information will be stored in the operating system image contained in the VHD. The NIC instance itself though is stored in the configuration file for the VM, therefore if you move a VM from one server to another, you need to move both using the export & import function in Hyper-V Manager.

    Thanks,

    John.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment