Virtual Networking for Hyper-V (Part 3)

by [Published on 6 Oct. 2010 / Last Updated on 6 Oct. 2010]

In the previous article, you learned how a child partition was able to access the physical network through a virtual switch. This article builds on this idea by introducing the concept of using multiple virtual switches.

If you would like to read the other parts in this article series please go to:

Introduction

In my previous article in this series, I showed you how a child partition was able to access the external network through a virtual network switch located on the parent partition. Toward the end of that article, I alluded to the fact that a parent partition can contain multiple virtual switches. In this article, I want to explain the benefits to this type of architecture.

Using Multiple Virtual Switches

The majority of my discussion on using multiple virtual switches will center around the diagram shown in Figure A. As you can see in the figure, this diagram depicts a parent partition with two separate virtual switches. There are also three child partitions that are connected to the parent partition.


Figure A: The parent partition can contain multiple virtual network switches

So far I have demonstrated that it is possible to have multiple virtual switches within the parent partition, but I haven’t really talked about why you might want to do so. In this particular case, we are using multiple virtual network switches as a way of offloading some of the network traffic from our physical network adapter. The reason why we can do this is because not all servers need access to the physical network.

To show you what I am talking about, imagine that child partition 1 contains a guest machine that is acting as a Web server. Now, imaging that Child Partition 2 contains a virtual server that is hosting the backend database used by the Web server on Child Partition 1. Finally, let’s assume that Child Partition 3 is hosting a Web content engine that is used by the Web site.

In a situation like this, the Web site needs to be accessible to the outside world, so it has to be connected to the physical network adapter. As such, you will notice that Child Partition 1 contains two virtual NICs. The one on top is connected to the same virtual switch that the physical NIC is connected to. This allows the Web server to communicate with the physical network.

Since child partition 2 contains a backend database that is used by the Web server, the database server and the Web server need to be able to communicate with each other. At the same time though, there is no reason why the database server would need access to the physical network if it only services the Web server. If anything, keeping the database server off of the physical network goes a long way toward improving the server’s security.

The same thing could be said about the content management server located in Child Partition 3. This server provides content to the Web site, so it needs to be able to communicate with the Web server. Most content management servers are database driven, so the content management server will probably also need to be able to talk to the database server. However, there is no reason why the content manager would need to be accessible from the physical network (or at least not for the purposes of this illustration anyway).

If you look back at the diagram shown in Figure A, you will notice that Child Partition 2 (the database server) and Child Partition 3 (the content management server) are both connected to a common virtual switch. Child Partition 1 (the Web Server) is also connected to this switch, as is the parent partition. However, the switch has no connectivity to the physical network.

The end result is that the parent partition, Child Partition 1, Child Partition 2, and Child Partition 3 can all communicate with each other, because each of these partitions is connected to a common virtual switch within the parent partition. Only the parent partition and Child Partition 1 however, can access the physical network because these are the only partitions that are connected to the same switch as the physical NIC. Although Child Partition 1 is equipped with two separate NICs, and is connected to both switches, the virtual server is not configured to act as a bridge or a router, so we don’t have to worry about traffic crossing between the two networks.

Connecting a Virtual Server to a Virtual Switch

Hopefully, you can see the benefits of being able to create a multi switch virtual network. So far everything that I have talked about has been theoretical though. That being the case, I thought that it would be nice to wrap things up by showing you how to connect a virtual server to a specific virtual switch.

The Hyper-V Manager console contains a feature called the Virtual Network Manager. As the name implies, you can use the Virtual Network Manager to create and manage virtual networks. As you can see in Figure B, the Virtual Network Manager gives you the option of creating a new virtual network. Although the dialog box doesn’t say so, when you create a new virtual network, what you are really doing is creating a new virtual switch.


Figure B: You can use the Virtual Network Manager to create a new virtual switch

As you can see in the figure above, you can choose from three different types of virtual networks:

  • External – An external virtual network uses a virtual switch that is bound to a physical NIC, and computers on the virtual network can access the physical network.
  • Internal – An internal network uses a virtual switch that is bound to the parent partition, but not to a physical NIC. Therefore, servers on an internal network have access to each other and to the parent partition, but not to the outside world.
  • Private – A private network is similar to an internal virtual network, except that it has no access to the parent partition.

Joining a virtual server to a specific virtual switch is done through the virtual server’s Settings screen. If you look at Figure C, you will notice that the Network Adapter section contains a Networks drop down list. You can use this drop down to choose which virtual switch the server’s virtual network adapter will connect to.


Figure C: You can use the Network drop down list to control which virtual switch a virtual network adapter is connected to

Of course this screen capture only shows one virtual network adapter. In Figure A, we had a guest partition with two virtual network adapters. If you need for a virtual server to be connected to multiple virtual networks, then you must simply create one or more additional virtual network adapters by using the Add Hardware option at the top of the Settings dialog box.

Conclusion

In this article, I have shown you how you can use multiple virtual network switches to isolate key servers and to build elaborate virtual networks. So far though, all of my examples have revolved around a host server that only has a single interface to the physical network. In Part 4, I will continue the discussion by showing you what happens when we bring multiple physical network adapters into the mix.

If you would like to read the other parts in this article series please go to:

Featured Links