Virtual Networking for Hyper-V (Part 4)

by [Published on 20 Oct. 2010 / Last Updated on 20 Oct. 2010]

This article continues the discussion of virtual networking in Hyper-V by examining the role and limitations associated with physical network adapters within a host server.

If you would like to read the other parts in this article series please go to:

Introduction

In the previous article in this series, I showed you the role that virtualized network switches play in a Hyper-V environment. Although virtual switches are the backbone of any virtual network, physical network adapters are nearly as important. That being the case, I want to turn my attention to the way that physical network adapters are used by a Hyper-V server.

Some Fundamental Rules

Before I get started, there are a few fundamental rules that you need to understand regarding the way in which Hyper-V interacts with physical network adapters. The first rule is that physical network adapters cannot be assigned an IP address. In fact, the only component that can even be bound to a physical network adapter is the Virtual Network Switch protocol. Binding additional components to a physical network adapter, or attempting to assign an IP address directly to a physical adapter will usually break the network connection, and cause any virtual machines that are connected to the same virtual switch as the physical adapter to lose network connectivity.

The second fundamental rule that you need to understand is that virtual machines can not be directly bound to a physical network adapter. When you open the settings page for a virtual machine, Windows provides the illusion that you are binding the virtual machine directly to a physical network adapter, as shown in Figure A.


Figure A: Hyper-V gives the illusion that the administrator is binding a virtual machine directly to a physical network adapter

In actuality though, there is a virtual switch that exists between the selected network adapter and the virtual machine. As I explained in the previous article, it is this virtual switch that allows a single physical adapter to be shared among multiple virtual machines.

On a similar note, a third fundamental rule is that a physical network adapter can only be bound to a single virtual switch. I have seen situations in which administrators have attempted to connect multiple virtual networks to a single physical network adapter. While there are ways of performing this type of configuration in a roundabout manner, doing so may impact performance, and you can’t bind the virtual networks directly to the adapter because of the one virtual switch limit.

Finally, Microsoft does not support wireless network adapters for use with Hyper-V. Therefore, you will not be able to provide your virtual machines with wireless network access.

Using Multiple Physical Network Adapters

Although it is possible to operate a Hyper-V server, Microsoft recommends that your Hyper-V server contains a minimum of two network adapters. In this type of configuration, one of the network adapters would be dedicated to your management network (for managing the host server), and the other adapter would be dedicated to your virtual machines.

This type of configuration improves both performance and security for the Hyper-V server. Performance is improved because traffic that is solely related to the parent partition is offloaded to a dedicated network segment, which frees up bandwidth on the adapter that is servicing virtual machines.

At the same time, this type of design also improves security. Think about the difference in the ways in which your host server and your virtual machines use network connectivity. Most, if not all of the host server traffic is probably related to management tasks. For example, you must occasionally apply patches to the parent operating system.

While there is a certain degree of management traffic associated with the virtual machines, these servers are also running applications. As such, at least some of the virtual machines require Internet access. In contrast, there is no reason why the parent partition should ever be connected to the Internet. Isolating the parent partition to a dedicated network connection shields it from Internet traffic.

While researching this article, I have read numerous posts on various Internet forums from administrators who were unsure of how to dedicate a physical NIC to the parent partition. If you want to guarantee that a network adapter is never used within a virtual machine, then you must do so during the initial Hyper-V deployment process. Hyper-V’s setup wizard contains a screen which allows you to choose which network adapters you want to make available to virtual machines. Simply deselect one of the network adapters on the list, and by definition that adapter will remain accessible only to the parent partition.

Of course this doesn’t do you a whole lot of good if you have already deployed Hyper-V and did not end up reserving a physical network adapter for the parent partition. In this type of situation, there are a couple of different things that you can do.

One option is to temporarily move all of your virtual machines to another host. Given the nature of the situation, you will probably have to use Hyper-V’s export / import function to move the individual virtual machines. Although the process of exporting and importing virtual machines seems to work well, it can be very time consuming.

Once the virtual machines have been exported, you can remove Hyper-V from the server, and then reinstall it using the correct network adapter settings. You can now import the virtual machines back into the host.

If you choose to use this method, then it is extremely important to document your server’s virtual network configuration, as the import / export has been known to wreck havoc on virtual network configurations. For the best results, I recommend turning off your virtual machine (rather than placing it into a saved state) before exporting it.

The other option is to simply configure your virtual machines to not use a particular adapter. You could then go to the parent partition and unbind the virtual network switch protocol, and allow the parent partition to communicate with the adapter directly. Again though, this method is a little bit messy and less than ideal. Your best option is to simply configure the Hyper-V server to reserve a network adapter for the host operating system during the initial installation process.

Conclusion

As you can see, there are several different limitations that come into play when you are configuring Hyper-V to interact with physical network adapters. Although Hyper-V does require you to play by its rules, you shouldn’t take this to mean that Hyper-V itself is limited in its capacity to provide connectivity to virtual machines. In fact, Hyper-V allows you to create an unlimited number of virtual networks, and each virtual network that you create can accommodate up to 512 virtual machines.

There is also a great deal of flexibility in the virtual machines themselves. Each VM can be configured with up to twelve different virtual network connections. Of these connections, eight can use virtual network adapters, while up to four can be bound to legacy network adapters.

In Part 5 of this series, I want to talk some more about multi adapter configurations, specifically with regard to allocating physical adapters to specific virtual machines or to storage pools. Later on in this series, I will also talk about VLANs as they relate to Hyper-V.

If you would like to read the other parts in this article series please go to:

Featured Links