HYPER-V R2 Networking – How to configure management and VM networks

Hi All :-)

I see very often confusion around the configuration of the hyper-v networking and the creation of the virtual networks (Hyper-V). Therefore I will try to give you here an short / simple overview how you can configure your Hyper-V Host networking environment in regards to best practice which ensures the reliability and availability of your virtualized workloads.

Generally there are three different types of networks available :

image

EXTERNAL

External networks are mainly used for "”PUBLIC” communication = provide VMs access to network where physical NIC is connected which is used for EXTERNAL network creation. NOTE: For high availability and throughput reasons NIC teaming is possible here, but must be supported from NIC manufacturer.

INTERNAL

Internal networks are dedicated on the Hyper-V host only, The difference between an PRIVATE network here is only, the virtual adapter (loopback) which will be created on host with an INTERNAL network. This loopback adapter can be used to get TCP/IP access to the INTERNAL network from the HOST only. For this you need to assign an IP address from the IP subnet which you want to access.

PRIVATE

An private network is private only = no TCP/IP communication from host to VMs possible = isolated VMs/network. 

1. EXTERNAL (VM <-> PUBLIC NETWORK ACCESS)

This network type must be used when you need external “PUBLIC” connectivity for your Virtual Machines. VMs or better their virtual network adapters (vNIC) which are bound in their VM settings to this network will have logical access to the same network as the underlying physical NIC (pNIC) connected is. Hope that is so far clear Winking smile

In R2 (SP1) Hyper-V systems it is possible AND best practice to have an DEDICATED pNIC for the VM networking. This is configurable trough the setting “ALLOW MANAGEMENT OPERATING SYSTEM TO SHARE THIS NETWORK ADAPTER”. If you want to give the physical network adapter (pNIC) dedicated to the VM network traffic then UNCHECK this setting!

image_thumb1

An Best Practice Example with minimum 2 physical NIC ports where both are connected to same network/subnet. One physical NIC is used for management traffic to Hyper-V host system and 2nd physical NIC is exclusively for the VM traffic. Each VM which are connected to the Virtual Switch in Hyper-V does have network access to the underlying connected network/subnet.

image

The effect of “Allow management OS to share this network adapter” setting is:

Checked => Adapter is shared with OS and Hyper-V

Unchecked => Adapter is DEDICATED to Hyper-V ONLY

For lab/test environments the physical adapter can also be shared (Checked : “Allow management OS to share this network adapter”) but it is not a recommended scenario for production usage! Physical server-class NICs are also a recommendation here!

EXAMPLE:

When I create here an “EXTERNAL” network which is called “PUBLIC – EXTERNAL” here and bound to my HP NC373i which is connected to VLAN1 (192.168.0.x) then each VM which are later connected to this virtual network will have access to VLAN1 – of course if their IP settings are correctly set Winking smile In addition there will no Virtual Adapter (Switch) created as in RTM times as we had chosen to dedicate the pNIC for this External switch and will therefore NOT be shared ! You will monitor in the properties of your selected pNIC that Hyper-V will unbind all protocols (except 3rd Party Management Software) A.e.: In my case,  the used HP NC373i adapter – Added New Protocol –> “Microsoft Virtual Network Switch Protocol” ONLY!

image

NOTE : no further IP communication to host via this adapter is possible as this adapter will now be exclusive used by Hyper-V virtual machines which are connected to the belonging external VSwtich!

2. INTERNAL (HOST <-> VM)

The network type “INTERNAL” should be used when you require ONLY VM INTERNAL networking communication. The “speciality” here is, an virtual NIC (loopback) adapter will be created on the host where you then can configure an IP from the VM Network IP segment and would therefore gain network access into the VM “INTERNAL” network subnet.

image

EXAMPLE:

When I create here an INTERNAL network called “New INTERNAL Network” where I do required HOST <-> VM INTERNAL ONLY communication – IP Network 10.0.1.x – this action will automatically create an vNIC (earlier Virtual Server times = similar to loopback adapter) on my Hyper-V Host. Now I can configure an IP address of that (INTERNAL) IP segment (a.e. 10.0.1.99) and I would be able to communicate from HOST to GUEST or vice versa via network TCP/IP communication.

image

Now, there will be an “Virtual” NIC created on my Hyper-V Host where I can configure the TCP/IP settings of the VMs IP network range: image

3. PRIVATE (Same Host: VM <-> VM ONLY)

This network should be used when you want to create an VM ONLY networking (PRIVATE) WITHOUT host access. This is mainly used when you want to establish an totally secure and separated network environment for testing purposes (security, cloning, restore…). Here you will not be able to establish an network communication between HOST and GUEST – the only possible method here for data exchange between host and guest is the Hyper-V ISO sharing method !

image

At example :

When I create here an PRIVATE network called “My PRIVATE Network” there will no (vNIC) created on the Hyper-V HOST like in example with INTERNAL network. This PRIVATE Hyper-V internal virtual network switch will be later selectable in the “available” network list where you can connect your Virtual Machines virtual network adapters (vNIC) to it. This will establish an VM-VM communication if the TCP/IP settings are configured correctly.

image

Hope that helps a bit to an general understanding around the configuration for Hyper-V R2 networks and the usage scenarios.

Again, It is BEST PRACTICE to configure dedicated physical adapters and separate the VM and management network traffic!

Additionally here are in addition some more useful links and published documentation around Hyper-V networking :

UNDERSTANDING HYPER-V NETWORKING

USING HYPER-V AND FAILOVER CLUSTERING

HYPER-V – GETTING STARTED

HYPER-V – LIVE MIGRATION NETWORK GUIDE

If you still have any questions please let me know.

Stay tuned…. Winking smile

Regards

Ramazan

About these ads

Tags: , , ,

15 Responses to “HYPER-V R2 Networking – How to configure management and VM networks”

  1. Scott Says:

    According to the Hyper-V documentation, you can use the internal type of network to do host > VM as well as VM > VM (if the VM’s are running on the smae physical pc).

    • Ramazan Can [MVP Cluster] Says:

      Hi Scott,

      this is correct as documented in this blog post. An internal networks creates an “kind of” loopback adapter at the host, private will not. When you then assign an IP from your “internal” network range, then you can access from host the VMs network directly.

      Hope that helps.

      Regards
      Ramazan

  2. Linda Baxter Says:

    Fantastic to be browsing your website again, that continues to be weeks for me.

  3. Kevin Aleshire Says:

    Hi Ramazan, I have a new server with a total of 8 NICs. One dedicated for host machine management, 6 will be setup as external NIC’s with each one being dedicated to a specific VM, and the last will be setup for use by multiple different low utilizing VM’s.

    My question is, will it be best to also setup a Private network on each of the 6 VM’s with dedicated external NIC’s. This way the 6 VM’s can have direct access to each other without having to leave the server to hit the physical switch and come back to the server to talk with each other.

    Or does this create other problems???

    • Ramazan Can [MVP Cluster] Says:

      Generally the idea is good but it really depends how much network traffic do you expect later? A gigabit theoretic throughput is ~120MB/s you need to think about if the physical underlying disks can handle all the I/O? Therefore I would start with single NIC and monitor network util and if required add private network. This is from routing possible only important thing is do never use more than 1 default gateway and cross check your routing tables ;))

      Btw, why do you not NIC team all 6? I think depends on driver but traffic could be handled locally without switch interaction

      Just my 2 cents
      Ramazan Can

      • Kevin Aleshire Says:

        A lot has happened since i posted that question last year, namely I’ve learned quite a lot about the real network utilization or our servers, and Hyper-V in general. I am actually on the verge of migrating our Hyper-V environment from stand alone servers to a new Hyper-V cluster with each node having a quad port NIC that will be setup with NIC teaming and attached to our new Fibre Channel SAN for a better high availability environment.
        Thanks for the reply, great things are on the way for our environment soon. :)

      • Ramazan Can [MVP Cluster] Says:

        Yeah correct :) was really busy last year… Ohh yes, if you are currently moving to a clustered environment I would recommend to overlook 2012 RTM which hypervisor is very stable and more tight I integration into cluster. Also lot of great improvements for network and storage virtualization….great storyboard with system center ;))

  4. Stu Says:

    Great article. We use Hyper-V Failover Cluster Manager to monitor the networks. The problem is when you uncheck the “allow mgmt os to share this network adapter” for our virtual machine external virtual network (which we have teamed) it then disappears from the FCM console and we can’t monitor it from here. Is there any way of fixing this?

  5. Denzel Marimuthu Says:

    Hi Guys

    I’m a bit lost still, here is what i want to do:
    I have a physical cable from my switch to my host (192.168.1.20(static))
    I then created 2 vm servers on the host. how would i configure the Hyper-v to produce addresses for these VM? also remember on of the servers will have a DHCP running.
    PS this is a test lab :)
    Server 2012 sp1 HYPER-V

    Kind Regards
    Denzel

  6. Prince Says:

    Thanks for clarifying this but Microsoft Virtualization in Windows 2008 R2 still sucks compared to VMware and XenServer! It is completely Rediculous.

  7. Kristofer Says:

    It’s hard to come by experienced people about this topic, but you seem like you know what you’re
    talking about! Thanks

  8. Ramazan Can [MVP Cluster] Says:

    when you create a new private switch a new adapter will be created at host level. At this newly created adapter you can now configure ip settings from same subnet to establish a network connection between Host and VM which is also connected to this private switch

    Hope that helps
    Ramazan

Any further thoughts? Let me know here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

Join 49 other followers

%d bloggers like this: