Hyper-V Virtual Network Management with VT Technology Management Utilities for Hyper-V

How to access advanced virtual switch features using VT Technology Management Utilities

Introduction

Fully understanding the Hyper-V virtual networking as well as managing the Hyper-V virtual switch to leverage its advanced functionality and follow best practices is a task that even seasoned system administrators may find challenging, partially due to the lack of the management tools that provide a unified view of the physical adapters, virtual networks/switches and Windows network connections.

A goal of this article is to introduce virtual network management functionality implemented in VT Technology Management Utilities for Hyper-V (vtUtilities) as well to demonstrate how it can be used to troubleshoot common virtual network management issues such as fixing connection binding for virtual adapters. We will also review some advanced virtual network switch features that can be easily accessed using vtUtilities virtual network manager.

Virtual Networks, Physical Network Adapters and Windows Network Connections

Hyper-V creates software-based or virtual network switch for each virtual network type created on the host (i.e. private, internal or external), see ‘Virtual Switch Management’ section below for more information. Virtual network ports can be added or removed dynamically when virtual machines are connected or removed from a corresponding virtual network on a host. Hyper-V also creates additional components in the parent partition for ‘internal’ and ‘external’ (when host OS is allowed to share corresponding physical adapter) virtual networks: virtual network adapters connected to the virtual switch that allow host to communicate through the virtual network. In last case host virtual and/or physical adapter network connections will be reconfigured with the default bindings or Microsoft Virtual Network Switch protocol binding when appropriate. Screens below illustrate how private, internal and external virtual networks with their corresponding physical adapters and network connections are represented in the vtUtilities Virtual Network Manager.

Private Virtual Network ‘P’ with two virtual machines connected to it.

Internal Network ‘I’ with two host virtual adapters and one virtual machine connected to it. Note two Windows Network Connections, i.e. ‘vEthernet (I)’ and ‘vEthernet (Second Host Connection)’ corresponding to this virtual network. There are no physical network adapters connected to the virtual switch in this case.

External Network ‘X’ with physical and virtual host adapters and virtual machines connected to a corresponding virtual switch. Note two connections, i.e. ‘vEthernet(X)’ and ‘Enthernet 2’ corresponding to this virtual network also reflecting a physical adapter connected to the virtual switch. ‘vEthernet(X)’ connection has default protocol bindings, while ‘Enthernet 2’ reflects the only virtual switch protocol binding for the physical adapter.

Please note that you can change default binding along with protocol properties on each network connection using Windows Network Connections interface. You can use vtUtilities Virtual Network Manager to view and edit bindings and protocol properties from a single user interface. This functionality is available even on hosts that don’t have Windows user interface as in case of Windows Server core installation or free Windows Hyper-V Server.

Advanced Virtual Switch Management

vtUtilities Virtual Network Manager provides unique functionality for Hyper-V virtual switch management such as user interface for virtual switch ports access as well as support for new switch functionality introduced in Windows Server 2012 such as port access control lists (ACLs) and multiple virtual NICs.

You can get user interface for switch port-level access by clicking ‘Ports...’ button in vtUtilities Virtual Network Manager. This interface shows all virtual switch ports, corresponding to the physical and virtual host adapters as well as virtual machines dynamic switch ports, reflecting guest virtual adapter type, state and MAC address as shown below.

In Hyper-V 2012 or higher you can add virtual adapters to host (for example, for management, live migration and such) witch a different VLAN and/or set of QoS policies assigned to each virtual NIC (see also about port ACL support below). vtUtilities Virtual Network Management provides user interface for this functionality. Screen below illustrates multiple parent virtual NICs created and shown in vtUtilities Virtual Network Manager.

Hyper-V virtual switch added new security features starting Windows Server 2012 including port access control lists (ACL). A port ACL is a rule specifying allowed or denied packets that can be sent via the switch port either from a host or virtual machines connected to the virtual switch. This rule is defined by local or remote address, direction and action. IPv4, IPv6 and MAC addresses are supported as well as address ranges and wildcards. Multiple rules (for example for different directions) can be defined giving a flexibility to define fine-grained security policies for virtual host or guest adapters. Meter ACL rules are also available to measure traffic sent in the specified direction to/from the specified address or address range. Screen below show vtUtilities user interface for defining and editing virtual switch port ACLs.