Many virtual machines can be connected to the same virtual networks, and one nice
feature is that if multiple virtual machines on the same Hyper-V host are connected to
the same external network and communicate over that network, the traffic never goes
to the physical network adapter. The Hyper-V networking stack is smart enough to
know that the traffic is going to another VM connected to the same switch and directly
passes the traffic to the VM without ever touching the physical network adapter or
physical network.
When you start creating virtual switches, it’s important to use a consistent naming
scheme across all hosts for the switches. This is important because when a virtual
machine is moved between Hyper-V hosts, it looks for a virtual switch with the same
name as its existing virtual switch connection on the target host. If there is no
matching virtual switch, the virtual network adapter will become disconnected—and
therefore the virtual machine will lose connectivity. Consistent naming is critical in
failover clusters, where virtual machines can freely move between cluster nodes. With
the Windows Server 2012 and above capability of moving virtual machines between
any host with no shared resources and no downtime, it’s important to have consistent
virtual switch naming between all Hyper-V hosts. Take some time now to think about
a good naming strategy and stick to it.
It’s also possible to create access control lists, called extended port access control lists,
within the virtual switch to allow and block communication between virtual machines
connected to the switch based on IP address, protocol, and port. Additionally, stateful
rules can be created to allow communication only when certain conditions are met.
Microsoft has a detailed walk-through on using the ACLs at the following location:
http://technet.microsoft.com/en-us/library/dn375962.aspx
When using Software Defined Networking v2, even richer sets of traffic control are
available through the built-in datacenter firewall and other types of extensions.
Creating a Virtual Switch
When the Hyper-V role is enabled on a server, you are given an option to create an
external switch by selecting a network adapter on the host. If you choose this option, a
virtual switch will already be present on the host and will be automatically configured
to allow the management operating system to share the adapter so that an extra
Hyper-V virtual Ethernet adapter will be present on the Hyper-V host. In general, I
prefer not to create the virtual switches during Hyper-V role installation but to
configure them post-installation. Also, as you will read later, if your deployment is a
production deployment and you’re using System Center, then Virtual Machine
Manager can do all of the switch configuration for you. I will, however, walk you
through manually configuring virtual switches:
1 . Launch Hyper-V Manager.
2 . Select the Virtual Switch Manager action from the actions pane.
3 . In the navigation pane, select New Virtual Network Switch, and in the details pane,