Share via

Understanding Hyper-V Virtual Networks - Part 1 - Switching basic concepts

  • Article

A lot of people keep asking me why the lose Network communication with their host, what's a VLAN, and many more things. So I'm going to try to show how things work internally from the Networking point of view. I'll try to explain what all Virtual Networks, VN from now on, really are and in coming post I'll try to explain each of these VNs.

For those people a little bit familiar with physical switches: A Virtual Network is pretty much the same as a Physical Switch. It has ports where you connect your machines, configure ports with trunk mode, access mode, native VLANs and connect them with other switches.

But, I don't understand, what's a Hyper-V Virtual Network?

A Virtual Network is a software logic, part of Hyper-V that sends and receives packets in the layer 2 of the OSI model to the desired destination (switching). This can be a Virtual Machine (a Hyper-V Guest), the Host (Hyper-V Server) or the outter world.

What does that mean? Does Hyper-V Virtual Networks do packet routing?

What it means is that Hyper-V Virtual Networks do not understand the layer 3 of the OSI model. In other words, VNs don't perform IP routing because VNs do not deal with IP addresses.

Can Virtual Networks connect to each other?

No, well, at least not using Hyper-V. You need an external device to do such a thing

What are VLANs?

VLAN stands for Virtual LAN. VLANs is an extension to the layer 2 that adds a tag to the Ethernet Packet indicating a VLAN ID. With these tags, Physical Switches and VNs can differentiate the LAN segment to which a packet belongs.

What are the advantages of VLANs?

With VLANs you can have separate traffic within the same physical switch (and within the same VN). For each VLAN, the VN keeps a separate forwarding table (Content Addressable Memory, CAM table) with the MAC addresses and the ports associated.

Switch Ports and VN ports can work in two modes:

  • Access Mode:  When configured in this mode, the fraffic flowing through the port is not tagged and all traffic belongs to the same VLAN (VLAN ID). The packets are plain Ethernet packets, but the VN (and the physical switch) knows that the packets on that port belongs to the confrigured VLAN
  • Trunk Mode: When configured in this mode, the traffic flowing through the port is tagged. The VLAN ID indicated on the tag tells the switch to what VLAN the packet belongs to.

Let's see a couple of pictures. In the first one we can see the physical connections (Layer 1) where a router, a web server a firewall and a database server with the port configuration showed in the picture:

Phsyical Connections using VLANs

In the picture above you can see that all network devices are connected to the switches what can make you think all of them can connect to each other. However, we can take a closer look to the VLAN mode and VLAN ID configured in each port.

  • Only devices within the same VLAN can connect to each other.
  • All ports where a server, router or firewall is connected have access mode configured, this means that there is no need to configure any VLAN information in such devices. They are unaware of the VLANs.
  • The cable connecting both Switches is connected to one port of each switch with analog configuration, trunk mode and VLANs 12 and 32 are transferred through the same link.

Finally the next picture shows the layer communications between the devices. I left the physical switch on the back to make it easier to identify where the VLANs reside

Logical Networks

  • VLAN 12 connects the router and the web server through the trunk link
  • VLAN 22 connects the web server and firewall within the same switch
  • VLAN 32 connects the firewall and the database through the trunk link as VLAN 12. Both of them travel on the same cable but traffic is kept separated. The router and the web server  cannot communicate  the database directly but through the firewall

I hope this post helps understanding what a VLAN is and how they are used to provide communications between different devices.

In upcoming posts I'll talk about the Hyper-V approach to implement Virtual Networks (virtual objects analog to Physical Switches)