Understanding Hyper-V VLANs

  • Article

(please note part II to this post which covers other advanced scenarios) 

 

If you are interested in this feature, it’s assumed you are familiar with the basic concept of a VLAN. Therefore I’ll focus just on using VLAN IDs with Hyper-V here. A VLAN ID is the integer which uniquely identifies a node as belonging to a particular VLAN. As per the 802.1Q specification, the VLAN ID itself is encapsulated within the Ethernet frame, which is how multiple VMs using the same physical NIC can communication on different VLANs simultaneously.

Firstly, you need physical NICs which support VLAN tagging and you need to enable the feature. However, you should generally not set the VLAN ID at the physical NIC, it should be set on either the Virtual Switch or the individual Virtual Machine’s configuration. The VLAN ID on the Virtual Switch is what the Host or Parent Partition uses. The VLAN ID setting on the individual Virtual Machine’s settings is what each VM will use.

VLAN ID setting at the Host’s Virtual Switch

 

 

 

VLAN ID setting at the Virtual Machine

 

When creating an External network in Hyper-V, a virtual network switch is created and bound to the selected physical adapter. A new virtual network adapter is created in the parent partition and connected to the virtual network switch. Child partitions can be bound to the virtual network switch by using virtual network adapters. The diagram below illustrates the architecture.

 

 

 

In addition to the above scenarios, Hyper-V also supports the use of VLANs and VLAN IDs with the virtual network switch and virtual network adapters. Hyper-V leverages 802.1q VLAN trunking to achieve this objective. To utilize this functionality, a virtual network switch must be created on the host and bound to a physical network adapter that supports 802.1q VLAN tagging. VLAN IDs are configured in two places:

· The virtual network switch itself which sets the VLAN ID the parent partition’s virtual network adapter will use

· The virtual network adapter of each guest which will sets the VLAN ID the guest will use

 

The diagram below illustrates an example of using a single physical NIC in the host which is connected to an 802.1q trunk on the physical network carrying three VLANs (5, 10, 20). The design objective in this example are:

· An 802.1q trunk carrying 3 VLANs (5, 10, 20) is connected to a physical adapter in the host

· A single virtual switch is created and bound to the physical adapter

· The VLAN ID of the virtual switch is configured to 5 which would allow the virtual NIC in the parent to communicate on VLAN 5

· The VLAN ID of the virtual NIC in Child Partition #1 is set to 10 allowing it to communicate on VLAN 10

· The VLAN ID of the virtual NIC in Child Partition #2 is set to 20 allowing it to communicate on VLAN 20

 

The expected behavior is that there is a single virtual switch, the parent and two children can only talk on their respective VLANs, and they can’t talk to eachother.