Configuring Virtual Network Switches in “Viridian”


Welcome back everybody. I hope that you found on how to install the "Viridian" CTP to be both informative and educational. Before we move on to installing operating systems inside of VM, we should talk a little bit about how to configure virtual networking.

But first, here’s a quick lesson in the terminology we use. The host is the server that "Viridian" and the hypervisor are running on. The host is sometimes also called the parent, or the parent partition. The guest is the virtual machine that is getting resources from the host machine. It can also be referred to as a child or child partition.

In "Viridian", networking is accomplished through the use of virtual network switches. These are magical, invisible network switches that "Viridian" will "plug" your virtual machine into. Well, ok, they’re really not magical, but they are technically invisible since they don’t exist in any sort of physical sense.

There are three sorts of switches that you can create:

  • External – Allows guests to connect to the same network as the host network adapter.
  • Internal – Allows guests to connect to each other and to the host, but not any external networks.
  • "None" – Allows the guests to connect to each other, but not to the host, and not to any external networks.  Think of this as "Guest-only" networking.

To create a switch:

  1. Click Start / Administrative Tools / Windows Virtualization Management.
  2. In the left-hand pane, make sure that your "Viridian" server is selected. If it is not in the list, right-click on Virtualization Services and add it.
  3. In the right-hand pane, click Virtual Network Management.
  4. Choose the type of network switch that you want to add, and click Add.
  5. Change the name of the switch to something that makes sense to you – I typically name it after the type of connection that it offers.
  6. If you’re making an External switch, select the physical adapter you want the connections to go through from the list (you’ll notice that wireless adapters aren’t listed – 802.11x doesn’t provide everything we need to make this work, so they’re not usable).
  7. Click Apply / OK. You’ve just created yourself a Virtual Switch.

On a total side note, a few people have asked me about why I keep putting the word "Viridian" in quotes. "Viridian" is the codename for this technology, and I want to make sure that when I refer to it by the codename, it stands out. We will definitely not be calling it "Viridian" when it ships. 

"Viridian."  (I just couldn’t resist.)

Comments (7)

  1. Aitor Ibarra says:

    Can you say anaything about the NAT and VLAN capabilities of the virtual switches? I could see options for setting VLAN ID, but no NAT options (and no DHCP server option like Virtual Server 2005 has).

    Also, is the limit of 8 virtual NICs per VM going to stay?

  2. mikekol says:

    I didn’t have all the information I needed to answer your questions about this, so I spoke to Jeffery Kinsey – one of the developers of the "Viridian" networking stack about this – and here’s what he had to say:

    On the topic of VLANs:

    "The VLAN capabilities of the virtual switches is configured on every port of the switch (NOTE: switch ports are not exposed in the UI). The switch port can be in one of two VLAN modes. The first is access mode. When in access mode, the NIC connected to the switch port will never see packets tagged with VLAN IDs. Instead, all packets traveling from the NIC to the switch port will be tagged with the access mode VLAN ID as they leave the switch port. All packets traveling from the switch port to the NIC will have their VLAN tags removed. This is the only supported mode for virtual machines. The second mode is trunk. This mode is used for switch ports connecting to external NICs and is used to pass the VLAN tag through with minimal filtering."

    With respect to DHCP, the networking components in "Viridian" were designed to complement the services that are already present in Windows, such as a DHCP server.  These services are already quite mature, and it makes more sense to utilize those services than to roll our own.

    As for the 8 NIC limit, do you have a scenario where you require more than 8 NICs per VM?

  3. Earlier this week, I posted instructions on how to install the "Viridian" CTP on Windows Server 2008

  4. Aitor Ibarra says:

    Many thanks for following this up! I started a similar thread on technet : http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2201509&SiteID=17

    > 8 NICs scenario?

    Yep, I want to set up a VM as a router / firewall(perhaps running ISA 2006) and connect it to as many virtual switches as possible.

    My company is going to be providing web hosting services for virtual machines. I want to be able to give my customers trusted connections between my services (e.g. file shares, WSUS, DNS etc, mostly provided by my own VMs) and their VMs, without them to have them implicitly trust other customer’s VMs. The easiest way to achieve that is to give each customer a quarantined network and use something like ISA to control routing between networks.

    Only having 8 virtual NICs means that I would need one VM running ISA (or another router) for every 7 customer networks, which would be quite an overhead (although a lot better than the old limit of four!). It would seem to be far more efficient to either allow more NICs per VM, so one VM can act as a router for more networks, or put some basic routing capability into the virtual switches.

    Is there an issue with removing the limit, or at least raising it considerably?

    Or do you think there’s a better way to approach this problem?

  5. mikekol says:

    I spoke with our developer again, and he suggested that you keep all of the network infrastructure services on the host machine, and interface with the virtual switches and virtual networks that way.  It would get you past the 8 NIC limit, and, according to him, performance would be better.

    You should note, however, that it’s considered "Best Practice" to run Windows Server virtualization as the only service on a server for performance reasons.

  6. Aitor Ibarra says:

    Mike,

    Thanks for looking into this and sorry I missed your reply!

    It’s definitely an option to do it on the host, but there’s two reasons why I don’t like the idea (in addition to the best practice you mention)

    1) It reduces portability between physical hosts. Sure, NAT / RRAS setups can be scripted, and ISA configs can be moved, but if you’ve got everything in a VM it’s a lot easier to move it than to install windows on bare metal, install ISA / config RRAS.

    2) You can’t easily do tiered setups within one physical machine.

    Don’t get me wrong, 8 NICs is defnitely a great improvement over 4, but more would be very nice, even if there’s a performance penalty.

    cheers,

    Aitor