3.2 Adding and configuring virtual network adapters
You can use the Add Hardware page of the virtual machine
settings dialog box in Hyper-V Manager to add new virtual network
adapters to your virtual machine. You can choose from two types of
virtual network adapters to add:
-
Network adapter Originally
called a synthetic network adapter in the
first version of Hyper-V, this type of virtual network adapter
relies on Integration Components being installed in the virtual
machine to ensure optimal performance. Operating systems such as
Windows Server 2008 R2 and later have Integration Components
built into them. When you use older operating systems for the
guest, you might need to install Integration Components in the
virtual machine.
-
Legacy network adapter This
type of virtual network adapter emulates a multiport DEC 21140
10/100TX 100-MB Ethernet adapter and is provided mainly for
three reasons:
-
To support legacy guest operating systems that do not
support the installation of Integration Components.
-
To support non-Windows guest operating systems for
which Hyper-V does not provide Integration
Components.
-
To support network-based installations. (Legacy
network adapters have the ability to boot to the Pre-Boot
Execution Environment [PXE] to start the network-based
installation process.)
Note
Support for legacy network adapters
Legacy network adapters are not supported in the 64-bit
edition of Windows Server 2003 or the Windows XP Professional x64
edition.
Once a virtual network adapter has been added to your virtual
machine, you can configure the adapter by selecting the appropriate
page in the virtual machine settings dialog box as shown in Figures 4, 5, and 6. The configuration settings available for the
network adapter type of virtual network adapter are as
follows:
-
Virtual switch You can
connect the virtual network adapter to a different virtual
switch on the host or even remove all connectivity if
needed.
-
Enable virtual LAN
identification You can enable VLAN identification and
specify a VLAN ID to segment or isolate network traffic for the
virtual network adapter.
-
Bandwidth Management This
feature allows you to specify how much network bandwidth the
virtual network adapter should use for communications over the
connected virtual switch.
-
Virtual machine queue (VMQ)
This technology allows supported network adapters to use
hardware packet filtering to deliver packet data from an
external virtual machine network directly to the virtual
machine. The effect is to reduce the overhead of routing and
copying packets from the management operating system to the
virtual machine. VMQ is enabled by default on new virtual
network adapters.
-
IPsec task offloading This
technology allows supported network adapters to perform IPsec
processing to reduce the processing load on the host. IPsec task
offloading is enabled by default on new virtual network
adapters.
-
Single-root I/O
virtualization SR-IOV-capable network adapters can be
assigned directly to a virtual machine to maximize network
throughput while minimizing network latency and the CPU overhead
required for processing network traffic. Implementing SR-IOV
requires host firmware, such as Intel VT-d, that supports SR-IOV
and an SR-IOV-capable network adapter and driver installed in
both the management operating system and the virtual
machine.
-
MAC address You can
configure a virtual network adapter to obtain its MAC address
dynamically from the pool of available MAC addresses configured
on the host, or you can assign a static MAC address to the
adapter.
-
MAC address spoofing This
feature helps protect the virtual machine against attempts to
use ARP spoofing to steal IP addresses from the virtual machine
by allowing the virtual machine to change the source MAC address
in outgoing packets to an address that is not assigned to
it.
-
DHCP guard This feature
helps protect the virtual machine against Dynamic Host
Configuration Protocol (DHCP) man-in-the-middle attacks by
dropping DHCP server messages from unauthorized virtual machines
pretending to be DHCP servers.
-
Router guard This feature
allows you to specify whether the router advertisement and
redirection messages from unauthorized virtual machines should
be dropped.
-
Port mirroring With this
feature traffic sent to or from a Hyper-V Virtual Switch port is
copied and sent to a mirror port so it can be analyzed by
network diagnostic and performance tools.
-
NIC Teaming Also known as
load balancing and failover (LBFO), this
feature allows multiple virtual network adapters to be
configured as a team for the purpose of bandwidth aggregation or
to ensure traffic failover in order to prevent connectivity loss
in the event of the failure of a network component. NIC teaming
is supported at both the host and guest levels in Windows Server
2012, and it can be configured in the guest if the physical
network adapters of the host do not support it.
You can also use Windows PowerShell to view, add, remove, and
configure virtual network adapters of both the network adapter type
and legacy network adapter type. For example, let’s say you want to
add a second virtual network adapter to a virtual machine, connect
it to a virtual switch on the host, and enable both DHCP Guard and
Router Guard on the adapter. To do this, you could begin by using
the Get-VMNetworkAdapter cmdlet to display a list of virtual network
adapters installed on the virtual machine:
PS C:\> Get-VMNetworkAdapter -VMName SRV-B
Name IsManagementOs VMName SwitchName MacAddress Status IPAddresses
---- -------------- ------ ---------- ---------- ------ -----------
Network Adapter False SRV-B CONTOSO Virtua... 00155D0BE600 {}
Next you can use the Add-VMNetworkAdapter to create the new
adapter and connect it to the desired virtual switch:
PS C:\> Add-VMNetworkAdapter -VMName SRV-B -VMNetworkAdapterName "Network Adapter 2" `
-SwitchName "MANAGEMENT Virtual Switch"
You can then use the Get-VMNetworkAdapter again to verify the
result:
PS C:\> Get-VMNetworkAdapter -VMName SRV-B
Name IsManagementOs VMName SwitchName MacAddress Status IPAddresses
---- -------------- ------ ---------- ---------- ------ -----------
Network Adapter False SRV-B CONTOSO Virt... 00155D0BE600 {}
Network Adapter 2 False SRV-B MANAGEMENT V... 000000000000 {}
You can pipe the output of the preceding command into the
Format-List cmdlet to determine whether DHCP Guard and Router Guard
are already enabled on the adapter:
PS C:\> Get-VMNetworkAdapter -VMName SRV-B -VMNetworkAdapterName "Network Adapter 2" `
| Format-List DhcpGuard,RouterGuard
DhcpGuard : Off
RouterGuard : Off
Now use the Set-VMNetworkAdapter to enable both of these
features on the adapter:
PS C:\> Set-VMNetworkAdapter -VMName SRV-B -VMNetworkAdapterName "Network Adapter 2" `
-DhcpGuard On -RouterGuard On
Running Get-VMNetworkAdapter again verifies the result:
PS C:\> Get-VMNetworkAdapter -VMName SRV-B -VMNetworkAdapterName "Network Adapter 2" `
| Format-List DhcpGuard,RouterGuard
DhcpGuard : On
RouterGuard : On
