This article is a work in progress based on adam's blog post at:
http://blogs.msdn.com/adamfazio/archive/2008/11/14/understanding-hyper-v-vlans.aspx and the whitepaper "Understanding Networking with
Hyper-V." Please add your best practice advice.
Table of Contents Backgrounders:Hyper-V Networking Best PracticesHyper-V in the DMZUnderstanding Hyper-V VLANs TroubleshootingCommunity Resources See Also
When considering Hyper-V for server consolidation in a DMZ it is recommended not to run VMs of vastly differing trust levels on the same physical host in production environments (i.e. do not consolidate all DMZ boxes on one physical host). Instead, the
recommendation is to consolidate all the front-end boxes on one physical server and do the same for the back-end, depending on the workloads.
Before reading this article ensure you are familiar with basic concepts associated with a
VLAN, as well as the network policies and security goals of your environment. The focus of this troubleshooter is using VLAN IDs with Hyper-V.
A VLAN ID is the integer which uniquely identifies a node as belonging to a particular VLAN. As per the 802.1Q specification, the VLAN ID itself is encapsulated within the Ethernet frame, which is how multiple VMs using the same physical NIC can communication
on different VLANs simultaneously.
First, ensure that your physical NICs support VLAN tagging and that this feature is enabled.
NOTE: You should set the VLAN ID on either the Virtual Switch or the individual Virtual Machine’s configuration, not at the physical NIC. The VLAN ID on the Virtual Switch is the one used by the managment operating system (also sometimes called
Host or Parent Partition). The VLAN ID setting on the individual Virtual Machine’s settings is what each VM will use.
NOTE: You can assign only one VLAN ID on the Virtual Switch. The V-Switch (parent partition) can operate on one VLAN, and the VMs (child partitions) can operate on different VLANs.
An 802.1q trunk carrying 3 VLANs (5, 10, 20) is connected to a physical adapter in the host
A single virtual switch is created and bound to the physical adapter
The VLAN ID of the virtual switch is configured to 5 which would allow the virtual NIC in the parent to communicate on VLAN 5
The VLAN ID of the virtual NIC in Child Partition #1 is set to 10 allowing it to communicate on VLAN 10
The VLAN ID of the virtual NIC in Child Partition #2 is set to 20 allowing it to communicate on VLAN 20
Ensure you are using the latest NIC drivers, and that they support VLAN tagging and that they are enabled
To enable: go to Control Panel, Network Connections, Properties of NIC, Configure, Advanced
Ensure the trunk is properly configured on the physical switch that the Host's V-Switch is using.
If you need further help please try the Hyper-V TechNet forums
The hands of health care has been a useful article.