The Hyper-V Virtual Switch: An Overview

In this post I will give you an introduction to Hyper-V virtual switch, including the basics behind it, the three types of virtual switch, System Center Virtual Machine Manager (SCVMM) logical switch. I’ll also discuss what role Hyper-V virtual switches play in networking your virtual machines.

Hyper-V Virtual Switch Basics

Consider how you network a physical server:

  • The server has one (or more) NIC.
  • That NIC is connected to a switch port.
  • The switch port is an attribute of a physical switch.
  • That access switch is connected to the rest of the physical network.

A Hyper-V virtual switch is not that different to an access switch:

  • A virtual machine has one (or more) virtual NIC.
  • That virtual NIC is connected to a virtual switch port.
  • The virtual switch port is (and here is where it is different) an attribute of the virtual NIC (more on this later).
  • The virtual switch is connected to a physical NIC or NIC team in the host.
  • The host’s NIC or NIC team is connected to the rest of the physical network.

Hyper-V Virtual Switch: NIC Team

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

The virtual switch connects virtual machines to the rest of the physical network.

Let’s get back to the switch port being an attribute of the virtual NIC. When we do network configurations on a physical switch, such VLAN tagging, we implement those configurations on a switch port. The same happens (under the covers) with a Hyper-V switch port. A physical server rarely moves, but when it does, we have to reconfigure the new switch port. A virtual machine can move very frequently. By making the switch port an attribute of the virtual NIC, any assigned network policy moves with the virtual machine, so there is no need to re-implement network policy for the VM.

The Hyper-V virtual switch implements functionality such as QoS, VLAN tagging, bandwidth limits, and so on, even though those settings are revealed by the virtual NIC. The virtual switch also implements other advanced features such as Port ACLs.

3 Types of Virtual Switch

There are three types of virtual switch that you can create in Hyper-V.

  • External: This is the most common kind of virtual switch. VMs connected to this switch can communicate with other VMs on the physical network, the host, and other networked physical entities.
  • Internal: VMs on an internal network can talk to other VMs on that same internal network that are running on that host, and the host. Rarely do you see internal virtual switches used outside of a lab.
  • Private: When connected to a private virtual switch, VMs are limited to communications with VMs on the same private network that are running on that host. This approach is sometimes used for network isolation but communications are constrained within a host. In production, you are better off deploying a firewall protected VLAN or using Hyper-V Network Virtualization (Software-Defined Networking).

Note that any communications to and from a VM are subject to security rules that are applied, such as physical firewall (gateway) rules, Port ACLs, and so on.

System Center Virtual Machine Manager (SCVMM) Logical Switch

If you plan on using SCVMM to deploy hosts, network, or to use Hyper-V Network Virtualization then you should use SCVMM to deploy a logical switch. This is not a cross-host shared virtual switch, but it is a logical switch in terms of unified configuration and management from the VMM console. SCVMM cannot import preexisting virtual switches; you must deploy the logical switch from SCVMM in order to take advantage of the advanced concepts that System Center can offer.


Since WS2012, the Hyper-V virtual switch has been able to add on (not replace, as with other virtualization platforms) layers of third-party functionality. There are three kinds of extension that can work with packets as they flow to/from virtual NICs through the virtual switch stack:

  • Capture: These are tools that can observe packets. An example is the network monitoring product by InMon.
  • Filtering: This type of extension can intercept packets. An example is the security solution by 5nine.
  • Forwarding: You can have a single forwarding extension in a virtual switch. This adds functionality for third-party switch management, such as the Cisco Nexus 1000V.

Note that you can add multiple extensions to a single virtual switch. Only the forwarding type has a limitation (one per switch).

Hyper-V extensible Virtual Switch

The Hyper-V extensible virtual switch.

Microsoft’s software-defined networking solution, Hyper-V Network Virtualization (HNV), was added in WS2012. However, HNV was incompatible with virtual switch extensions in that version. This is no longer the case since WS2012 R2; an extension can work with VM network packets as they pass through the layers of the virtual switch.

Related Topics:

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: