Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET

The Hyper-V Virtual Switch: An Overview

In this post I will give you an introduction to Hyper-V virtual switch, including the basics behind it, the three types of virtual switch, System Center Virtual Machine Manager (SCVMM) logical switch. I’ll also discuss what role Hyper-V virtual switches play in networking your virtual machines.

Hyper-V Virtual Switch Basics

Consider how you network a physical server:

  • The server has one (or more) NIC.
  • That NIC is connected to a switch port.
  • The switch port is an attribute of a physical switch.
  • That access switch is connected to the rest of the physical network.

A Hyper-V virtual switch is not that different to an access switch:

  • A virtual machine has one (or more) virtual NIC.
  • That virtual NIC is connected to a virtual switch port.
  • The virtual switch port is (and here is where it is different) an attribute of the virtual NIC (more on this later).
  • The virtual switch is connected to a physical NIC or NIC team in the host.
  • The host’s NIC or NIC team is connected to the rest of the physical network.

Hyper-V Virtual Switch: NIC Team

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

The virtual switch connects virtual machines to the rest of the physical network.

Let’s get back to the switch port being an attribute of the virtual NIC. When we do network configurations on a physical switch, such VLAN tagging, we implement those configurations on a switch port. The same happens (under the covers) with a Hyper-V switch port. A physical server rarely moves, but when it does, we have to reconfigure the new switch port. A virtual machine can move very frequently. By making the switch port an attribute of the virtual NIC, any assigned network policy moves with the virtual machine, so there is no need to re-implement network policy for the VM.

The Hyper-V virtual switch implements functionality such as QoS, VLAN tagging, bandwidth limits, and so on, even though those settings are revealed by the virtual NIC. The virtual switch also implements other advanced features such as Port ACLs.

3 Types of Virtual Switch

There are three types of virtual switch that you can create in Hyper-V.

  • External: This is the most common kind of virtual switch. VMs connected to this switch can communicate with other VMs on the physical network, the host, and other networked physical entities.
  • Internal: VMs on an internal network can talk to other VMs on that same internal network that are running on that host, and the host. Rarely do you see internal virtual switches used outside of a lab.
  • Private: When connected to a private virtual switch, VMs are limited to communications with VMs on the same private network that are running on that host. This approach is sometimes used for network isolation but communications are constrained within a host. In production, you are better off deploying a firewall protected VLAN or using Hyper-V Network Virtualization (Software-Defined Networking).

Note that any communications to and from a VM are subject to security rules that are applied, such as physical firewall (gateway) rules, Port ACLs, and so on.

System Center Virtual Machine Manager (SCVMM) Logical Switch

If you plan on using SCVMM to deploy hosts, network, or to use Hyper-V Network Virtualization then you should use SCVMM to deploy a logical switch. This is not a cross-host shared virtual switch, but it is a logical switch in terms of unified configuration and management from the VMM console. SCVMM cannot import preexisting virtual switches; you must deploy the logical switch from SCVMM in order to take advantage of the advanced concepts that System Center can offer.


Since WS2012, the Hyper-V virtual switch has been able to add on (not replace, as with other virtualization platforms) layers of third-party functionality. There are three kinds of extension that can work with packets as they flow to/from virtual NICs through the virtual switch stack:

  • Capture: These are tools that can observe packets. An example is the network monitoring product by InMon.
  • Filtering: This type of extension can intercept packets. An example is the security solution by 5nine.
  • Forwarding: You can have a single forwarding extension in a virtual switch. This adds functionality for third-party switch management, such as the Cisco Nexus 1000V.

Note that you can add multiple extensions to a single virtual switch. Only the forwarding type has a limitation (one per switch).

Hyper-V extensible Virtual Switch

The Hyper-V extensible virtual switch.

Microsoft’s software-defined networking solution, Hyper-V Network Virtualization (HNV), was added in WS2012. However, HNV was incompatible with virtual switch extensions in that version. This is no longer the case since WS2012 R2; an extension can work with VM network packets as they pass through the layers of the virtual switch.

Related Topics:

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: