Is it possible, using Hyper-V 2012R2, to construct a Virtual Switch internal to Hyper-V (no external connectivity necessary or desired), where one switch participant (VM 0 in the diagram below) has a trunk interface, and the remaining VMs (VM 1 … VM n in the diagram below) each have access ports to the virtual switch tagged with the a particular VLAN ID.
_______________________________________________________
| Hyper-V host |
| |
| _____ _____ ______ ______ |
| | VM0 | | VM1 | | VM 2 | ... | VM n | |
| | | | | | | | | |
| |_____| |_____| |______| |______| |
| |:| eth0 | eth0 | eth0 | eth0 |
| |:| trunk | vlan 1 | vlan 2 | vlan 3 |
| |:| | | | |
| ================================================= |
| Virtual Switch |
|_______________________________________________________|
For instance, untagged packets leaving the eth0 interface of VM2 would be tagged with VLAN tag 2 as they pass to the virtual switch. They would then egress through the the trunk port toward VM0, where they would arrive in the the VM through eth0 of that VM, and (if this was a linux VM) be readable on eth0.2, i.e. the VLAN tagging would be evident to VM0. Similarly traffic egressing eth0 of VM0 tagged with VLAN tag 2 would enter the virtual switch with that tag in place, and the tag would be stripped prior to sending it to VM2, where it would appear on VM's eth0 interface untagged.
If so, how is this tagging achieved? I'm not a Hyper-V expert, and the only documentation I can find talks about the whole of the switch being in trunk mode or access mode. Clearly the switch needs to carry VLAN tags, but I need to put different ports into trunk or access mode. Is this possible without an external interface? I also neither want or need connectivity to the Hyper-V parent partition.
FAQ:
-
I realise I could have one virtual switch per VLAN in the above configuration, but don't want to do that as VM0 would have to have a large number of network interfaces and this would use many virtual switches.
-
This config works fine on VMware and Linux, and isn't as odd as you might think.
-
The line drawing is terrible, apologies.
-
I am quite prepared to do this programatically rather than through the GUI if that is necessary.
Best Answer
You can create a trunk link to VM.
https://technet.microsoft.com/en-us/library/hh848475.aspx
Generally your command will be like:
As far us I understand you will need to have all VMs to have trunk NIC.
Native Vlan in Hyper-V used to mark all outgoing traffic, so if you'll have VM0 NIC trunk with native vlan 50 and all other in allowed, and VM1 NIC access with Vlan 1. Then VM1 -> VM0 successfull but VM0 -> VM1 is not.(under -> I mean send packets and if they are delivered to destination, and it's not necessary guaranties successful reverse flow)
So, your VM0 should have some common to all machines VLAN X as native vlan and all needed vlans from all other VM's in allowed vlan list. Any other VM should have it's unique VLAN as native and VLAN X in allowed.
For example:
Here VM0 -> Any VM = successful, Any VM -> VM0 = Success, and VMn -> VMm (if "n" and "m" are not 0) = fail.
Hope it helps & sorry for any grammar mistakes.