How to Configure Hyper-V Network Virtualisation on Windows Server 2012 R2

Hyper-V Network Virtualisation (HNV) in Windows Server 2012 R2 allows multiple virtual networks to share the same physical network infrastructure while remaining logically isolated from each other. This enables multi-tenant environments, simplifies VM mobility across different physical subnets, and is the network foundation for private cloud deployments using System Center Virtual Machine Manager (SCVMM). This guide covers the concepts, virtual switch configuration, and PowerShell-based setup of HNV policies.

Understanding Hyper-V Network Virtualisation

HNV separates the VM network addresses (Customer Addresses, or CAs) from the physical host network addresses (Provider Addresses, or PAs). Virtual machines use their CA space for communication, unaware that their packets are being encapsulated and transported over the physical PA space. This abstraction is achieved using the NVGRE (Network Virtualisation using Generic Routing Encapsulation) protocol.

Key concepts:

  • Customer Address (CA): The IP address the VM uses — visible to the guest OS
  • Provider Address (PA): The physical host’s IP address used for transport
  • VSID (Virtual Subnet ID): A 24-bit identifier that isolates virtual networks (similar to VLAN IDs but with a much larger namespace)
  • Lookup Table: Maps CA-to-PA-to-VSID, maintained by the HNV policy layer

Prerequisites

  • Windows Server 2012 R2 Hyper-V hosts
  • The Hyper-V role with virtual switch configured
  • Understanding of your CA and PA address spaces
  • PowerShell with the Hyper-V and HNV modules
  • Optionally: SCVMM 2012 R2 for centralised HNV policy management (manual PowerShell steps shown here)

Step 1 — Create a Virtual Switch with PA Binding

Create an external virtual switch bound to the physical NIC that carries provider-space traffic:

New-VMSwitch -Name "HNV-Switch" -NetAdapterName "Ethernet 2" -AllowManagementOS $false

The PA address for the host is configured on the physical NIC (or a team interface), not on the vSwitch. The switch should not be used for host management traffic when HNV is active.

Step 2 — Configure VM Network Adapters for HNV

Attach VMs to the HNV switch and configure them with customer-space IP addresses through normal OS configuration. The virtualisation policy is applied at the vSwitch level, not inside the guest.

Add-VMNetworkAdapter -VMName "TenantVM01" -SwitchName "HNV-Switch" -Name "CA-NIC"

Step 3 — Configure HNV Policy via WMI/PowerShell

Windows Server 2012 R2 HNV policies are configured via the WMI provider for Hyper-V networking. The following shows how to manually configure an HNV lookup table entry mapping a VM’s CA to the host’s PA:

# Get the network adapter's port ID:
$VMNetAdapter = Get-VMNetworkAdapter -VMName "TenantVM01" -Name "CA-NIC"
$PortID = $VMNetAdapter.Id

# Define variables:
$CustomerAddress = "10.0.1.10"
$ProviderAddress = "192.168.1.51"  # Host physical IP
$VSID = 5001
$MACAddress = $VMNetAdapter.MacAddress

# Create the virtualisation policy (using the VirtualizationEndpoint WMI class):
$HNVPolicyService = Get-WmiObject -Namespace "rootvirtualizationv2" -Class "Msvm_VirtualEthernetSwitchManagementService"

In practice, manual HNV policy management via raw WMI is complex. Most enterprise deployments use SCVMM 2012 R2, which provides a higher-level abstraction. For standalone environments, the Windows Network Controller (introduced in Server 2016) provides REST-based HNV management. On Server 2012 R2 without SCVMM, the primary use of HNV is through the provided PowerShell module:

Import-Module NetworkControllerDiagnostics

Step 4 — Configure Virtual Subnets with SCVMM (Overview)

With SCVMM 2012 R2, HNV policy is managed through VM networks and logical networks. The key steps are:

  1. Create a logical network with Network Virtualisation enabled in SCVMM
  2. Create IP pools for CA and PA spaces
  3. Create VM networks under the logical network (each gets a unique VSID)
  4. Connect VMs to the VM network — SCVMM automatically programs the HNV lookup tables on all Hyper-V hosts

Step 5 — Configure Virtual Switch Extensions for HNV

HNV in Windows Server 2012 R2 uses the built-in virtualisation extension on the Hyper-V virtual switch. Verify the extension is enabled:

Get-VMSwitch -Name "HNV-Switch" | Get-VMSwitchExtension | Where-Object { $_.Name -like "*Virtualisation*" -or $_.Name -like "*Virtualization*" }

If the Microsoft Hyper-V Network Virtualization Filter Driver extension is not enabled:

Enable-VMSwitchExtension -VMSwitchName "HNV-Switch" -Name "Microsoft Hyper-V Network Virtualization Filter Driver"

Step 6 — Configure Provider Address on the Host

Each Hyper-V host participating in HNV must have a Provider Address configured. This is assigned to the physical NIC (the one connected to the HNV-Switch):

# Configure the PA on the host's physical NIC:
New-NetIPAddress -InterfaceAlias "Ethernet 2" -IPAddress "192.168.1.51" -PrefixLength 24 -DefaultGateway "192.168.1.1"

Step 7 — Verify NVGRE Encapsulation

When HNV is active, traffic between VMs on different hosts is encapsulated in NVGRE. You can verify encapsulation is occurring by capturing traffic on the physical NIC and observing GRE-encapsulated packets (Protocol 47). On the guest OS, ping from one VM to another in the same virtual subnet:

ping 10.0.1.11

The ping should succeed even if the physical hosts are on different subnets, demonstrating that the CA-space routing is working correctly.

Step 8 — Configuring Multi-Tenant Network Isolation

The power of HNV is the ability to have overlapping IP address spaces across tenants. Two different tenants can both use the 10.0.1.0/24 range in their CA space, identified by different VSIDs:

  • Tenant A: CA 10.0.1.10, VSID 5001 → PA 192.168.1.51
  • Tenant B: CA 10.0.1.10, VSID 5002 → PA 192.168.1.51

Despite having the same CA IP, these VMs are completely isolated because their VSID values differ. NVGRE encapsulation carries the VSID in every packet, so the receiving host knows which virtual network each packet belongs to.

Viewing HNV Configuration

# List all VM network adapter settings including virtualisation:
Get-VMNetworkAdapterRoutingDomainMapping | Format-Table -AutoSize

# Check switch port settings related to HNV:
Get-VMNetworkAdapter -VMName "TenantVM01" | Select-Object MacAddress, IPAddresses, SwitchName

Summary

Hyper-V Network Virtualisation in Windows Server 2012 R2 enables flexible, scalable multi-tenant networking on shared physical infrastructure through NVGRE encapsulation, CA/PA address separation, and VSID-based network isolation. While manual PowerShell-based configuration is possible, the full power of HNV is best realised through SCVMM 2012 R2, which automates lookup table programming across all hosts and provides a management layer for VM networks, logical networks, and IP pools. HNV is a fundamental building block for private cloud infrastructure and VM mobility beyond VLAN boundaries.