Sometimes if you need to create a number of Hyper-V virtual machines (or even containers), it can be helpful to create a Network Address Translation, or NAT network. NAT is the same technology that is used in consumer WiFi routers. It allows a series of non-routable IP addresses to be bound to a single connection point. In the case of Hyper-V, this connection point is going to be a Hyper-V virtual switch and the underlying virtual Ethernet adapter.
Create a Hyper-V virtual switch
Not surprisingly, the first step in creating a NAT network is to create a Hyper-V virtual switch. Although you can create a virtual switch using the Hyper-V Manager, let’s go ahead and use PowerShell instead.
The cmdlet used for virtual switch creation is New-VMSwitch. When you use this cmdlet, there are only two pieces of information that you will need to provide. First, you are going to have to assign a name to the virtual switch. For the sake of demonstration, I am going to call the virtual switch NAT.
The other piece of information that you will have to provide is the switch type. In this case, I am going to create an internal virtual switch, although I could have just as easily made the virtual switch external. So with that said, here is the command used to create the virtual switch:
New-VMSwitch -SwitchName “NAT” -SwitchType Internal
You can see how this command works in the figure below. Here I have used the Get-VMSwitch cmdlet to display a list of the previously existing virtual switches. I then created the new virtual switch, and then ran the Get-VMSwitch cmdlet again, to show that the newly created virtual switch has been added to the list of virtual switches.
Identifying the corresponding virtual Ethernet adapter
When you create a Hyper-V virtual switch, Hyper-V will automatically create a virtual Ethernet adapter that corresponds to the virtual switch. If you go back and look at the figure above, you can see, however, that my host server already had a virtual switch before I created the NAT switch. Hence, my Hyper-V server has three virtual Ethernet adapters. There is an adapter for the previously existing virtual switch, another adapter for the physical NIC, and a third adapter that corresponds to the NAT switch that I just created. Hyper-V differentiates between these adapters by using an IfIndex value. You can find the IfIndex value for the switch that you just created by entering the Get-NetAdapter cmdlet. If you look at the figure below, you can see my three adapters, and you can see that my NAT adapter’s IfIndex value is 37 (your adapter will probably have a different value).
Creating a NAT gateway
The third step in the process is to create a NAT gateway. In the world of IT, the term “gateway” can mean a lot of different things. In this case, the NAT gateway does not refer to a gateway VM or anything like that. Instead, creating a NAT gateway simply refers to the act of assigning a gateway IP address to the virtual Ethernet adapter that is being used by the newly created NAT virtual switch.
Because we are basing the NAT network around an internal virtual switch, I want to use a non-routable IP address range. Therefore, I am going to use 10.0.0.1 as the gateway IP address. You should use whatever IP address range suits your own needs.
In addition to the IP address, we are also going to need to specify a prefix length. The most commonly used prefix length for the IP address range that I am going to be using is 24. Using a prefix value of 24 is the same as using a subnet mask of 255.255.255.0. Twenty-four is also the most commonly used prefix value for other non-routable addresses such as 192.168.0.x and 172.16.0.x. The command used to set up the gateway IP address is New-NetIPAddress. Here is an example of how to use this command:
New-NetIPAddress -IPAddress 10.0.0.1 -PrefixLength 24 -InterfaceIndex 37
As you can see, this command is relatively straightforward, but you will notice that I had to supply an interface index. The interface index is the IfIndex that I looked up a moment ago. The figure below shows what this command looks like when run.
Taking a step back
So far, all we have done is to create a Hyper-V virtual switch and assign an IP address to the corresponding virtual Ethernet adapter. In fact, you can use the Hyper-V Manager to view the work that we have done in PowerShell. If I open the Virtual Switch Manager, for example, you can see the internal virtual switch named NAT that we created earlier.
Likewise, we can use Control Panel to view the IP address assignment that we have made through PowerShell.
Creating a NAT network
In spite of the work that we have done so far, we have not created a NAT. All we have done is to create a basic internal virtual network. To create a NAT, you will need to use a cmdlet named New-NetNat. Using this cmdlet requires you to provide two parameters — a network name, and an IP address prefix and subnet length. The network name can be anything. I will call my network BriensNAT. The internal IP address prefix is going to be based on the address and prefix length that you specified earlier. In my case, I will be using 10.0.0.0/24. Here is an example of the command:
New-NetNat -Name BriensNAT -ExternalIPInterfaceAddressPrefix 10.0.0.0/24
You can see what the NAT creation process looks like in the figure below.
Point to remember
At the beginning of this article, I compared a Hyper-V NAT to the NAT networks used by consumer-grade WiFi access points because of the way that these access points provision non-routable IP addresses to network endpoints, and then enable Internet access for those endpoints. There is, however, one key difference between the way that NAT networks work on consumer WiFi access points and the way that NAT works in the infrastructure that I have just shown you how to create. WiFi access points are able to provision network endpoints with IP addresses because the access point is configured to act as a DHCP server. The NAT network that we have just created will not contain a DHCP server until you create one, and therefore will not automatically provision clients with IP addresses unless you add a DHCP server.