Starting with NDIS 6.30 in Windows Server 20 12, the extensible switch interface will create an operation port to host the extensible switch network adapter connection. In some cases, extensible switch interfaces create authentication ports before creating operation ports for Hyper-V subpartitions. The verification port is used to verify the settings of the operation port of the extensible switch virtual machine (VM) of the network adapter to be connected to the sub-partition.

Note that in Hyper-V, subpartitions are also called virtual machines.

This authentication port was created under the following conditions:

First create a virtual machine. When the virtual machine is turned on, the authentication port will be deleted and the operation port will be created in its place.

The virtual machine enters the saved state. When the virtual machine is restored and turned on, the verification port will be deleted and the operation port will be created in its place.

For more information, see Hyper-V Scalable Switch Save and Restore Operations.

The virtual machine was stopped and shut down. When the virtual machine is turned on, the authentication port will be deleted and the operation port will be created in its place.

The virtual machine is being migrated to another host in real time. After the virtual machine is created and turned on in the newly created host, the authentication port will be deleted and the operation port will be created in its place.

After the authentication port is created, the extensible switch interface will send an OID request to download the port policy of the port. Because these ports are created for policy verification and confirmation, for example, when a virtual machine is configured for the first time, the verification that occurs must be applied at configuration time, not at runtime. Extensions should perform the following types of policy validation for these ports:

Grammar verification. If the value is not in the correct format, the validation will fail.

Range verification. If the setting does not meet the expected range of minimum and maximum values, this verification will fail.

Applicability verification. If the settings are not applicable to the expandable switch, this verification will fail. For example, a policy profile that defines an external network service level agreement (SLA) does not apply to an expandable switch that cannot access an external network interface.

Conflict detection. If this setting conflicts with other settings already set on the same port, the verification will fail.

When expanding an expandable switch to verify the port and policy settings of the authentication port, it must follow the following guidelines:

Because the verification port is temporary, the expansion must not verify and fail the policy and configuration settings that the current expansion switch cannot meet.

For example, an expandable switch that supports up to 10 Gigabit bandwidth may only have 1 Gigabit bandwidth to reserve at present. The extension will verify the port properties that remain beyond 1 Gigabit bandwidth. When you create an operation port, you should perform such verification instead. This is because the settings being verified can still be applied to working ports with available bandwidth. This allows the system administrator to initially configure the VM without being limited by runtime constraints.

Extensions must not allocate or reserve resources for authentication ports. For example, the bandwidth reservation setting on the verification port should not be subtracted from the available bandwidth of the expandable switch. Reservation should only be made when creating an operation port.