Explain the networking mode of VMware virtual machine

Everyone knows the three networking modes of VMWare, namely Bridge, NAT, Host-Only. VMWare believes that using these three networking modes can build any network topology, and in fact it is. If you are proficient in the network, it should be easy to understand VMWare's network configuration mode. However, VMWare is not just an image topology because it is just a virtual machine. This article simply gives a visual representation of the three networking modes. In addition, VMWare's help documentation also provides a fairly detailed introduction to the VMNet chapter.

A.Bridge mode

As the name implies, the Bridge mode is the bridge mode. The network card in the virtual machine is directly bridged to the network segment where a physical NIC of the host is located. Diagram is as follows: In many cases

This is a way to provide lazy like me, but in the case of non-DHCP, the IP address is likely to cause conflict, so if it is not necessarily the virtual If the machine is configured on a network segment, do not use the Bridge mode. Bridge mode network topology is as follows:

two .NAT mode

NAT mode is called a virtual machine card hidden in a NAT device after, in the outside world, only see host physical NIC, even not see the NAT device, the NAT device silently converted source address inside the virtual machine out of the connection, as shown below:

However, there is a The details, that is, how the diamond in the above figure is implemented, how VMWare simulates a consistent NAT device under different host operating systems. In order to achieve consistent and simple, user-mode connection using VMWare agent way to achieve the NAT device, the NAT device thus actually a user mode process, it performs address translation, as shown below:

The so-called address translation is not really an address translation in the sense of an IP network, but an agent. The connection initiated in the virtual machine is completely intercepted in the host's NAT process, and then the NAT process steals the link instead of the virtual machine to initiate a connection to the destination, then communicates with the destination, and then forwards the data to the virtual machine. We can illustrate this by a simple experiment:

1. Only allow local TCP syn packets to be sent, prohibit any return packets

iptables -A OUTPUT -p tcp --tcp- Flags SYN SYN -j ACCEPT iptables -A OUTPUT -j DROP iptables -A INPUT -j DROP

2. Establish a tcp connection to Baidu in the virtual machine

telnet 74.125.128.94 80 < Br>

3. View the file descriptor of the user state nat process on the host machine

lsof -p 271 -n ... vmnet-nat 271 root 7u IPv4 0xffffff8017b62160 0t0 TCP 192.168.1.101:49256 ->74.125.128.94:http (ESTABLISHED) ...

4. Conclusion

The virtual machine can only send the syn package, but the connection to the 74.125.128.94 host has been established. , indicating that the nat process is a user-mode connection proxy. The same conclusion can also be observed by tcp capture, how to observe? Very simple, you can view the serial number, the serial number and confirmation number of the data packet captured in the virtual machine and the "same connection" that is captured on the host machine (actually not a connection, but being proxyed) The serial number and the confirmation number are not consistent, and we know that regular NAT only modifies five elements and does not modify the serial number. It can be seen that since NAT is a proxy, the NAT mode may cause inaccurate statistics on the TCP connection of the destination host. For example, in the above experiment, the virtual machine obviously does not connect to the successful destination, but the NAT process of the host has established a TCP connection. With NAT mode, you need to know all the side effects it brings. Finally NAT mode network topology is as follows:

three .Host-Only mode

This mode is the most pure, the virtual machine and the host of a card (Virtual NIC) direct, nothing more, as shown below:

but how Host-only mode virtual machines connected to external networks do? The virtual machine can treat the host as a router. As a result, the remaining problem is how to configure the router. The following steps are required:

1. In the virtual machine, point the default gateway to the virtual network card vmnet1 of the host. If you are not too bothered, you can configure the host route

2. Open the host. Routing function

Linux:sysctl -w net.ipv4.ip_forward=1 Mac OS:sysctl -w net.inet.ip.forwarding=1 Windows: Open Tcpip's IPEnableRouter registry key

3. Select one of the following methods

3.1. Configure SNAT. Linux uses iptables to configure SNAT for export NIC; Mac OS uses natd and ipfw configuration; Windows uses NIC's "Share" to configure

3.2. Configure pure routing, mainly to solve the problem of backhaul routing, however many external network routing server configuration we can not, so this is only applicable to the experimental environment

network topology Host-only mode are as follows:

four meanings .vnnetX

VMWare virtualizes several NICs in the host. These NICs are actually Layer 2 or Layer 3 network devices with multiple ports. This article has not talked about DHCP so far. In fact, in each networking mode, a DHCP server can be inserted into the ports of these virtual devices to assign IP addresses to the network cards in the virtual machines. By default, VMWare provides three virtual network cards vmnet0/1/8. Vmnet0 cannot be seen by the outside world. It is actually a pure link layer bridge. The Bridge device does not have any Layer 3 function. One of the ports of the Bridge is A physical NIC of the host. Vmnet1 is specially used for Host-Only, vmnet8 is used exclusively for NAT. Both virtual network cards have three layers of functions, all of which can be configured with IP addresses. It is actually a network card visible on the host computer. In addition, These two NICs are also Bridge devices, but the Brdige does not bridge any physical NICs on any host.