Virtual Network in VMware (by quqi99)

Virtual Network in VMware (by quqi99)

Author: Zhang Hua published in: 2013-03-27
Copyright NOTICE: You can reprint, reprint, please be sure to hyperlink form to indicate the original source of the article and author information and this copyright notice (http://blog.csdn.net/quqi99)

Introduction: Hyper-V needs to be installed on the physical machine that supports virtualization, but there is no physical machine. How to do it. Is through VMware to virtual, more valuable is, virtual out of a virtual machine can also support hardware virtualization, here can be in the VMware virtual machine to install Hyper-V. On the one hand, to do the VLAN side of the experiment, the VMware virtual network to understand the principles.

1 installing VMware Workstation 12.1.0 for Linux,

sudo apt-get install libcanberra-gtk-module:i386
sudo./vmware-workstation-full-12.1.0-3272444.x86_64.bundle
2 Create a virtual machine with VMware to install Windows Server, give 16G of hard disk space, and enable the Hyper-V role here. The network is the VMware NAT mode.
2.1 Because it is virtualized on the virtual machine, make sure that the processors in the VMware Virtual machine setting option enables virtualize Intel vt-x/ept or ADM-V/RVT and virtualize CPUs Performance counters These two options, see: http://hi.baidu.com/cjp19882009/item/a72f743636b42880f4e4ad6e or http:// communities.vmware.com/docs/doc-8970/
2.2 Modify the configuration file/run/media/hua/e/vmwareimage/windowsserver2012/windowsserver2012.vmx and add the following two lines.
Hypervisor.cpuid.v0 = "FALSE"
mce.enable = "TRUE"
2.3 Finally, close the Windows Server 2012 firewall.
2.4 Create a network bridge br-int in Hyper-V manager, it complains: the virtual machine ' s operating system has attempted to enable promiscuous mode on ADAPTE R Ethernet0. This isn't allowed for the security reasons. Please go to the Web page "http://vmware.com/info?id=161" for help enabling promiscuous mode in the virtual machine.
Soyou need to manually set the network card Vmnet8 (NAT mode using VMNET8) to promiscuous mode, because the VMNET8 network adapter is installed by the root user, and VMware Workstation is initiated through the normal user Hua. Changes to Linux that do not use udev directly with/dev are as follows:
Http://blog.martinshouse.com/2011/05/vmware-on-linux-promiscuous-mode.html
[Hua@zhanghua windowsserver2012]$ sudo groupadd vmwaregroup
[Hua@zhanghua windowsserver2012]$ sudo usermod-a-g vmwaregroup Hua
[Hua@zhanghua windowsserver2012]$ id Hua
uid=1000 (Hua) gid=1000 (Hua) groups=1000 (Hua), 1001 (LIBVIRTD), 1002 (Vmwaregroup)
[Hua@zhanghua windowsserver2012]$ sudo chgrp vmwaregroup/dev/vmnet8
[Hua@zhanghua windowsserver2012]$ sudo chmod g+rw/dev/vmnet8
[Hua@zhanghua windowsserver2012]$ Ll/dev/vmnet8
crw-RW----1 root vmwaregroup 119, 8 January 20:41/dev/vmnet8
[Hua@zhanghua windowsserver2012]$ sudo chmod a+rw/dev/vmnet8
[Hua@zhanghua windowsserver2012]$ Ll/dev/vmnet8
Crw-rw-rw-1 Root Vmwaregroup 119, 8 Mar 09:49/dev/vmnet8
sudo service vmware restart

The above method disappears after the system restarts, A more permanent fix are to edit/etc/init.d/vmware on the Host and by adding the lines in red:
# Start the virtual Ethernet kernel service
Vmwarestartvmnet () {
Vmwareloadmodule $vnet
"$BINDIR"/vmware-networks--start >> $VNETLIB _log 2>&1
Chgrp vmwaregroup/dev/vmnet*
chmod a+rw/dev/vmnet*

After the above is set, when the client uses a grab tool like Wireshark, it will set the client's NIC to promiscuous mode, and VMware will automatically set the Vmnet8 into promiscuous mode (Ifconfig vmnet8 promisc).

The following verification, Netif5 is indeed iff_promisc.Netif5 refers to the kernel of the virtual network card device, USERIF17 is a user-implemented NAT device character device interface, hub8.x is a network bridge in a port。
[Root@zhanghua vmnet]# cat/proc/vmnet/hub8.0
Connected Netif5 TX 23
[Root@zhanghua vmnet]# cat/proc/vmnet/Netif5
Connected hub8.0 mac 00:50:56:c0:00:08 LADRF 00:00:00:00:00:00:00:00 flags Iff_running,iff_up,iff_promisc DevVmnet8
[Root@zhanghua vmnet]# cat/proc/vmnet/hub8.1
Connected USERIF17 TX 0
[Root@zhanghua vmnet]# cat/proc/vmnet/userif17
Connected hub8.1 mac 00:50:56:E3:D1:E0 LADRF 00:00:00:00:00:00:00:00 flags iff_running,iff_up,iff_broadcast Read 0 Written 0 queued 0 dropped.down 0 dropped.mismatch dropped.overflow 0 dropped.largepacket 0
[Root@zhanghua vmnet]# cat/proc/vmnet/hub8.2
Connected Userif18 TX 0
[Root@zhanghua vmnet]# cat/proc/vmnet/userif18
Connected hub8.2 mac 00:50:56:f6:3a:6b LADRF 00:00:00:00:00:00:00:00 flags iff_running,iff_up,iff_broadcast,iff_ Allmulti Read written 0 queued Dropped.down 0 dropped.mismatch 0 dropped.overflow 0 dropped.largepacket 0

To illustrate, VMware does not use the kernel to implement NAT, because Ipforward=0, it is forwarded by VMNET-NATD.
[Root@zhanghua vmnet]# Ps-ef|grep vmnet-natd
Root 9921 1 0 13:25? 00:00:00/usr/bin/vmnet-natd-s 12-m/etc/vmware/vmnet8/nat.mac-c/etc/vmware/vmnet8/nat/nat.conf
For example, the VM has an IP of 172.16.138.128, and the/etc/vmware/vmnet8/nat/nat.conf file defines NAT gateway address as 172.16.138.2, or Dnat rule example: 8080 = 172.16.3.128:80
[Host]
# NAT Gateway Address
IP = 172.16.138.2
[INCOMINGTCP]
#8080 = 172.16.3.128:80
It is clear thatVMware is the natd of TCP communication with the VM's virtual network card process, which means that Ethernet frames are fetched from the/dev/vmnet8 ( vmnet8 equals Br-tun) to remove the destination IP and protocol. Then you and the remote communication。

Here's how the command demonstrates how to create a VMware bridge:
Vmnet-bridge-n 4-i eth2-d/var/run/vmnet-bridge-4.pid-1vmnet4
MKNOD/DEV/VMNET4 C 119 4
vmnet-netifup-d/var/run/vmnet-netifup-vmnet4.pid/dev/vmnet4 Vmnet4
Ifconfig eth2 0.0.0.0 proimsc up
Using the bridge in the virtual machine, add the following command-line contents to the VMX file:
Ethetnet0.connectiontype = "Custom"
Ethernet0.vnet = "Vmnet4"

The foreigner here has a suggestion that it is better to use bridge rather than NAT, as follows:
You'll be able to boot your guest VM, and use Wireshark or whatever in the guest.   Just remember! Your VM Guest ' s network Adapter must is set to bridged (connected directly to the physical network), not NAT (used to Shar E The host ' s IP address).

2.5 about VLANs in VMware
There are three different ways to VLAN in VMware, see VMware ESX Server 3 802.1Q Solution: http://wenku.baidu.com/view/90b76687ec3a87c24028c4b9.html
1, VGT in the virtual machine is labeled, the Port Group vlan_id property set to 4095 (the equivalent of the port group is set to truck), and in the virtual machine run 802.1Q VLAN trunking Drive.
2,est in the external switch tag, the default behavior, the port group's vlan_ID property is 0, equivalent to disable off the port group's tag function.
3,vst on VMware's virtual switches, VMware uses the concept of port groups, so if you want to define a VLAN, define a port group and set the value of the vlan_ID property (1-4094) on the port group. Then the virtual machine is associated with the port group.
To configure a VLAN on the portgroup using the VMware infrastructure/vsphere Client:
Click the Esxi/esx host.
Click the Configuration tab.
Click the networking link.
Click Properties.
Click the virtual switch/portgroups in the Ports tab and click Edit.
Click the General tab.
Assign a VLAN number in VLAN ID (optional).
Click The NIC teaming tab.
From the Load balancing dropdown, choose Route based on originating virtual Port ID.
Verify that there's at least one network adapter listed Active under.
Verify the VST configuration using the ping command to confirm the connection between the Esxi/esx host and the Gateway in Terfaces and another host on the same VLAN.

Note:for additional information on VLAN configuration of a virtualswitch (vSwitch) port group, to the configuring a VLAN on A PortGroup (1003825).

To configure via the command line:
Esxcfg-vswitch-p "Portgroup_name"-V vlan_id virtual_switch_name
See also article: Sample configuration of Virtual Switch VLAN tagging (VST Mode) (1004074)
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004074

So if you want to set ESX to trunk mode (VGT), you need to do two things:

1 Configure a port group, vlan_id Association is 4095, step as above.

2 This VGT mode also requires a specific virtual machine network card driver (802.1Q VLAN trunking driver is required inside the virtual machine.)

See: Sample Configuration of Virtual machine (VM) VLAN Tagging (VGT Mode) in ESX (1004252)

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004252

3 Configure the physical network card into promiscuous mode Promisc, the steps are:

Log into the Esxi/esx host or vcenter Server using the vsphere Client. Select the Esxi/esx host in the inventory. Click the Configuration tab. In the hardware section, click Networking. Click Properties of the virtual switch for which your want to enable promiscuous mode. Select the virtual Switch or portgroup you wish to modify and click Edit. Click the Security tab. From the Promiscuous Mode dropdown menu, click Accept.

2013-04-05 Plus:

Using VMware's virtual machine to do VLAN-related network experiments, pay attention to the use of e1000 network card, it is by default Vmnet3 is a semi-virtualized network card is not good for VLAN support. Includes two levels, one is VMware to set the virtual machine to use e1000 network card, the other is the virtual machine to install e1000 driver (available lspci |grep ETH command to view the type of network adapter). In addition, using the VGT mode, where VMware's virtual switch is trunk, the port group is configured with a vlan_id of 4095

2013-04-26, to sum up, this VMware on the virtual machine to do the control node, a physical machine to do compute nodes to do the VLAN experiment, to ensure:

In the virtual machine to play tag (such a virtual machine internal network card driver to support VLANs best with e1000, and open the 8021q module modprobe 8021q), so that hypervisor (VMware) virtual Network Bridge and virtual machine connected to the port to support trunk.

Similarly, if the virtual machine is a Hyper-V to do the control node, its own physical machine to do compute nodes to do VLAN experiments, the principle of the same.

In 1,hyper-v, set trunk on the port on the virtual switch where a virtual NIC is located,

Get-vmnetworkadapter-vmname "scem1-hvsce_0415"
Set-vmnetworkadaptervlan-vmname "scem1-hvsce_0415"-trunk-nativevlanid 1-allowedvlanidlist 1-4094- Vmnetworkadaptername "Sce_data_nic2"

See: howto:fully virtualized Lab using Hyper-V 3.0 and GNS3 http://forum.gns3.net/topic5735.html

2, Modprobe 8021q

3, as for the NIC driver problem in Hyper-V, it seems unable to install e1000,

Using commands (ethtool-i eth2 &&sudo modinfo HV_NETVSC) You will find that the virtual machine in Hyper-V is using Windows ' own HV_NETVSC NIC driver.

This website says (http://stackoverflow.com/questions/14389722/ hyper-v-network-adapter-drivers) Hyper-V in the network card is divided into emulated and synthetic two categories, I understand that the former is a half-virtualization network card, the latter is the normal network card. However, to install the normal network card, you also need to install an additional drive integration Service, Windows XP has brought this driver, but for Linux to download the installation of their own, the latest version is 3.4, download the address: http:// www.microsoft.com/en-gb/download/details.aspx?id=34603, to support VLAN to install this driver. That's what a Web page from IBM says, http://pic.dhe.ibm.com/infocenter/tivihelp/v48r1/index.jsp?topic=%2Fcom.ibm.scp.doc_2.1.0%. 2finstalling%2fr_limits_hyperv.html