In-depth introduction to the networking mode of VMware

We all know that VMWare has three network modes: Bridge, NAT, and Host-Only. VMWare believes that the three network modes can be used to build the desired network topology. In fact, this is also the case. If you are proficient in the network, you can easily understand the network configuration mode of VMWare. However, even so, because VMWare is just a virtual machine, there is no visual topology display. This article provides a visual illustration of the three network modes. In addition, the VMWare help document also provides a detailed introduction to VMNet.
Www.2cto.com I. Bridge mode, as the name suggests, is the Bridge mode. The NIC in the virtual machine is directly bridging the network segment of a physical Nic on the host machine. As follows:

This method is often provided for lazy people like me. However, in non-DHCP scenarios, IP address conflicts are easily caused. Therefore, if you do not have to configure the virtual machine in a CIDR block, do not use the Bridge mode. The network topology in Bridge mode is as follows: www.2cto.com
II. in NAT mode, the virtual machine Nic is hidden in a NAT device. in the outside world, only the host physical Nic can be seen, or even the NAT device cannot be seen, the NAT device silently switches the source address of the connection from the VM, as shown in:

However, there is a detail about how the diamond is implemented, and how VMWare models a consistent NAT device under different host operating systems. To achieve consistency and simplicity, VMWare uses a user-mode connection proxy to implement NAT devices. Therefore, a NAT device is actually a user-mode process that performs address translation, as shown in: www.2cto.com

The so-called address translation is not a real IP address translation, but a proxy. The connection initiated in the virtual machine is completely intercepted in the NAT process of the host machine. Then, the NAT process steals the bar and replaces the connection in the virtual machine to initiate a separate connection to the destination, and then communicates with the destination, then forward the data to the virtual machine. We can illustrate this through a simple experiment: 1. only the local TCP syn packet is allowed to be sent, and any back packet iptables-a output-p tcp -- tcp-flags SYN-j ACCEPT is prohibited.
Iptables-a output-j DROP
Iptables-a input-j DROP
2. Establish a tcp connection to Baidu in the Virtual Machine telnet 74.125.128.94 803. view the file descriptor lsof-p 271-n of the User-mode nat process on the host
...
Vmnet-nat 271 root 7u IPv4 0xffffff8017b62160 0t0 TCP 192.168.1.101: 49256-> 74.125.128.94: http (ESTABLISHED)
... 4. Conclusion: Only syn packets can be sent from the VM. However, the connection to 74.125.128.94 in the host has been established, indicating that the nat process is a user-mode connection proxy. The same conclusion can also be observed through tcp packet capture. How can this problem be observed? Simply view the serial number. The serial number and confirmation number of the captured packets in the virtual machine are connected to the "same connection" captured on the host machine (actually not a connection, but a proxy) but we know that regular NAT only modifies Five Elements and does not modify the serial number.

It can be seen that as NAT is a proxy, the NAT mode may cause Inaccurate statistics on the TCP connection of the target host. For example, in the above experiment, the virtual machine clearly does not have a successful connection destination, however, the host's NAT process has already established a TCP connection. When using the NAT mode, you need to know all the side effects it brings. Finally, the network topology of the NAT mode is as follows:
III. The Host-Only mode is actually the most pure mode. The virtual machine is directly connected to a NIC (Virtual Network Card) of the Host, as shown in:

But how does a VM in Host-Only mode connect to the Internet? A virtual machine can treat the host machine as a router, so the remaining problem is how to configure the router. The following steps are required: 1. in a VM, point the default gateway to the virtual network card vmnet1 of the host machine. If you are not in trouble, you can configure Host Routing 2. turn on the host machine's routing function Linux: sysctl-w net. ipv4.ip _ forward = 1
Mac OS: sysctl-w net. inet. ip. forwarding = 1
Windows: Open the IPEnableRouter registry entry of the Tcpip
3. select one of the following methods. 3. 1. Configure SNAT. Linux uses iptables to configure SNAT for the egress Nic; Mac OS uses natd and ipfw to configure; Windows uses "shared" For nic to configure 3. 2. configuring a pure route mainly solves the problem of returning routes. However, many Internet server routes cannot be configured. Therefore, this network topology Only applies to the Host-Only mode in the experimental environment is as follows:
4. vnnetX meaning VMWare virtualizes several NICs in the host machine. These NICs are actually L2 or L3 network devices with multiple ports. This article has not mentioned DHCP so far. In fact, in each networking mode, a DHCP server can insert the ports of these virtual devices to assign IP addresses to the NICS in the virtual machine. Www.2cto.com

By default, VMWare provides three virtual NICs: vmnet0 and vmnet0. vmnet0 is invisible to the outside. It is actually a pure link layer Bridge, and the Bridge device does not have any layer-3 functions, one port of the Bridge is a physical Nic of the host machine. Vmnet1 is dedicated to Host-Only, and vmnet8 is dedicated to NAT. Both virtual network cards have three-layer functions and can be configured with IP addresses. They are actually a visible network card on the Host machine, these two NICs are also Bridge devices, but the Brdige does not Bridge any physical NICs on any host machine.