In-depth understanding of VMware virtual Networks

This article is in contact with the Vmare virtual machine after graduation in the network part of the initiation of the article, quite worthy of study, let me realize that there are many unseen, know really too little. If I could have the same story,

Understanding the principles of VMware's network composition and understanding the network in the Vmare vsphere architecture can be a great help. It's even helpful for helping to understand a lot of VMware's modules: vmotion, HA, etc.

===========================================================

VMware Workstation is a very good virtual machine software, many enthusiasts use the VMware Workstation design a variety of implementation environment to do testing. The virtual network portion of VMware workstation is very powerful, but it is slightly more complicated for beginners. Based on this, this article will introduce VMware virtual network in depth, so that readers can understand the relationship between VMware Virtual network, so as to design a variety of complex WAN, LAN experimental environment to meet the needs of the reader's experiment. As VMware server is multiplied with VMware Workstation, the content of this article also applies to VMware server. At the same time, VMware Workstation's virtual network is the foundation of VMware Enterprise Products VMware ESX Server, and is familiar with VMware Workstation's virtual network to learn, use VMware Server also has a certain help function.

3.1 VMware Virtual Network overview

VMware Workstation (or VMware Server) is installed on a physical computer, which is called a "host", assuming that the host has a physical network card and is connected to a switch in the network, as shown in network topology 3-1.

Figure 3-1 Host physical Network

"Key point" VMware Workstation and VMware Server support Vmnet0~vmnet9 A total of 10 (virtual) network cards, for each virtual network card (VMNET0~VMNET9), Only one network attribute can be selected at a time: either use the host physical network card, or use the virtual network card.

In the VMware virtual network, there are two types of networks: one is "host-only Network" and the other is "NAT network". For VMware Workstation (or VMware Server) hosts, there can be multiple virtual network cards with the "host network only" feature, but only 1 virtual network cards have the NAT network attribute at the same time.

When installing VMware Workstation or VMware Server on the host, the default is to install 3 virtual network cards, the 3 virtual network card names are VMnet0, VMnet1, VMnet8, where the network property of VMnet0 is "physical network card", The network properties of VMnet1 and VMnet8 are "virtual network cards". in the default case, VMnet1 virtual network cards are defined as "host-only virtual networks", VMnet8 the virtual network card is defined as "NAT Network ", at the same time, the host physical network card is defined as" Bridge network ", the host physical network card can also be called VMnet0.

By default, VMware workstation virtual network topology relationship 3-2 is shown.

Figure 3-2 Virtual Machine network topology

In Figure 3-2, there are 3 virtual switches, 2 virtual network cards, 1 physical network cards, and a virtual router, which makes up the entire structure of the default virtual network. When VMware Workstation (or VMware Server) is installed, it randomly selects 2 address segments from the address of 192.168.x.0/24 (in a previous version, which also used the 172.16.0.0/12 address segment, but is soon discarded). The 1th address of each segment is assigned to the corresponding virtual network card (VMNET1 and VMNET8) for use.

In Figure 3-2, VMnet1 used 192.168.10.0/24, VMnet8 used the 192.168.80.0/24 address segment, which I used to use the address segment, you can according to their hobbies and habits set. If you want to modify these IP addresses, it will be described later in this article.

In Figure 3-2, there are 1 virtual DHCP servers that are not marked, the virtual DHCP server that is used to automatically assign IP addresses, subnet masks, and virtual machines that use VMnet1, VMnet8 (or other) virtual network cards (or connections to VMnet1, VMNET8 virtual switches). Parameters such as gateways and DNS.

3.2 Virtual machines and virtual network cards, Network properties

In VMware Workstation, each virtual machine can support up to 10 virtual network cards, which can be connected to different virtual networks (as needed), VMnet1, VMnet8, or VMnet0 virtual switches in example 3-2. There are two situations where you can choose a virtual network, one when you create a virtual machine, and then you modify the virtual network properties in virtual machine settings after you create the virtual machine.

(1) When creating a virtual machine, on the network Type page, in the Network Connection option group, select the virtual network to which the current virtual machine is connected, as shown in 3-3.

Figure 3-3 Network Properties

(2) After the virtual machine is created, modify the virtual machine settings, or you can modify the virtual network properties, as shown in 3-4.

Figure 3-4 Modifying virtual machine settings

Whether you are creating a virtual machine, choosing a network attribute, or on the Virtual machine Settings page, there are 3 choices for each virtual network card, namely, VMnet0 (Bridged network), VMNET1 (Host network only) and VMnet8 (NAT network), and one of the three connection properties that do not use network connectivity "is to indicate that the virtual network card is not connected to any network. The following describes the network properties when connecting to the VMnet1, VMnet8, VMnet0 virtual switches.

"description" (1) after VMware Workstation 6.0, the new "team" feature was added, and the team Virtual Switch was added to the team. Virtual machines in the team can use virtual switches in the team, in addition to virtual switches such as VMnet0, VMnet1, VMnet8, and so on.

(2) VMware Workstation (or VMware Server), in addition to VMnet0, VMNET1, VMnet8 virtual switches, can also create (or add) Vmnet2~vmnet7, VMNET9 and other virtual switches, The properties of these virtual switches can be selected between "host-only Network", "Bridging Network", and "Nat network".

3.3 VMnet1, VMNET8, VMnet0 virtual network card relationship

In VMware Workstation or VMware Server virtual machines, the network relationship between virtual machines and hosts can refer to the network topology shown in Figure 3-5.

Figure 3-5 Virtual machine vs. host network topology

In Figure 3-5, virtual machines A11, A12, ~, virtual machine A03, and so on, are virtual machines created by VMware Workstation (or VMware Server). Virtual machine A11, A12, A13 use VMNET1 (Host network only) virtual network card, in the network topology in Figure 3-5, "equivalent" to connect to the VMNET1 Virtual Switch, virtual machine A81, A82 use VMNET8 Virtual network card (NAT network, is equivalent to connecting to a VMnet8 Virtual switch), virtual machines A01, A02, A03 use VMnet0 virtual network cards (bridging networks, which are equivalent to connecting to VMnet0 virtual switches).

Physical Host B, which represents one or more computers in the same LAN as the physical host A. This is the "same local area network" that represents a computer that can be the same subnet (VLAN) or a different subnet.

Internet Computer Z, which represents another computer or server on an Internet network, can be one or more computers.

The relationship of Figure 3-5 is drawn as a network topology, as shown in 3-6.

Figure 3-6 Simplified network topology

The following describes the network relationships between each virtual machine and the host.

3.3.1 Virtual machine using VMNET1 virtual network card

When the virtual machine chooses to use the VMNET1 virtual network card, it indicates that the virtual machine is connected to the VMNET1 virtual switch.

VMNET1, the official definition of "host network only", its default network behavior, only with the host or other virtual machine using VMNET1 virtual network connection. Virtual machines that use the VMNET1 virtual network card cannot access other computers than the physical host.

In Figure 3-5 (Figure 3-6), the virtual machine A11, A12, and A13 use the VMNET1 virtual network card to indicate a connection to the VMNET1 virtual switch. In the network topology of Figure 3-5 (Figure 3-6), virtual machines A11, A12, A13, and physical host a can communicate with each other . The computer associated with VMnet1 in Figure 3-5 (Figure 3-6) is simplified into the topology shown in Figure 3-7.

Figure 3-7 VMnet1 Virtual network topology Figure 3-

1 How can a computer on the same switch communicate

In-depth understanding: "Can communicate with each other", this sentence means that when A11, A12, A13, A are connected to the VMNET1 virtual switch, these 4 computers can communicate with each other, but not necessarily can communicate. Why is it? If A11, A12, A13, a do not set the IP address of the same subnet, this cannot communicate with each other (access to each other), or although set the address of the same network segment, but A11, A12, A13, A has a firewall, prohibit other computer access, this is also unable to communicate.

Communication is possible only if A11, A12, A13, A are connected to the same virtual switch, and the network segment (IP address does not conflict), and there are no firewalls (or firewalls, but allow other computers to access them).

Small experiment: Create 1 VMS in VMware Workstation, VMnet1 the virtual network card, set the IP address of the same network segment as the host VMnet1, or set "Auto Get IP Address" in the virtual machine, turn off the host and virtual machine firewall, try to use "Network Neighborhood" Or, use the ping command to check that the virtual machine and the host can communicate with each other.

2 Note host multi-block network card

Also pay attention to the physical host A, there are three network cards on a (1 physical network cards, 2 virtual network cards), respectively, is VMnet1, VMnet8 and physical network (known as VMNET0), if A11, A12, A13 is 192.168.10.0/24 network segment of the computer, However, VMnet1 is not a 192.168.10.0/24 segment, but when you set the VMnet8 or VMnet0 to the same network segment as A11, A12, and A13 (for example, 192.168.10.0/24), A and A11 (or A12, A13) are not able to communicate.

3 computers on the same switch as long as the address of the same network segment can be

Also, it is necessary to note that while in "Virtual network Settings", the VMnet1 virtual network segment is set up using 192.168.10.0/24 network segments, but in use, when A11, A12, A13 are connected to the same virtual switch, as long as A11, A12, A13, Physical Machine A VMNET1 virtual network card, set the same network segment address (can be 192.168.10.0/24, can also be other network segments, but it is best not with VMnet8, VMnet0 Network segment conflict), A11, A12, A13, a can communicate with each other.

4 computers that use the VMNET1 virtual network card do not have access to the extranet by default

Computers that use the VMNET1 virtual network card cannot access the extranet, and the network cannot access the VMNET1 virtual network card. In the network of Figure 3-5 (Figure 3-6), virtual machines A11, A12, A13 and B, z have no network relationships and they cannot access each other.

3.3.2 Virtual machine using VMNET0 virtual network card

If the virtual machine uses bridge mode, which is VMnet0, the virtual machine is equivalent to a computer in the host network, and if the virtual machine chooses VMnet0 (or bridging the network), it connects to the host network through the VMNET0 Virtual Switch, and the host "VMnet0 the virtual network card" Whether to set IP address-independent.

As can be seen in the network topology of Figure 3-5 (Figure 3-6), if the virtual machine A01, A02, A03 use VMnet0 Virtual Switch, regardless of the host VMnet0 virtual network card, whether the correct IP address, subnet mask and gateway are set, as long as A01, A02, A03 sets the correct IP address, subnet mask, gateway, and other parameters to access other computers on the network other than the host (for example, b), and other computers on the Internet network (such as Z). VMnet0 virtual machine, virtual network topology 3-8, as shown.

Figure 3-8 VMnet0 Virtual Network

where B and Z, which can be physical computers, can also be virtual machines that use the VMNET0 virtual network card. In Figure 3-8, virtual machines (A01, A02, A03) that use VMnet0 can access each other with physical hosts A and b.

3.3.3 Virtual machine using VMNET8 virtual network card

If the virtual machine uses VMNET8, the virtual machine can access the network outside the physical host through the host network, one-way (from the virtual machine to the host, the extranet), and the network outside the host cannot access the virtual machine using VMNET8. But this premise is that the host to be able to access the external network (or other computers on the network), if the host can not access the external network, is configured to VMNET8 virtual network card virtual machine, also cannot access the extranet.

The virtual network and virtual machines in Figure 3-5 (Figure 3-6) with VMnet8 are simplified into figure 3-9.

Figure 3-9 VMnet8 Virtual Network

Host A's VMnet8 virtual network card, connected to the VMNET8 virtual Switch, the VMNET8 virtual switch connected to the "virtual router", "virtual router" connected to the "VMnet0 Virtual network card (also known as the host physical network card)", and through the "VMnet0 virtual network card" connected to the " VMnet0 Virtual Switch "," VMnet0 Virtual Switch "connects to the host physical network. This also indicates that the computer (virtual machine or host) connected to the "VMnet8 Virtual Switch" needs to be connected to the host physical network in the direction of the "virtual router" → "VMnet0 virtual network card" → "VMnet0 virtual Switch".

1 One-way access relationships in NAT

Virtual Machine A81, A82 is a virtual machine connected to the VMNET8 Virtual switch on physical machine A. Then A81, A82 can access a (two-way visits), you can access the virtual machine A01, A02, A03 through a "virtual router" and access a one-way to other computer B on the network where a belongs, and can access it one-way Other computers on the Internet network Z. But the other computers on the A-owned network and other computers on the Internet network ( by default ) cannot access A81, A82, so the access here is "one-way access."

2 Default in NAT

The "default" described in the previous section refers to the case where the virtual machine is enabled with the DHCP service and the IP address of the virtual machine is "Automatically get the IP address and DNS in case", and the host physical NIC, network parameters (IP address, subnet mask, gateway, DNS) are set correctly.

In the case of NAT and DHCP service enabled, the virtual opportunity automatically obtains the appropriate IP address, subnet mask, gateway, and DNS.

If the virtual machine A81, A82 is not set to "Get IP address and DNS address automatically," But the IP address, subnet mask, and gateway address, and DNS address of the "manual" setting are similar to those assigned by the DHCP server, you can also access the extranet. For example, in Figure 3-5 (Figure 3-6), the VMNET8 Virtual Switch uses a 192.168.80.0/24 network segment, as long as the virtual machine has the 192.168.80.3~192.168.80.253 address, the subnet mask of 255.255.255.0, The gateway address is 192.168.80.2 and you can access a and other hosts on the network.

3 virtual machines that allow extranet access to NAT

If other computers on the physical network (for example, B, Z) want to access A81, A82, you should go through the "VMnet0 Virtual Switch" → "VMnet0 virtual network card" → "virtual router" → "VMnet8 virtual Switch" to A81, A82, but "virtual router" default configuration, is forbidden "Extranet" access "intranet", here, VMnet0 virtual network card and VMnet0 Virtual switch belongs to the network, attribute "External network", and "VMnet8 Virtual Switch" belongs to the network, belonging to the intranet.

If this "virtual router" is configured, for example, using port mapping, other computers on the Internet network can also access the virtual machine A81, A82.

3.3.4 Network relationships between virtual machines that use different virtual network cards

The relationship between virtual machines and hosts using the same virtual network card is described earlier, so what is the relationship between virtual machines using different virtual network cards in the same physical host?

Figure 3-10 Virtual network topology Figure 3-

1 VMnet1 default access to VMnet8 and VMnet0

As you can see from figure 3-10, virtual machines connected to VMnet1 (A11, A12, A13), virtual machines connected to VMnet8 and virtual machines connected to VMnet0 (A01, A02, A03), are not accessible by default.

If they want to access each other, you must enable the default routing or proxy server functionality on physical host A to access each other (or one-way). For example, a physical host can install Windows Server 2003 (or Windows Server 2008), and on that computer, the Routing and Remote Access feature is enabled, and the computer is made into a "router", Each virtual machine can be accessed from each other .

If the physical host is installed with an operating system such as Windows 2000, XP, you can enable the Internet Connection Sharing feature to have VMnet1 one-way access to VMNET8 or VMnet0, and vice versa. For example, it is easy to have VMnet8 one-way access to VMnet1 and so on.

2 VMnet8 cannot access VMnet1 by default

VMnet8 by default, no access to VMnet1 can be accessed through a virtual router, one-way access to VMnet0. If VMnet8 wants to access VMnet1, the router or Internet Connection Sharing service is enabled on host a like VMnet1 access VMnet8.

3 VMnet0 Default cannot access VMnet8, VMnet1

VMnet0 by default, VMnet1 and VMnet8 cannot be accessed. If you want to access VMnet8, in addition to enabling router or Internet Connection Sharing, you can access the virtual machines in VMnet8 by configuring the "virtual router" between "VMnet8" to "VMnet0" and port mapping.

This article is from the "Wang Chunhai blog" blog, make sure to keep this source http://wangchunhai.blog.51cto.com/225186/381225

In-depth understanding of VMware virtual Networks