Understanding Virtual Networking in VMware Workstation 9
In my opinion, VMware Workstation is the premier and ideal platform for virtualizing desktops on your local Windows or Linux laptop or desktop computer. This is because Workstation offers the most maturity and functionality out of any of the desktop-based hypervisors. Workstation has a strong snapshot manager, the greatest list of supported guest operating systems, remote virtual machine management/control with the new WSX (see my article – Managing VMware Workstation VMs Remotely with WSX), connectivity to vSphere in the datacenter for VM management and import/export and, finally, the most mature virtual networking. What I’ll be focusing on in this article is how virtual networking works in VMware Workstation and what’s new related to virtual networking in Workstation version 9.
Introduction to Virtual Networking in VMware Workstation
It’s the virtual network, as created by VMware Workstation, which connects your virtual machines to the physical network. Typically, the most important thing you want physical network connectivity for is to connect a VM to the local LAN and then to the Internet. After all, just like your desktop or laptop, your VMs need Internet access to browse the web or check email, for example. VMs also need access to enterprise apps that are running on the local LAN.
By default, VMware Workstation offers 3 types of virtual networks – NAT, bridged, and host-only. The Internet access, as described above, is accomplished with the default virtual machine network type – NAT (each of them are discussed in more detail below).
Here’s how the three default virtual networks break down and what “VM net” they map to.
Three Types Of Virtual Networks In Workstation, By Default:
- Bridged = VMnet0
- NAT = VMnet8
- Host-only = VMnet1
Used to manage your virtual networks, here’s what the Workstation Virtual Network Editor looks like.
Figure 1: VMware Workstation 9 Virtual Network Editor
- The virtual DHCP server serves NAT and host-only networks
- You can create your own custom VMnet networks
- Virtual network adaptors are in each VM and you can add multiple, if needed
Keep in mind that these are all “by default” because all of this is configurable by you. For example, you can change the bridged network to be a different VMnet or just delete it completely (if you do, remember that the Restore Default option is your friend because it can quickly put everything back to how it was when Workstation was installed).
Understanding VMware Workstation NAT Networks
With NAT, or network address translation, the virtual machine will receive an IP address from VMware Workstation’s built in DHCP server. The default IP address range for the NAT network is 192.168.75.0 with a 255.255.255.0 (class C) subnet mask (which is completely configurable by you). The IP address, assigned to your VM that is on the NAT network, is translated to the IP address assigned to Workstation’s physical network adaptor when the NAT’ted VM needs to communicate with the public network (which could be the local company network if you are cabled to the LAN or the Internet, let’s say if you are at a coffee shop).
The main limitation that you need to be aware of is that you can only one network set to NAT (this is also the same for the bridged network type).
It is possible to have inbound NAT connections to a VM but you must configure those manually in Workstation’s Virtual Network Editor under NAT Settings. As you see below, I wanted to be able to connect to a VM in the NAT network, inbound, using RDP (remote desktop) so I opened a port on the Workstation host under 3390 (incremented one from 3389, or RDP) to RDP on the VM inside the NAT network (port 3389). To do this, I had to know the IP address of the VM on the NAT network, as assigned via Workstation’s DHCP server.
Understanding VMware Workstation Bridged Networks
For my VMs running in Workstation, instead of the default of NAT, I typically prefer to configure them with Bridged networking. With bridged networking, the virtual machine is on the same network as the host (your PC or laptop that’s running Workstation). You can think of the VMs with bridged connections all being connected to a big virtual bridge, along with your host computer. What this means is that your VMs are just going to request another IP address from your company’s DHCP server (let’s say, if you are on the corporate network) and they would be on the same network as your host computer. To put it another way, virtual machines with bridged network connections are just like any other physical server on the network (for better or worse). The good side of this is that you can RDP to them or connect to them in any other way that you would another physical server. The downside is that they have no network protection so you need to remember that those VMs will need anti-malware protection and you must enable their firewall, etc.
Below you see one of my VMs in Workstation with a bridged connection. As configured, the bridged network adaptor connects to my physical network adaptor (a wireless adaptor in this case). I can opt to replicate the physical network status to the VM if I choose to (so if the wireless network is down, so is the network inside the VM).
Understanding VMware Workstation Host-Only Networks
The third type of virtual network in Workstation works as described. The “host only” virtual network connects the virtual machine to the “host only”. In other words, the VM can only communicate with the host that is running VMware Workstation but it has no LAN network access, no Internet access, and no communication to other VMs that are running on the same host under Workstation.
The VMs running with the host only network option will receive an IP address from the Workstation DHCP server from a different scope than the NAT network. By default host only VMs will receive IP’s from the 192.168.56.0 /24 network that will be used to communicate just with the host, who will also use an IP from that subnet for the communication. Thus, the VM’s network traffic isn’t translated with NAT.
The host only network option is a great option for sharing files between host and VM or testing client/server apps.
Understanding VMware Workstation Private Networks
However, instead of “host only” for testing VMs and client server apps, I typically choose a totally private network option. In the past, this would be done by using the Add Network option and creating a totally private custom network.
With that custom network (say you choose VMnet2), you have the option to:
- Connect or NOT connect it to the host
- Provide or NOT provide DHCP IP addressing
Let’s say that you choose NOT to connect it to the host and NOT to provide DHCP IP addressing, then you have a totally private network where any VM there cannot communicate with anything else except for any other VM that you might choose to place there. By connecting 2+ VMs to the new custom private network you created, you have a virtual network lab where you can do whatever you want (like test Windows Active Directory or Exchange that uses the same IP addresses and domain names as your production servers).
Keep in mind that, when you opt not to provide DHCP, you must either provide your own DHCP server for the virtual network or assign static IP addresses to all VMs on the network.
New in VMware Workstation 9 is the option to create LAN Segments. These LAN segments are similar to a custom network that you would create if it didn’t have host connectivity and if it didn’t have DHCP services from Workstation.
The advantage of these LAN Segments is that you can create as many as you want (you aren’t limited by the Workstation VMnet 0-9 numbering limitation).
LAN Segments are a great solution that allows you to create as many virtual private networks, for a virtually unlimited number of uses (see my examples in Figure 6).
Once you create the LAN Segment, you connect your virtual machines to it, just as you would connect them to any other virtual network option in Workstation (shown in Figure 7).
One final advanced networking option in Workstation 9 is the ability to throttle incoming and outgoing network bandwidth as well as the option to generate a custom Ethernet MAC address.
Overall, Workstation 9’s virtual networking is the most advanced that I have seen, given the multiple virtual networking options, built in DHCP server, and the new LAN Segments option for building virtual private lab environments.