• Overview
• What You Will See on the Host
• What You Will See on the Guest Operating System
• More Details about Host-Only Networking
• More Details about Bridged Networking
• Changing the MAC Address of a Virtual Machine

Overview

Each virtual machine can have its own independent network configuration. There are four choices for configuring networking:

• No networking
• Host-only networking
• Bridged networking
• Custom networking

No networking simply means a virtual machine is run in isolation; it will not be able to communicate with the host operating system or any other virtual machine running on the host. This option is useful if you desire complete isolation for testing or security purposes. To set up your virtual machine in this way, simply do not install a network interface adapter when configuring the virtual machine.

Host-only networking means a virtual machine can communicate with the host operating system and any other virtual machines set up to use host-only networking, but the virtual machine cannot communicate with any systems off the host machine without the use of a proxy server.

If you chose to install Samba when you installed Workstation -- or if you already had Samba configured appropriately on your host -- the guest operating system can share files with the host using the facilities of the host-only network.

Host-only networking is most useful when the host is itself isolated or when you want to isolate your virtual machines from systems outside the host computer. This configuration is analogous to the way corporations often connect their internal networks to the Internet with a firewall and proxy services. To set up a virtual machine in this way you need to install a network interface adapter and mark it as "hostOnly" . Once the guest operating system is installed you may then need to do some additional configuration work that is described below.

Bridged networking means a virtual machine runs on a virtual network that is "bridged" to an existing physical network. This permits a virtual machine to appear as a full-fledged host on an existing physical network.

A bridged virtual machine may transparently use any of the services available on the network that it is bridged to: printers, file servers, gateways, etc. Likewise, when a virtual machine is bridged, any physical host -- or other virtual machine configured with bridged networking -- can use resources on that virtual machine. This is the most commonly used networking configuration. To manually configure bridged networking you need to install a network interface adapter and mark it as "bridged". Once the guest operating system is installed, you may then need to do some additional configuration work that is described below.

Custom networking refers to any network configuration other than described above. For example, a collection of virtual machines, possibly on multiple physical hosts, might be configured on a private virtual network. This might be done for setting up a private file-sharing environment or for testing a group of virtual machines in an isolated network environment. Configuration of custom networking requires a thorough understanding of networking concepts and potentially the implementation of some simple user-level applications. Setting up custom networking is not described in this document. If you want to set up your own custom network environment and have trouble doing so, please file an incident report.

What You Will See on the Host

Workstation networking support is done on the host machine through a virtual network device driver that implements four network interfaces: vmnet0, vmnet1, vmnet2, and vmnet3. Each interface is associated with a virtual Ethernet hub through which any number of virtual machines and the host may communicate. By convention vmnet0 is used for bridged networking, vmnet1 is used for host-only networking, and the other two interfaces are available for custom network configurations. In addition to the network interfaces there are two applications: vmnet-bridge and vmnet-dhcpd. The vmnet-bridge application is used by the bridged networking support to effect transparent communication between vmnet0 and another network interface, typically eth0. vmnet-dhcpd is an optional process that runs only when host-only networking is configured; it implements the DHCP protocol for virtual machines running on vmnet1.

What You Will See on the Guest Operating System
Network support on the guest operating system appears through the virtual Ethernet adapter(s) that are configured for the virtual machine. Each device appears to the operating system as an AMD PCNET PCI adapter. Most operating systems will recognize this virtual hardware and automatically configure use of the appropriate device driver. The main issue in completing network configuration in the guest operating system is assigning a network address for the virtual machine.

More Details about Host-Only Networking

Setting up host-only networking on the guest operating system
Host-only networking means a virtual machine can communicate with the host operating system and any other virtual machines set up to use host-only networking, but the virtual machine cannot communicate with any systems off the host machine without the use of a proxy server. This is done by creating a private virtual network on which the host and all host-only configured virtual machines reside. Typically all the parties on this private network use the TCP/IP protocol suite, although there is no requirement for this. Regardless of the communication protocols used, each virtual machine and the host must be assigned addresses on the private network. This can be done "statically" (that is, by consulting a fixed database) or "dynamically" using protocols such as the Dynamic Host Configuration Protocol (DHCP). When host-only networking is enabled at the time Workstation is installed, a custom DHCP server application is set up to run on the host machine. This server implements the DHCP protocol only for virtual machines running on the host-only network associated with the virtual network interface vmnet1. Guest operating systems that are set up to use DHCP at boot time to obtain an IP address will then work without any additional configuration (except for setting up names, as described below). Guest operating systems that do not use DHCP to obtain an IP address must be setup with a static IP address.

Selecting IP addresses for virtual machines on a host-only network
You have two choices for setting up IP addresses for virtual machines on a host-only network: dynamic assignment using DHCP or static assignment. Using DHCP to assign IP addresses is simpler and more automatic than statically assigning them. Most Windows operating systems, for example, come preconfigured to use DHCP at boot time so they will be functional the first time they are booted, without additional configuration.

If, however, you want your virtual machines to communicate with each other using names instead of IP addresses, then you need to set up a naming convention, a name server on the host machine, or both. In this case it may be simpler just to use static IP addresses.

VMware recommends that if you have virtual machines you intend to use frequently or for extended periods of time, you assign them static IP addresses or configure the host-only DHCP server to always assign the same IP address to the virtual machine. For virtual machines that you do not expect to keep for long, use DHCP and let it allocate an IP address.

Note that for each host-only network, the available IP addresses are split up using the following conventions. (Workstation always uses a Class C address for host-only networks.)

(where <net> is the network number assigned to your host-only network.)

Avoiding IP packet leakage in a host-only network
Each host-only network is intended to be confined to the host machine on which it is set up. That is, no packets sent by virtual machines on this network should "leak out" to a physical network attached to the host. Packet-leakage can only occur if a machine actively forwards packets. Note that this can be true of the host machine or any virtual machine running on the host-only network.

Systems that support the TCP/IP protocols are usually capable of forwarding IP packets they receive but which are not addressed to them. By default, however, these systems come with IP packet forwarding disabled. If you find packets leaking out of a host-only network, check if forwarding has mistakenly been enabled on the host machine, and if it is enabled, disable it. For Linux systems this is done by writing a "0" to the special file /proc/sys/net/ipv4/ip_forward. For example,
       machinename# echo 0>/proc/sys/net/ipv4/ip_forward
(note that this must be done as the super-user). For other systems there is a system configuration option that can be set somehow: through a control panel, at compile time, or possibly at boot time. Consult your system documentation.

If the host has multiple network adapters, then it is likely intentionally configured to do IP forwarding and you do not want to disable it. In this case the only way to avoid packet-leakage is to enable a "packet filtering" facility and specify that packets from the host-only network should not be sent off-machine. An explanation of how to do this is beyond the scope of this document; consult you system documentation.

Finally, be aware that virtual machines may leak packets as well. For example, if you use Dial-Up Networking support in a virtual machine and packet forwarding is enabled, host-only network traffic may leak out through the dial-up connection.

Controlling routing information for a host-only network
A host-only network is a full-fledged network. It has a network interface associated with it (vmnet1) that is marked "up" at the time the host operating system is booted. Consequently, routing server processes that operate on the host operating system, such as routed and gated, will automatically discover it and propagate information on how to reach it unless you explicitly configure them not to. If either of these programs is being run only to receive routing information, then the easiest solution is to run them with a -q option so that they do not supply routing information, only receive it. If, however, they are running because they are to supply routing information, then you need to configure them so they do not advertise routes to the host-only network.

Unfortunately, the version of routed that comes with many distributions of Linux has no support for specifying that an interface should not be advertised. Consult the routed(8) manual page for your system in case you have a more contemporary version of the software.

For gated, configuration is involved. You need to explicitly exclude the vmnet1 interface from any protocol activity. If you need to run virtual machines on a host-only network on a multi-homed system where gated is used and have problems doing so, please file an incident report.

Using Samba for file sharing on a host-only network
Workstation 2.0 (for Linux) can automatically install and configure a Samba server to act as a file server for Microsoft Windows 95, Windows 98, Windows NT 4.0, and Windows 2000 guest operating systems.

For details, read this tech note.

Other potential issues with host-only networking
The following are common questions and issues that may arise when configuring a host-only network.

• Q: DHCPD on the host machine does not work after I installed Workstation.
  A: If you were running the DHCP server program dhcpd on your machine before installing Workstation, then it probably was configured to respond to DHCP requests from clients on any network interface present on the machine. When host-only networking is configured, an additional network interface, vmnet1, is marked "up" and available for use, and dhcpd may notice this. In this case some dhcpd implementations abort if their configuration files do not include a "subnet" specification for the interface -- even if dhcpd is not to respond to messages that arrive through the interface. The best solution to this problem is to add a line to the dhcpd configuration file of the form:
           subnet <net>.0 netmask 255.255.255.0 {}
  (where <net> is the network number assigned to your host-only network; for example, 192.168.0). This informs dhcpd about the host-only network and tells it explicitly not to respond to any DHCP requests it sees coming from it.

  An alternative solution is to explicitly state the set of network interfaces that you want dhcpd to listen each time you start the program. For example if your machine has one Ethernet interface eth0, then each time you start dhcpd you would list it on the command line:
           machinename# dhcpd eth0
  rather than have it probe for all available network interfaces.

  If the above solutions do not work for your dhcp server program, then it likely is old. You can try upgrading to a more current version such the Version 2 DHCP software available from the ISC (see http://www.isc.org).

• Q: Is there any way to use DHCP and Dynamic Domain Name Service (DDNS) on a host-only network?
  A: DHCP can be used to hand out IP addresses as well as other information such as the identity of a host running a name server and the nearest router/gateway. But it does not currently provide a means to dynamically establish a relationship between the IP address it assigns and a client's name (that is, to update a DNS server using DDNS). This facility is scheduled to be part of the Version 3 DHCP server available from the Internet Software Consortium (ISC). When that is available we will update our software to use that server.

  In the meantime, this means that if you want to use names to communicate with other virtual machines you will need to either edit the DHCP configuration file for vmnet1 (/etc/vmware/vmnet1.conf) or use IP addresses that are statically bound to a host name. Editing the DHCP server configuration file requires information that is best obtained directly from the DHCP server documentation; consult the UNIX manual pages dhcpd(8) and dhcpd.conf(8)

More Details about Bridged Networking

Setting up bridged networking on the guest operating system
Bridged networking means a virtual machine appears just like any other host on the physical network. You need to configure operating system support for the virtual Ethernet adapter and then either assign a fixed network address or enable use of DHCP for dynamic address assignment. Assigning a network address is done according to local conventions -- if your site runs DHCP, then you may choose to enable DHCP use; otherwise you will need to consult a network administrator to obtain a network address. Be aware that if the host machine is set up to boot multiple operating systems and you run one or more of them in virtual machines, then you will need to configure each operating system with a unique network address. (Many people assign all systems the same address since they assume only one will be running at a time!)

Changing the MAC Address of a Virtual Machine

When a virtual machine is powered on, Workstation automatically assigns it a MAC address. The software guarantees that virtual machines will be assigned unique MAC addresses within a given host system. However, the software does not guarantee that a given virtual machine will be assigned the same MAC address every time it is powered on. In addition, Workstation does its best, but cannot guarantee, to automatically assign unique MAC addresses for virtual machines running across multiple host systems.

If you want to guarantee that the same MAC address is assigned to a given virtual machine every time, or want to guarantee a unique MAC address for each virtual machine within a networked environment, you can assign it manually instead of allowing Workstation to assign it automatically. It is possible to manually assign the same, unique MAC address to any virtual machine by adding the following line to its configuration file:
      ethernet0.address = 00:50:56:XX:YY:ZZ
where XX is a valid hex number between 00h and 3Fh, and YY and ZZ are valid hex numbers between 00h and FFh. Because Workstation virtual machines do not support arbitrary MAC addresses, the above format must be used.

Note: As long as you choose XX:YY:ZZ so it is unique among your hard-coded addresses (where XX is a valid hex number between 00h and 3Fh, and YY and ZZ are valid hex numbers between 00h and FFh), conflicts between the automatically assigned MAC addresses and the manually assigned ones should never occur.