VirtualBox Networking Concepts
External
- User Manual Chapter 6 Virtual Networking https://www.virtualbox.org/manual/ch06.html
- https://technology.amis.nl/2014/01/27/a-short-guide-to-networking-in-virtual-box-with-oracle-linux-inside/
Internal
Relevance
This article was written with VirtualBox 5.0.4.
Adapter Type
VirtualBox provides a number of virtual network adapters: Paravirtualized Nework (virtio-net), Intel PRO/1000 MT Server (82545EM), PCnet-FAST III , etc.
Performance-wise, virtio adapter is preferable to Intel PRO/1000, which is preferable to PCnet. virtio and Intel PRO/1000 offer segmentation and checksum offloading. Segmentation offloading is essential for high performance. In order to take advantage of it, make sure segmentation offloading is enabled in guest OS. For more details see Segmentation Offloading.
Routing
It should be possible to give guest external access by setting an internal network and a bridged network adapter on just one of them, then appropriately configuring routing. When I figure this out, update this section. The alternative is to configure a NAT adapter on each guest.
NAT
This is the default and the simplest way to give your guest external access.
Each VM comes pre-configured with a NAT Adapter and its a good idea to leave it in place even if configuring other types of adapters. It will be configured automatically and it will be giving your guest access to internet without opening any inbound access.
This is how a guest configured with NAT and host-only access looks like. eth0 is the internal network interface and eth1 is the NAT adapter all publicly-outbound traffic goes over.
...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:80:d5:77 brd ff:ff:ff:ff:ff:ff
inet 192.168.7.3/24 brd 192.168.7.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe80:d577/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:6b:33:aa brd ff:ff:ff:ff:ff:ff
inet 10.0.3.15/24 brd 10.0.3.255 scope global dynamic eth1
valid_lft 86382sec preferred_lft 86382sec
inet6 fe80::a00:27ff:fe6b:33aa/64 scope link
valid_lft forever preferred_lft forever
...
NAT Advantage over Bridged Network
NAT give the guest access to external internet, handling routing, etc., same as bridged network. However, the bridge is tied to a specific network interface, and if that does not have connectivity, the guest does not have connectivity (consider the case when the bridge was attached to a wired interface, and the machine finds itself connecting over a wireless interface). From this perspective, NAT is more convenient, as it handles these details transparently.
NAT Service
A NAT service is a virtual NAT router, that allows creating an internal network, and allowing all guests on the internal network external access and to communicate with each over. A NAT service is attached to an internal network. At the time of the writing (5.0.4) this service is experimental but it seems very useful.
Bridged Networking
Bridged Networking Overview
With bridged networking, the guest connects to the host network similar to how the host does, gets the same kind of host network address, and the host and guest can talk amongst themselves using host network addresses. A host's physical network interface is used for this.
Bridged Networking Details
With bridged networking, VirtualBox installs a net filter driver on the host system that "filters" data from an existing physical network adapter on the host. This allows VirtualBox to intercept and inject data from/to the physical network interface, effectively creating a new network interface in software. This network interface is visible to the guest: if a guest is configured to use a "Bridged Adapter", that results in the guest "seeing" a network interface that behaves as being connected to the same network as the physical network adapter it latched onto. If a DHCP server is available on the host's network, the new bridged network interface will automatically get a dynamic IP address. The interface can be used to connect into the guest from the network and can be used by the guest to connect to the network.
The existing physical interface is used to attach virtual machines to.
As an example, the physical network interface on a MacOS guest we used is en7:
en7: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV> ether 0c:4d:e9:a8:68:f4 inet6 fe80::e4d:e9ff:fea8:68f4%en7 prefixlen 64 scopeid 0x4 inet 192.168.1.134 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=1<PERFORMNUD> media: autoselect (1000baseT <full-duplex,flow-control>) status: active
and the newly created virtual interface on a Linux host is enp0s3:
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:f7:35:7d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.147/24 brd 192.168.1.255 scope global dynamic enp0s3
valid_lft 85686sec preferred_lft 85686sec
inet6 fe80::a00:27ff:fef7:357d/64 scope link
valid_lft forever preferred_lft forever
Note the different IP address in the same subnet.
Bridging to Wireless Interfaces
Bridging to a wireless interface is done differently from bridging to a wired interface, because most wireless adapters do not support promiscuous mode. All traffic has to use the MAC address of the host’s wireless adapter, and therefore VirtualBox needs to replace the source MAC address in the Ethernet header of an outgoing packet to make sure the reply will be sent to the host interface. When VirtualBox sees an incoming packet with a destination IP address that belongs to one of the virtual machine adapters it replaces the destination MAC address in the Ethernet header with the VM adapter’s MAC address and passes it on. VirtualBox examines ARP and DHCP packets in order to learn the IP addresses of virtual machines.