Occam’s razor over-applied to virtual networking (or: There’s nothing wrong with Virtual Box anymore)

I’ve been a big proponent of hardware virtualization for a long time. I use it every day in testing, development, and production environments. Today I realized that understanding a problem domain too well can lead a person to overlook simple solutions.

I’m using KVM on my production servers right now (for various reasons and with mixed results), but on the desktop I’ve never been able to really find a well rounded solution I like.

In the past, I used Vmware Server. I stuck with it over a couple of revisions, I was very happy with it. However, I was annoyed/disappointed by the recent change to a web-based, client-server architecture. When I first tried it, it was slow, it was buggy. So I jumped ship.

At that time, VirtualBox had just been bought by Sun, and everything about it was new(ish) and different. I liked how it seemed to be less crash-prone. It had an easier to use UI and was snappier. The guest additions were easier to install.

But then I got to a point where I wanted to do some Plone development. I was running windows as a host OS, and Ubuntu as the guest.

This is where I got stuck. VMware sets up its NAT on a virtual network, so the VMs act like they’re plugged into a virtual router. VirtualBox doesn’t. In Vbox’s case, NAT’tted machines are on a 10.x.x.x network. I believe they can talk to each other, but can’t communicate with the host.

This subtle difference made VirtualBox almost unusable for me. I could set up port forwarding, but there wasn’t a nice UI for it like Vmware had. In fact, it requires a cryptic command line that edits cryptic XML.

I could use bridged networking, which worked OK at home, where I had a wireless router between the VM and the internet, but at work, where we all have static IPs, I had to register the virtual device, and that seemed impractical for a lot of reasons (examples: too many VMs to keep track of, the VMs were no longer sandboxed, etc)

I settled on just setting up port forwarding for port 22 so I could SSH and use SSH tunneling to do any other forwarding I needed. For a 3-client plone site with 3 Apache virtual hosts (SSL, HTTP, and 8080 for the load balancer), that got messy in a hurry. Needless to say I tried to do all of my development on as few VMs as I could.

It was a lot of futzing and difficult work, because, honestly, I ignored the simplest answer.

I just got a new laptop for work, a swank PC to replace an old Mac. For the sake of playing nice, it’s running Windows 7 (yeah, I know). I decided to try VMware again due to the hassles I had with VirtualBox’s networking.

What I wanted was a virtual network that I could connect to a VM through that allowed the VM to get out to the internet. Vmware provided this, VirtualBox did not. (there are other virtualization solutions, I know, but for one reason or another they wouldn’t work for me).

After hours of toil, I realized that Vmware’s NAT doesn’t work in Windows 7 (If you’re on the east coast of the US, you may have heard a faint moan in the distance, that was me screaming into my desk chair when I found that out).

The question I failed to ask before this afternoon was, “Why do they have to the same network?”… you know what? They don’t. Eureka!

So the solution, that I’m frankly a little embarrassed at, is use two network connections. One’s configured as NAT, to provide Internet access and sandboxing, and the other is a Host Only connection, which creates a nice little 192.x.x.x network that you can connect to from the host (but not from outside of the host machine).

Here’s what it looks like (the adapters have to be added while the VM is shut down, or when its initially created):

Interface #1, NAT

Interface #1, NAT

Interface #2, the Host-Only Interface

Interface #2, the Host-Only Interface

I suppose this is evidence that time wasted is never more valuable than knowledge gained (at least, while you’re wasting time to gain it).

This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to Occam’s razor over-applied to virtual networking (or: There’s nothing wrong with Virtual Box anymore)

  1. Scott says:

    Does this solve the NAT problem for you? (In other words, can your VM still access the Internet?)

    Reason: I also have a Windows 7 host, FreeBSD guest, and an SSL VPN to our data center. The VM needs to be able to go thru the VPN. On Windows XP it can (VM -> NAT -> VPN -> data center), but on Windows 7 it cannot (because VMware NAT in win7 is broken). The suggested workaround, enabling ICS on the Windows 7 interface, won’t suffice, because ICS breaks SSL VPN.

    I walked through your changes on the XP host: leave the VM NAT interface and add a host-only interface, and don’t see how I can get around a broken NAT.


    • jjmojojjmojo says:

      To answer your question, yes, but I think you may be a little confused. The real solution here was to use VirtualBox instead of VMware. VMware’s NAT problem in windows 7 is not fixable, from what I can tell (you can only do ICS work-arounds, as you’ve obviously tried… I had trouble even getting those to work at all, let alone over a VPN).

      VirtualBox’s NAT works in windows 7, even through my VPN. No need for ICS, it just works.

      Let me state this plainly: The problem I had with VBox’s NAT was that it didn’t provide a private network, on any platform. The problem I had with Vmware and Windows 7 is that Vmware’s NAT just doesn’t work in that environment (I was also annoyed that they haven’t updated their console viewer plugin for firefox 3.6, but using IEtab was a fair compromise)

      Bottom line: I don’t think applying the VirtualBox settings I mention in Vmware are going to fix Vmware’s lagging support for windows 7. :P

  2. Scott says:

    … I did read your post wrong. Sorry about that, and thank you for the clarification.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s