Monday, May 25, 2009

Bridged vs Host-only vs NAT

I have been using VMware since 2002. I mostly use it for my development testing. There was no free version from VMware at that time. Luckily I got exposed to both WorkStation and GSX at work. Now I can have my free virtual server installed at home. All my VMware servers are running on Microsoft platform. I have both VMware Server 1 and 2 running on different machines. I like VMware Server 1 more than Server 2 because of its simple interface (which is VMware Server Console), a bit light weight to me and no restart needed when a configuration is changed.

Most my friends are confused by the 3 different modes network setting: Bridged, Host-only and NAT. Like most people, they use the default setting, Bridged. In the following, I am going to briefly distinguish the difference among these 3 network modes. I would also point out some issues existing in each mode, from a user point of view. Those issues applies to the free versions both VMware Server 1 and 2 running on Microsoft Windows platforms. For detail of how these 3 modes work or are configured, please consult VMware documentation ( Server 1 [Install, Manual] | Server 2 User Guide ).

Each VMware network mode is associated with a named virtual adapter. You can add and remove any virtual adapter you want. On Windows, the newly added virtual adapter is only bound to Host-only network. It may not be the case if you are running the server on other platforms but I don't know. In addition, you can configure a custom adapter to assoicate with each physical network adapter to fit your need.

These three basic VMware network are listed as follows.

Mode Virtual Adapter
Bridged : vmnet0 this is the default.
Host-only : vmnet1
NAT : vmnet8

Note that the issues listed in the following table are only applied to Microsoft Windows. I am not sure if they hold true for other platforms.

Bridged (vmnet0)

Communication and Visibility: The virtual machine (VM) acts as if a regular PC ran on the same physical network. You can go Internet and do whatever you want unless your software is hardware dependent. All VMs on vmnet0 are visible to others on the same physical network and vice versa.

Performance: In my experience, the VMware Bridged network is kind of slow. On Microsoft Windows, it is much slower on a workgroup network, compared to a domain.

DHCP or Additional Service: No DHCP service is provided. If you don't have a router or DHCP server running on your network, this mode may not suit for you. In this case, you should consider either Host-only or NAT network depending on if you want Internet access.

Issues:

  • Big File Copy: Regardless of VMware Server 1 or 2, the file copying from the host inside a VM will fail when the file size is large enough. While the file is being copied from the network, the following error may occur: "Cannot copy <file_name>: The specified network name is no longer available." (Also see this)
  • Leaking IPs to physical network: The VM's IP is assigned by the physical network (e.g. your router or DHCP server). Thus, this problem doesn't apply here.

Host-only (vmnet1)

Communication and Visibility:The network communication of this mode is limited between the host and the VMs on the same vmnet1 adapter. Those VMs cannot make a connection beyond the host; thus there is no internet access capability. They remain hidden behind the host. You cannot configure it to expose any VM on vmnet1 to the physical network either.

Performance: The performance of Host-only (or vmnet1) is very fast. I usually use this setting for software testing especially when I don't need an Internet access. For example, I could run a database server inside a VM for a simple test.

DHCP or Additional Service: This mode provides DHCP sevice. If you don't have a router or a DHCP sever running on your network, this one comes in handy. This service can be disabled.

Issues:

  • Big File Copy: Unlike Bridged, I don't experience any file copy problem regardless of size (also see this).
  • Leaking IPs to physical network: VWware DHCP may assign IPs to the PCs on the physical network and cause problems. I encounter this problem when I have my VM Server running first and then my other physical PC joins the physical network later.

NAT (vmnet8)

Communication and Visibility: All VMs using the adapter vmnet8 form a private network with the host. They all have internet access capability, but they are not visible to others beyond the host as if they are sitting behind their own firewall with the host. You can expose the VM for a particular access by port forwarding via NAT configuration provided by the VMware network utility (in the desktop Start menu: VMware -> VMware Server -> Manage Virtual Networks).

Because of its internet capability, I use it often for Web application testing and development too.

Performance: To me, it is faster than Bridged and could be as fast as Host-only.

DHCP or Additional Service: This mode provides DHCP sevice. If you don't have a router or a DHCP sever running on your network, this one comes in handy. This mode also provides NAT service for further network configuration. Both services can be disabled.

Issues:

  • Big File Copy: Unlike Bridged, I don't experience any file copy problem regardless of size (also see this).
  • Leaking IPs to physical network: VWware DHCP may assign IPs to the PCs on the physical network and cause problems. I encounter this problem when I have my VM Server running first and then my other physical PC joins the physical network later.

Disabling VMware DHCP and NAT on Windows

If you are only using Bridged network, I would recommend to have both VMware DHCP and NAT services disabled. They are not used by Bridged.
On Windows, you can disable it via your Services console (services.msc) from Administrative Tools. These two services on Windows are called VMnetDHCP (for VMware DHCP Service) and VMWare NAT Nervice respectively.
  • Locate the service you want to disable.
  • Right click to select Properties.
  • From the Startup type dropdown box, select Disabled.
  • Click OK button.

Or run the following commands at the command prompt.
   sc config "VMnetDHCP" start= disabled 
   sc config "VMware NAT Service" start= disabled
Note that
  • start= must be in one single word.
  • There must be a space between the equal sign (=) and the word disabled.

24 comments:

  1. Thank you for posting this. I was trying to figure out what was what, and this was extremely helpful.

    ReplyDelete
  2. Thanks for taking the time to post this. Your description reads well, and the concepts are presented with clarity.

    ReplyDelete
  3. Good post! Answered a couple of nagging questsions for me.

    ReplyDelete
  4. Its a nice post

    ReplyDelete
  5. Great post. Explained with clarity

    ReplyDelete
  6. This is exactly what I needed to know.

    ReplyDelete
  7. WOW!!! Best article I read about what is what. This provides a clear understanding. Thanks!

    ReplyDelete
  8. I agree, good post. I always wondered what were the differences between vmnet0,1,8.

    Still which one should I choose when having a PXE server running inside a vm and wanting to use it to pxe boot other PCs on the local network?

    ReplyDelete
  9. @ARPcPro, all VMs with vmnet1 cannot be seen in the network; thus you should choose either bridge (vmnet0) or NAT (vmnet8). The simple way is using bridge unless you want to create another private network at your physical network that you may need to do some tweaks.

    ReplyDelete
  10. I had installed vmware player v3.1.4 on windows xp host and fedora 14 guest connected in bridged mode. I am using DHCP for internet access on windows host which is working fine but unfortunately there is no internet access on fedora with same config (DHCP). Can you pls. help or share ur email/contact so that I can contact you ?
    thanks, prabhat

    ReplyDelete
  11. @prabhat, I am not familiar with Fedora and unable to offer help, sorry. I wonder if it would be how DHCP was configured to be used for a specific device (e.g., eth1) on fedora.

    ReplyDelete
  12. cute post. i will refer to it every time i need to. thanks.

    ReplyDelete
  13. clearly explained!!!!!!!!!! thank you sooooooo much.... cheers!!!!!!!:)

    ReplyDelete
  14. Hi!, thanks for the explanation. I guess I should go with bridged. I still got a few questions. I set up a DHCP server on a Virtual server 2008. I´m assuming the configuration´s OK. My physical laptop takes an IPv6 from the server, but not an IPv4, then I got a virtual XP that will take the IPv4 from the server, but not the IPv6. I´ve been messing around with the different modes, but still can´t get both PC´s to use IP´s (4 and 6) from the DHCP server. And now, my last silly question: Is it possible to make this all work without being connected to the router?... I mean, for example... can I ping all the machines (phys and virt) between them if the network cable is disconnected?? Thanks!!

    ReplyDelete
  15. Wonderful post! Thanks for taking the time and sharing this! You are great!

    ReplyDelete
  16. This was really useful to me. Thank you for sharing.

    ReplyDelete
  17. Best post I've come across that tackles this concept in VMWare. Thank you so much for putting in effort for grouping the information into more readable format.

    ReplyDelete
  18. Liked the post.
    Also, you can get more info from:
    http://www.vmware.com/support/ws55/doc/ws_net_basics.html
    ~ rajeev

    ReplyDelete
  19. Thanks for the post. Cheers.

    ReplyDelete
  20. I have a question, may be it sounds you stupid......well i have installed linux (ubuntu) in Vmware workstation running on windows 7. I am using an engineerng software in linux. which type of connection should i use so that no one can know through internet that what am i using. no one can have access to my ip, mac adress and location. plz reply

    ReplyDelete
  21. blograt - thanks for sharing this. I'm trying to enable my VM to communicate with another machine on my home network at 192.168.0.x. Virsh is giving eth0 on the VM an address of 10.0.2.15. The VM can access the internet but cannot, of course, communicate with anything on 192.168.0.x. In particular, I want the VM with ip 10.0.2.15 on host with br0 192.168.0.16 to be able to communicate with mythbackend at 192.168.0.8. What, to you sounds like the best approach to accomplish this? Thanks.

    ReplyDelete
  22. Great Post Buddy,

    Thanks a lot for such a sequential and systematic description.


    Prashant.

    ReplyDelete