user_Networking.xml@ 43370

最後變更在這個檔案從43370是 43370,由 vboxsync 提交於 12 年前
doc: fixes port-forwarding description and clarifes altering settings for "saved" case.
檔案大小: 42.7 KB

行
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
4	<chapter id="networkingdetails">
5	<title>Virtual networking</title>
6
7	<para>As briefly mentioned in <xref linkend="settings-network" />,
8	VirtualBox provides up to eight virtual PCI Ethernet cards for each virtual
9	machine. For each such card, you can individually select<orderedlist>
10	<listitem>
11	<para>the hardware that will be virtualized as well as</para>
12	</listitem>
13
14	<listitem>
15	<para>the virtualization mode that the virtual card will be operating
16	in with respect to your physical networking hardware on the
17	host.</para>
18	</listitem>
19	</orderedlist></para>
20
21	<para>Four of the network cards can be configured in the "Network" section
22	of the settings dialog in the graphical user interface of VirtualBox. You
23	can configure all eight network cards on the command line via VBoxManage
24	modifyvm; see <xref linkend="vboxmanage-modifyvm" />.</para>
25
26	<para>This chapter explains the various networking settings in more
27	detail.</para>
28
29	<sect1 id="nichardware">
30	<title>Virtual networking hardware</title>
31
32	<para>For each card, you can individually select what kind of
33	<emphasis>hardware</emphasis> will be presented to the virtual machine.
34	VirtualBox can virtualize the following six types of networking
35	hardware:<itemizedlist>
36	<listitem>
37	<para>AMD PCNet PCI II (Am79C970A);</para>
38	</listitem>
39
40	<listitem>
41	<para>AMD PCNet FAST III (Am79C973, the default);</para>
42	</listitem>
43
44	<listitem>
45	<para>Intel PRO/1000 MT Desktop (82540EM);</para>
46	</listitem>
47
48	<listitem>
49	<para>Intel PRO/1000 T Server (82543GC);</para>
50	</listitem>
51
52	<listitem>
53	<para>Intel PRO/1000 MT Server (82545EM);</para>
54	</listitem>
55
56	<listitem>
57	<para>Paravirtualized network adapter (virtio-net).</para>
58	</listitem>
59	</itemizedlist></para>
60
61	<para>The PCNet FAST III is the default because it is supported by nearly
62	all operating systems out of the box, as well as the GNU GRUB boot
63	manager. As an exception, the Intel PRO/1000 family adapters are chosen
64	for some guest operating system types that no longer ship with drivers for
65	the PCNet card, such as Windows Vista.</para>
66
67	<para>The Intel PRO/1000 MT Desktop type works with Windows Vista and
68	later versions. The T Server variant of the Intel PRO/1000 card is
69	recognized by Windows XP guests without additional driver installation.
70	The MT Server variant facilitates OVF imports from other platforms.</para>
71
72	<para>The <emphasis role="bold">"Paravirtualized network adapter
73	(virtio-net)"</emphasis> is special. If you select this, then VirtualBox
74	does <emphasis>not</emphasis> virtualize common networking hardware (that
75	is supported by common guest operating systems out of the box). Instead,
76	VirtualBox then expects a special software interface for virtualized
77	environments to be provided by the guest, thus avoiding the complexity of
78	emulating networking hardware and improving network performance. Starting
79	with version 3.1, VirtualBox provides support for the industry-standard
80	"virtio" networking drivers, which are part of the open-source KVM
81	project.</para>
82
83	<para>The "virtio" networking drivers are available for the following
84	guest operating systems:</para>
85
86	<para><itemizedlist>
87	<listitem>
88	<para>Linux kernels version 2.6.25 or later can be configured to
89	provide virtio support; some distributions also back-ported virtio
90	to older kernels.</para>
91	</listitem>
92
93	<listitem>
94	<para>For Windows 2000, XP and Vista, virtio drivers can be
95	downloaded and installed from the KVM project web page.<footnote>
96	<para><ulink
97	url="http://www.linux-kvm.org/page/WindowsGuestDrivers">http://www.linux-kvm.org/page/WindowsGuestDrivers</ulink>.</para>
98	</footnote></para>
99	</listitem>
100	</itemizedlist></para>
101
102	<para>VirtualBox also has limited support for so-called <emphasis
103	role="bold">jumbo frames</emphasis>, i.e. networking packets with more
104	than 1500 bytes of data, provided that you use the Intel card
105	virtualization and bridged networking. In other words, jumbo frames are
106	not supported with the AMD networking devices; in those cases, jumbo
107	packets will silently be dropped for both the transmit and the receive
108	direction. Guest operating systems trying to use this feature will observe
109	this as a packet loss, which may lead to unexpected application behavior
110	in the guest. This does not cause problems with guest operating systems in
111	their default configuration, as jumbo frames need to be explicitly
112	enabled.</para>
113	</sect1>
114
115	<sect1 id="networkingmodes">
116	<title>Introduction to networking modes</title>
117
118	<para>Each of the eight networking adapters can be separately configured
119	to operate in one of the following modes:<glosslist>
120	<glossentry>
121	<glossterm>Not attached</glossterm>
122
123	<glossdef>
124	<para>In this mode, VirtualBox reports to the guest that a network
125	card is present, but that there is no connection -- as if no
126	Ethernet cable was plugged into the card. This way it is possible
127	to "pull" the virtual Ethernet cable and disrupt the connection,
128	which can be useful to inform a guest operating system that no
129	network connection is available and enforce a
130	reconfiguration.</para>
131	</glossdef>
132	</glossentry>
133
134	<glossentry>
135	<glossterm>Network Address Translation (NAT)</glossterm>
136
137	<glossdef>
138	<para>If all you want is to browse the Web, download files and
139	view e-mail inside the guest, then this default mode should be
140	sufficient for you, and you can safely skip the rest of this
141	section. Please note that there are certain limitations when using
142	Windows file sharing (see <xref linkend="nat-limitations" /> for
143	details).</para>
144	</glossdef>
145	</glossentry>
146
147	<glossentry>
148	<glossterm>Bridged networking</glossterm>
149
150	<glossdef>
151	<para>This is for more advanced networking needs such as network
152	simulations and running servers in a guest. When enabled,
153	VirtualBox connects to one of your installed network cards and
154	exchanges network packets directly, circumventing your host
155	operating system's network stack.</para>
156	</glossdef>
157	</glossentry>
158
159	<glossentry>
160	<glossterm>Internal networking</glossterm>
161
162	<glossdef>
163	<para>This can be used to create a different kind of
164	software-based network which is visible to selected virtual
165	machines, but not to applications running on the host or to the
166	outside world.</para>
167	</glossdef>
168	</glossentry>
169
170	<glossentry>
171	<glossterm>Host-only networking</glossterm>
172
173	<glossdef>
174	<para>This can be used to create a network containing the host and
175	a set of virtual machines, without the need for the host's
176	physical network interface. Instead, a virtual network interface
177	(similar to a loopback interface) is created on the host,
178	providing connectivity among virtual machines and the host.</para>
179	</glossdef>
180	</glossentry>
181
182	<glossentry>
183	<glossterm>Generic networking</glossterm>
184
185	<glossdef>
186	<para>Rarely used modes share the same generic network interface,
187	by allowing the user to select a driver which can be included with
188	VirtualBox or be distributed in an extension pack.</para>
189
190	<para>At the moment there are potentially two available
191	sub-modes:</para>
192
193	<para><glosslist>
194	<glossentry>
195	<glossterm>UDP Tunnel</glossterm>
196
197	<glossdef>
198	<para>This can be used to interconnect virtual machines
199	running on different hosts directly, easily and
200	transparently, over existing network
201	infrastructure.</para>
202	</glossdef>
203	</glossentry>
204
205	<glossentry>
206	<glossterm>VDE (Virtual Distributed Ethernet)
207	networking</glossterm>
208
209	<glossdef>
210	<para>This option can be used to connect to a Virtual
211	Distributed Ethernet switch on a Linux or a FreeBSD host.
212	At the moment this needs compiling VirtualBox from
213	sources, as the Oracle packages do not include it.</para>
214	</glossdef>
215	</glossentry>
216	</glosslist></para>
217	</glossdef>
218	</glossentry>
219	</glosslist></para>
220
221	<para>The following sections describe the available network modes in more
222	detail.</para>
223	</sect1>
224
225	<sect1 id="network_nat">
226	<title>Network Address Translation (NAT)</title>
227
228	<para>Network Address Translation (NAT) is the simplest way of accessing
229	an external network from a virtual machine. Usually, it does not require
230	any configuration on the host network and guest system. For this reason,
231	it is the default networking mode in VirtualBox.</para>
232
233	<para>A virtual machine with NAT enabled acts much like a real computer
234	that connects to the Internet through a router. The "router", in this
235	case, is the VirtualBox networking engine, which maps traffic from and to
236	the virtual machine transparently. In VirtualBox this router is placed
237	between each virtual machine and the host. This separation maximizes
238	security since by default virtual machines cannot talk to each
239	other.</para>
240
241	<para>The disadvantage of NAT mode is that, much like a private network
242	behind a router, the virtual machine is invisible and unreachable from the
243	outside internet; you cannot run a server this way unless you set up port
244	forwarding (described below).</para>
245
246	<para>The network frames sent out by the guest operating system are
247	received by VirtualBox's NAT engine, which extracts the TCP/IP data and
248	resends it using the host operating system. To an application on the host,
249	or to another computer on the same network as the host, it looks like the
250	data was sent by the VirtualBox application on the host, using an IP
251	address belonging to the host. VirtualBox listens for replies to the
252	packages sent, and repacks and resends them to the guest machine on its
253	private network.</para>
254
255	<para>The virtual machine receives its network address and configuration
256	on the private network from a DHCP server integrated into VirtualBox. The
257	IP address thus assigned to the virtual machine is usually on a completely
258	different network than the host. As more than one card of a virtual
259	machine can be set up to use NAT, the first card is connected to the
260	private network 10.0.2.0, the second card to the network 10.0.3.0 and so
261	on. If you need to change the guest-assigned IP range for some reason,
262	please refer to <xref linkend="changenat" />.</para>
263
264	<sect2 id="natforward">
265	<title>Configuring port forwarding with NAT</title>
266
267	<para>As the virtual machine is connected to a private network internal
268	to VirtualBox and invisible to the host, network services on the guest
269	are not accessible to the host machine or to other computers on the same
270	network. However, like a physical router, VirtualBox can make selected
271	services available to the world outside the guest through <emphasis
272	role="bold">port forwarding.</emphasis> This means that VirtualBox
273	listens to certain ports on the host and resends all packets which
274	arrive there to the guest, on the same or a different port.</para>
275
276	<para>To an application on the host or other physical (or virtual)
277	machines on the network, it looks as though the service being proxied is
278	actually running on the host. This also means that you cannot run the
279	same service on the same ports on the host. However, you still gain the
280	advantages of running the service in a virtual machine -- for example,
281	services on the host machine or on other virtual machines cannot be
282	compromised or crashed by a vulnerability or a bug in the service, and
283	the service can run in a different operating system than the host
284	system.</para>
285
286	<para>You can set up a guest service which you wish to proxy using the
287	command line tool <computeroutput>VBoxManage</computeroutput>; for
288	details, please refer to <xref linkend="vboxmanage-modifyvm" />.</para>
289
290	<para>You will need to know which ports on the guest the service uses
291	and to decide which ports to use on the host (often but not always you
292	will want to use the same ports on the guest and on the host). You can
293	use any ports on the host which are not already in use by a service. For
294	example, to set up incoming NAT connections to an
295	<computeroutput>ssh</computeroutput> server in the guest, use the
296	following command: <screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"</screen>With
297	the above example, all TCP traffic arriving on port 2222 on any host
298	interface will be forwarded to port 22 in the guest. The protocol name
299	<computeroutput>tcp</computeroutput> is a mandatory attribute defining
300	which protocol should be used for forwarding
301	(<computeroutput>udp</computeroutput> could also be used). The name
302	<computeroutput>guestssh</computeroutput> is purely descriptive and will
303	be auto-generated if omitted. The number after
304	<computeroutput>--natpf</computeroutput> denotes the network card, like
305	in other parts of VBoxManage.</para>
306
307	<para>To remove this forwarding rule again, use the following command:
308	<screen>VBoxManage modifyvm "VM name" --natpf1 delete "guestssh"</screen></para>
309
310	<para>If for some reason the guest uses a static assigned IP address not
311	leased from the built-in DHCP server, it is required to specify the
312	guest IP when registering the forwarding rule: <screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,10.0.2.19,22"</screen>This
313	example is identical to the previous one, except that the NAT engine is
314	being told that the guest can be found at the 10.0.2.19 address.</para>
315
316	<para>To forward <emphasis>all</emphasis> incoming traffic from a
317	specific host interface to the guest, specify the IP of that host
318	interface like this:<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,127.0.0.1,2222,,22"</screen>This
319	forwards all TCP traffic arriving on the localhost interface (127.0.0.1)
320	via port 2222 to port 22 in the guest.</para>
321
322	<para>It is possible to configure incoming NAT connections while the
323	VM is running<xref linkend="vboxmanage-controlvm"/>. You can change port-forwarding settings for
324	a VM which is currently saved(discarded) or powered off at a snapshot (without snapshot restoration)
325	also.</para>
326	</sect2>
327
328	<sect2 id="nat-tftp">
329	<title>PXE booting with NAT</title>
330
331	<para>PXE booting is now supported in NAT mode. The NAT DHCP server
332	provides a boot file name of the form
333	<computeroutput>vmname.pxe</computeroutput> if the directory
334	<computeroutput>TFTP</computeroutput> exists in the directory where the
335	user's <computeroutput>VirtualBox.xml</computeroutput> file is kept. It
336	is the responsibility of the user to provide
337	<computeroutput>vmname.pxe</computeroutput>.</para>
338	</sect2>
339
340	<sect2 id="nat-limitations">
341	<title>NAT limitations</title>
342
343	<para>There are four <emphasis role="bold">limitations</emphasis> of NAT
344	mode which users should be aware of:</para>
345
346	<glosslist>
347	<glossentry>
348	<glossterm>ICMP protocol limitations:</glossterm>
349
350	<glossdef>
351	<para>Some frequently used network debugging tools (e.g.
352	<computeroutput>ping</computeroutput> or tracerouting) rely on the
353	ICMP protocol for sending/receiving messages. While ICMP support
354	has been improved with VirtualBox 2.1
355	(<computeroutput>ping</computeroutput> should now work), some
356	other tools may not work reliably.</para>
357	</glossdef>
358	</glossentry>
359
360	<glossentry>
361	<glossterm>Receiving of UDP broadcasts is not reliable:</glossterm>
362
363	<glossdef>
364	<para>The guest does not reliably receive broadcasts, since, in
365	order to save resources, it only listens for a certain amount of
366	time after the guest has sent UDP data on a particular port. As a
367	consequence, NetBios name resolution based on broadcasts does not
368	always work (but WINS always works). As a workaround, you can use
369	the numeric IP of the desired server in the
370	<computeroutput>\\server\share</computeroutput> notation.</para>
371	</glossdef>
372	</glossentry>
373
374	<glossentry>
375	<glossterm>Protocols such as GRE are unsupported:</glossterm>
376
377	<glossdef>
378	<para>Protocols other than TCP and UDP are not supported. This
379	means some VPN products (e.g. PPTP from Microsoft) cannot be used.
380	There are other VPN products which use simply TCP and UDP.</para>
381	</glossdef>
382	</glossentry>
383
384	<glossentry>
385	<glossterm>Forwarding host ports < 1024 impossible:</glossterm>
386
387	<glossdef>
388	<para>On Unix-based hosts (e.g. Linux, Solaris, Mac OS X) it is
389	not possible to bind to ports below 1024 from applications that
390	are not run by <computeroutput>root</computeroutput>. As a result,
391	if you try to configure such a port forwarding, the VM will refuse
392	to start.</para>
393	</glossdef>
394	</glossentry>
395	</glosslist>
396
397	<para>These limitations normally don't affect standard network use. But
398	the presence of NAT has also subtle effects that may interfere with
399	protocols that are normally working. One example is NFS, where the
400	server is often configured to refuse connections from non-privileged
401	ports (i.e. ports not below 1024).</para>
402	</sect2>
403	</sect1>
404
405	<sect1>
406	<title id="network_bridged">Bridged networking</title>
407
408	<para>With bridged networking, VirtualBox uses a device driver on your
409	<emphasis>host</emphasis> system that filters data from your physical
410	network adapter. This driver is therefore called a "net filter" driver.
411	This allows VirtualBox to intercept data from the physical network and
412	inject data into it, effectively creating a new network interface in
413	software. When a guest is using such a new software interface, it looks to
414	the host system as though the guest were physically connected to the
415	interface using a network cable: the host can send data to the guest
416	through that interface and receive data from it. This means that you can
417	set up routing or bridging between the guest and the rest of your
418	network.</para>
419
420	<para>For this to work, VirtualBox needs a device driver on your host
421	system. The way bridged networking works has been completely rewritten
422	with VirtualBox 2.0 and 2.1, depending on the host operating system. From
423	the user perspective, the main difference is that complex configuration is
424	no longer necessary on any of the supported host operating
425	systems.<footnote>
426	<para>For Mac OS X and Solaris hosts, net filter drivers were already
427	added in VirtualBox 2.0 (as initial support for Host Interface
428	Networking on these platforms). With VirtualBox 2.1, net filter
429	drivers were also added for the Windows and Linux hosts, replacing the
430	mechanisms previously present in VirtualBox for those platforms;
431	especially on Linux, the earlier method required creating TAP
432	interfaces and bridges, which was complex and varied from one
433	distribution to the next. None of this is necessary anymore. Bridged
434	network was formerly called "Host Interface Networking" and has been
435	renamed with version 2.2 without any change in functionality.</para>
436	</footnote></para>
437
438	<para><note>
439	<para>Even though TAP is no longer necessary on Linux with bridged
440	networking, you <emphasis>can</emphasis> still use TAP interfaces for
441	certain advanced setups, since you can connect a VM to any host
442	interface -- which could also be a TAP interface.</para>
443	</note>To enable bridged networking, all you need to do is to open the
444	Settings dialog of a virtual machine, go to the "Network" page and select
445	"Bridged network" in the drop down list for the "Attached to" field.
446	Finally, select desired host interface from the list at the bottom of the
447	page, which contains the physical network interfaces of your systems. On a
448	typical MacBook, for example, this will allow you to select between "en1:
449	AirPort" (which is the wireless interface) and "en0: Ethernet", which
450	represents the interface with a network cable.</para>
451
452	<note><para>Bridging to a wireless interface is done differently from
453	bridging to a wired interface, because most wireless adapters do not
454	support promiscuous mode. All traffic has to use the MAC address of the
455	host's wireless adapter, and therefore VirtualBox needs to replace the
456	source MAC address in the Ethernet header of an outgoing packet to make
457	sure the reply will be sent to the host interface. When VirtualBox sees
458	an incoming packet with a destination IP address that belongs to one of
459	the virtual machine adapters it replaces the destination MAC address in
460	the Ethernet header with the VM adapter's MAC address and passes it on.
461	VirtualBox examines ARP and DHCP packets in order to learn the IP
462	addresses of virtual machines.</para></note>
463
464	<para>Depending on your host operating system, the following limitations
465	should be kept in mind:<itemizedlist>
466	<listitem>
467	<para>On <emphasis role="bold">Macintosh</emphasis> hosts,
468	functionality is limited when using AirPort (the Mac's wireless
469	networking) for bridged networking. Currently, VirtualBox supports
470	only IPv4 over AirPort. For other protocols such as IPv6 and IPX,
471	you must choose a wired interface.</para>
472	</listitem>
473
474	<listitem>
475	<para>On <emphasis role="bold">Linux</emphasis> hosts, functionality
476	is limited when using wireless interfaces for bridged networking.
477	Currently, VirtualBox supports only IPv4 over wireless. For other
478	protocols such as IPv6 and IPX, you must choose a wired
479	interface.</para>
480
481	<para>Also, setting the MTU to less than 1500 bytes on wired
482	interfaces provided by the sky2 driver on the Marvell Yukon II EC
483	Ultra Ethernet NIC is known to cause packet losses under certain
484	conditions.</para>
485
486	<para>Some adapters strip VLAN tags in hardware. This does not allow
487	to use VLAN trunking between VM and the external network with
488	pre-2.6.27 Linux kernels nor with host operating systems other than
489	Linux.</para>
490	</listitem>
491
492	<listitem>
493	<para>On <emphasis role="bold">Solaris</emphasis> hosts, there is no
494	support for using wireless interfaces. Filtering guest traffic using
495	IPFilter is also not completely supported due to technical
496	restrictions of the Solaris networking subsystem. These issues would
497	be addressed in a future release of Solaris 11.</para>
498
499	<para>Starting with VirtualBox 4.1, on Solaris 11 hosts (build 159
500	and above), it is possible to use Solaris' Crossbow Virtual Network
501	Interfaces (VNICs) directly with VirtualBox without any additional
502	configuration other than each VNIC must be exclusive for every guest
503	network interface. With VirtualBox 2.0.4 and above, VNICs can be
504	used but with the following caveats:</para>
505
506	<itemizedlist>
507	<listitem>
508	<para>A VNIC cannot be shared between multiple guest network
509	interfaces, i.e. each guest network interface must have its own,
510	exclusive VNIC.</para>
511	</listitem>
512
513	<listitem>
514	<para>The VNIC and the guest network interface that uses the
515	VNIC must be assigned identical MAC addresses.</para>
516	</listitem>
517	</itemizedlist>
518
519	<para>When using VLAN interfaces with VirtualBox, they must be named
520	according to the PPA-hack naming scheme (e.g. "e1000g513001"), as
521	otherwise the guest may receive packets in an unexpected
522	format.</para>
523	</listitem>
524	</itemizedlist></para>
525	</sect1>
526
527	<sect1 id="network_internal">
528	<title>Internal networking</title>
529
530	<para>Internal Networking is similar to bridged networking in that the VM
531	can directly communicate with the outside world. However, the "outside
532	world" is limited to other VMs on the same host which connect to the same
533	internal network.</para>
534
535	<para>Even though technically, everything that can be done using internal
536	networking can also be done using bridged networking, there are security
537	advantages with internal networking. In bridged networking mode, all
538	traffic goes through a physical interface of the host system. It is
539	therefore possible to attach a packet sniffer (such as Wireshark) to the
540	host interface and log all traffic that goes over it. If, for any reason,
541	you prefer two or more VMs on the same machine to communicate privately,
542	hiding their data from both the host system and the user, bridged
543	networking therefore is not an option.</para>
544
545	<para>Internal networks are created automatically as needed, i.e. there is
546	no central configuration. Every internal network is identified simply by
547	its name. Once there is more than one active virtual network card with the
548	same internal network ID, the VirtualBox support driver will automatically
549	"wire" the cards and act as a network switch. The VirtualBox support
550	driver implements a complete Ethernet switch and supports both
551	broadcast/multicast frames and promiscuous mode.</para>
552
553	<para>In order to attach a VM's network card to an internal network, set
554	its networking mode to "internal networking". There are two ways to
555	accomplish this:</para>
556
557	<para><itemizedlist>
558	<listitem>
559	<para>You can use a VM's "Settings" dialog in the VirtualBox
560	graphical user interface. In the "Networking" category of the
561	settings dialog, select "Internal Networking" from the drop-down
562	list of networking modes. Now select the name of an existing
563	internal network from the drop-down below or enter a new name into
564	the entry field.</para>
565	</listitem>
566
567	<listitem>
568	<para>You can use <screen>VBoxManage modifyvm "VM name" --nic<x> intnet</screen>
569	Optionally, you can specify a network name with the command <screen>VBoxManage modifyvm "VM name" --intnet<x> "network name"</screen>
570	If you do not specify a network name, the network card will be
571	attached to the network <computeroutput>intnet</computeroutput> by
572	default.</para>
573	</listitem>
574	</itemizedlist></para>
575
576	<para>Unless you configure the (virtual) network cards in the guest
577	operating systems that are participating in the internal network to use
578	static IP addresses, you may want to use the DHCP server that is built
579	into VirtualBox to manage IP addresses for the internal network. Please
580	see <xref linkend="vboxmanage-dhcpserver" /> for details.</para>
581
582	<para>As a security measure, the Linux implementation of internal
583	networking only allows VMs running under the same user ID to establish an
584	internal network.</para>
585	</sect1>
586
587	<sect1 id="network_hostonly">
588	<title>Host-only networking</title>
589
590	<para>Host-only networking is another networking mode that was added with
591	version 2.2 of VirtualBox. It can be thought of as a hybrid between the
592	bridged and internal networking modes: as with bridged networking, the
593	virtual machines can talk to each other and the host as if they were
594	connected through a physical ethernet switch. Similarly, as with internal
595	networking however, a physical networking interface need not be present,
596	and the virtual machines cannot talk to the world outside the host since
597	they are not connected to a physical networking interface.</para>
598
599	<para>Instead, when host-only networking is used, VirtualBox creates a new
600	software interface on the host which then appears next to your existing
601	network interfaces. In other words, whereas with bridged networking an
602	existing physical interface is used to attach virtual machines to, with
603	host-only networking a new "loopback" interface is created on the host.
604	And whereas with internal networking, the traffic between the virtual
605	machines cannot be seen, the traffic on the "loopback" interface on the
606	host can be intercepted.</para>
607
608	<para>Host-only networking is particularly useful for preconfigured
609	virtual appliances, where multiple virtual machines are shipped together
610	and designed to cooperate. For example, one virtual machine may contain a
611	web server and a second one a database, and since they are intended to
612	talk to each other, the appliance can instruct VirtualBox to set up a
613	host-only network for the two. A second (bridged) network would then
614	connect the web server to the outside world to serve data to, but the
615	outside world cannot connect to the database.</para>
616
617	<para>To change a virtual machine's virtual network interface to "host
618	only" mode:<itemizedlist>
619	<listitem>
620	<para>either go to the "Network" page in the virtual machine's
621	settings notebook in the graphical user interface and select
622	"Host-only networking", or</para>
623	</listitem>
624
625	<listitem>
626	<para>on the command line, type <computeroutput>VBoxManage modifyvm
627	"VM name" --nic<x> hostonly</computeroutput>; see <xref
628	linkend="vboxmanage-modifyvm" /> for details.</para>
629	</listitem>
630	</itemizedlist></para>
631
632	<para>For host-only networking, like with internal networking, you may
633	find the DHCP server useful that is built into VirtualBox. This can be
634	enabled to then manage the IP addresses in the host-only network since
635	otherwise you would need to configure all IP addresses
636	statically.<itemizedlist>
637	<listitem>
638	<para>In the VirtualBox graphical user interface, you can configure
639	all these items in the global settings via "File" -> "Settings"
640	-> "Network", which lists all host-only networks which are
641	presently in use. Click on the network name and then on the "Edit"
642	button to the right, and you can modify the adapter and DHCP
643	settings.</para>
644	</listitem>
645
646	<listitem>
647	<para>Alternatively, you can use <computeroutput>VBoxManage
648	dhcpserver</computeroutput> on the command line; please see <xref
649	linkend="vboxmanage-dhcpserver" /> for details.</para>
650	</listitem>
651	</itemizedlist></para>
652	<para><note>On Linux and Mac OS X hosts the number of host-only interfaces is
653	limited to 128. There is no such limit for Solaris and Windows hosts.</note></para>
654	</sect1>
655
656	<sect1 id="network_udp_tunnel">
657	<title>UDP Tunnel networking</title>
658
659	<para>This networking mode allows to interconnect virtual machines running
660	on different hosts.</para>
661
662	<para>Technically this is done by encapsulating Ethernet frames sent or
663	received by the guest network card into UDP/IP datagrams, and sending them
664	over any network available to the host.</para>
665
666	<para>UDP Tunnel mode has three parameters:<glosslist>
667	<glossentry>
668	<glossterm>Source UDP port</glossterm>
669
670	<glossdef>
671	<para>The port on which the host listens. Datagrams arriving on
672	this port from any source address will be forwarded to the
673	receiving part of the guest network card.</para>
674	</glossdef>
675	</glossentry>
676
677	<glossentry>
678	<glossterm>Destination address</glossterm>
679
680	<glossdef>
681	<para>IP address of the target host of the transmitted
682	data.</para>
683	</glossdef>
684	</glossentry>
685
686	<glossentry>
687	<glossterm>Destination UDP port</glossterm>
688
689	<glossdef>
690	<para>Port number to which the transmitted data is sent.</para>
691	</glossdef>
692	</glossentry>
693	</glosslist></para>
694
695	<para>When interconnecting two virtual machines on two different hosts,
696	their IP addresses must be swapped. On single host, source and destination
697	UDP ports must be swapped.</para>
698
699	<para>In the following example host 1 uses the IP address 10.0.0.1 and
700	host 2 uses IP address 10.0.0.2. Configuration via command-line:<screen> VBoxManage modifyvm "VM 01 on host 1" --nic<x> generic
701	VBoxManage modifyvm "VM 01 on host 1" --nicgenericdrv<x> UDPTunnel
702	VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> dest=10.0.0.2
703	VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> sport=10001
704	VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> dport=10002</screen>
705	and <screen> VBoxManage modifyvm "VM 02 on host 2" --nic<y> generic
706	VBoxManage modifyvm "VM 02 on host 2" --nicgenericdrv<y> UDPTunnel
707	VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> dest=10.0.0.1
708	VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> sport=10002
709	VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> dport=10001</screen></para>
710
711	<para>Of course, you can always interconnect two virtual machines on the
712	same host, by setting the destination address parameter to 127.0.0.1 on
713	both. It will act similarly to "Internal network" in this case, however
714	the host can see the network traffic which it could not in the normal
715	Internal network case.</para>
716
717	<para><note>
718	On Unix-based hosts (e.g. Linux, Solaris, Mac OS X) it is not possible to bind to ports below 1024 from applications that are not run by
719
720	<computeroutput>root</computeroutput>
721
722	. As a result, if you try to configure such a source UDP port, the VM will refuse to start.
723	</note></para>
724	</sect1>
725
726	<sect1 id="network_vde">
727	<title>VDE networking</title>
728
729	<para>Virtual Distributed Ethernet (VDE<footnote>
730	<para>VDE is a project developed by Renzo Davoli, Associate Professor
731	at the University of Bologna, Italy.</para>
732	</footnote>) is a flexible, virtual network infrastructure system,
733	spanning across multiple hosts in a secure way. It allows for L2/L3
734	switching, including spanning-tree protocol, VLANs, and WAN emulation. It
735	is an optional part of VirtualBox which is only included in the source
736	code.</para>
737
738	<para>The basic building blocks of the infrastructure are VDE switches,
739	VDE plugs and VDE wires which inter-connect the switches.</para>
740
741	<para>The VirtualBox VDE driver has one parameter:<glosslist>
742	<glossentry>
743	<glossterm>VDE network</glossterm>
744
745	<glossdef>
746	<para>The name of the VDE network switch socket to which the VM
747	will be connected.</para>
748	</glossdef>
749	</glossentry>
750	</glosslist></para>
751
752	<para>The following basic example shows how to connect a virtual machine
753	to a VDE switch:</para>
754
755	<para><orderedlist>
756	<listitem>
757	<para>Create a VDE switch: <screen>vde_switch -s /tmp/switch1</screen></para>
758	</listitem>
759
760	<listitem>
761	<para>Configuration via command-line: <screen>VBoxManage modifyvm "VM name" --nic<x> generic</screen>
762	<screen>VBoxManage modifyvm "VM name" --nicgenericdrv<x> VDE</screen>
763	To connect to automatically allocated switch port, use: <screen>VBoxManage modifyvm "VM name" --nicproperty<x> network=/tmp/switch1</screen>
764	To connect to specific switch port <n>, use: <screen>VBoxManage modifyvm "VM name" --nicproperty<x> network=/tmp/switch1[<n>]</screen>
765	The latter option can be useful for VLANs.</para>
766	</listitem>
767
768	<listitem>
769	<para>Optionally map between VDE switch port and VLAN: (from switch
770	CLI) <screen>vde$ vlan/create <VLAN></screen> <screen>vde$ port/setvlan <port> <VLAN></screen></para>
771	</listitem>
772	</orderedlist></para>
773
774	<para>VDE is available on Linux and FreeBSD hosts only. It is only
775	available if the VDE software and the VDE plugin library from the
776	VirtualSquare project are installed on the host system<footnote>
777	<para>For Linux hosts, the shared library libvdeplug.so must be
778	available in the search path for shared libraries</para>
779	</footnote>. For more information on setting up VDE networks, please see
780	the documentation accompanying the software.<footnote>
781	<para><ulink
782	url="http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking">http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking</ulink>.</para>
783	</footnote></para>
784	</sect1>
785
786	<sect1 id="network_bandwidth_limit">
787	<title>Limiting bandwidth for network I/O</title>
788
789	<para>Starting with version 4.2, VirtualBox allows for limiting the
790	maximum bandwidth used for network transmission. Several network adapters
791	of one VM may share limits through bandwidth groups. It is possible
792	to have more than one such limit.</para>
793	<note><para>VirtualBox shapes VM traffic only in the transmit direction,
794	delaying the packets being sent by virtual machines. It does not limit
795	the traffic being received by virtual machines.</para>
796	</note>
797
798	<para>Limits are configured through
799	<computeroutput>VBoxManage</computeroutput>. The example below creates a
800	bandwidth group named "Limit", sets the limit to 20 Mbit/s and assigns the
801	group to the first and second adapters of the VM:<screen>VBoxManage bandwidthctl "VM name" add Limit --type network --limit 20m
802	VBoxManage modifyvm "VM name" --nicbandwidthgroup1 Limit
803	VBoxManage modifyvm "VM name" --nicbandwidthgroup2 Limit</screen></para>
804
805	<para>All adapters in a group share the bandwidth limit, meaning that in the
806	example above the bandwidth of both adapters combined can never exceed 20
807	Mbit/s. However, if one adapter doesn't require bandwidth the other can use the
808	remaining bandwidth of its group.</para>
809
810	<para>The limits for each group can be changed while the VM is running,
811	with changes being picked up immediately. The example below changes the
812	limit for the group created in the example above to 100 Kbit/s:<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 100k</screen></para>
813
814	<para>To completely disable shaping for the first adapter of VM use the
815	following command:
816	<screen>VBoxManage modifyvm "VM name" --nicbandwidthgroup1 none</screen></para>
817
818	<para>It is also possible to disable shaping for all adapters assigned to a
819	bandwidth group while VM is running, by specifying the zero limit for the
820	group. For example, for the bandwidth group named "Limit" use:
821	<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 0</screen></para>
822	</sect1>
823	<sect1 id="network_performance">
824	<title>Improving network performance</title>
825
826	<para>VirtualBox provides a variety of virtual network adapters that can be
827	"attached" to the host's network in a number of ways. Depending on which
828	types of adapters and attachments are used the network performance will
829	be different. Performance-wise the <emphasis>virtio</emphasis> network
830	adapter is preferrable over <emphasis>Intel PRO/1000</emphasis> emulated
831	adapters, which are preferred over <emphasis>PCNet</emphasis> family of
832	adapters. Both <emphasis>virtio</emphasis> and <emphasis>Intel PRO/1000
833	</emphasis> adapters enjoy the benefit of segmentation and checksum
834	offloading. Segmentation offloading is essential for high performance as
835	it allows for less context switches, drammatically increasing the sizes
836	of packets that cross VM/host bondary.</para>
837	<note><para>Neither <emphasis>virtio</emphasis> nor <emphasis>Intel PRO/1000
838	</emphasis> drivers for Windows XP do not support segmentation
839	offloading. Therefore Windows XP guests never reach the same
840	transmission rates as other guest types. Refer to MS Knowledge base
841	article 842264 for additional information.</para>
842	</note>
843	<para>Three attachment types: <emphasis>internal</emphasis>,
844	<emphasis>bridged</emphasis> and <emphasis>host-only</emphasis>, have
845	nearly identical performance, the <emphasis>internal</emphasis> type
846	being a little bit faster and using less CPU cycles as the packets never
847	reach the host's network stack. The <emphasis>NAT</emphasis> attachment
848	is the slowest (and safest) of all attachment types as it provides
849	network address translation. The generic driver attachment is special and
850	cannot be considered as an alternative to other attachment types.</para>
851	<para>The number of CPUs assigned to VM does not improve network
852	performance and in some cases may hurt it due to increased concurency in
853	the guest.</para>
854	<para>Here is the short summary of things to check in order to improve
855	network performance:</para>
856	<para><orderedlist>
857	<listitem>
858	<para>Whenever possible use <emphasis>virtio</emphasis> network
859	adapter, otherwise use one of <emphasis>Intel PRO/1000</emphasis>
860	adapters;</para>
861	</listitem>
862	<listitem>
863	<para>Use <emphasis>bridged</emphasis> attachment instead of
864	<emphasis>NAT</emphasis></para>;
865	</listitem>
866	<listitem>
867	<para>Make sure segmentation offloading is enabled in the guest OS.
868	Usually it will be enabled by default. You can check and modify
869	offloading settings using <computeroutput>ethtool</computeroutput>
870	command in Linux guests.</para>
871	</listitem>
872	</orderedlist></para>
873	</sect1>
874	</chapter>

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/doc/manual/en_US/user_Networking.xml@ 43370

以其他格式下載: