[vbox-dev] Intended Purpose

Klaus Espenlaub klaus.espenlaub at oracle.com
Thu Jan 24 16:34:01 GMT 2013 

Hi Max,

On 24.01.2013 11:23, Maxime Dor wrote:
> Hello Devs,
>
> I am currently using a debian wheezy dedicated host for some Virtualbox
> VMs and I've configured the network in a certain way, and I was
> wondering if you intended to work it this way, and if not, what would
> you advise for it.
>
> All network are in 10.60.x.x/24
> Every vboxnet is a Host-Only NIC

[ diagram deleted, very useful to have ]

> So my current setup is that I created 3 Host-only interfaces on which I
> attach all the VMs belonging to the same subnet. This make the Hostonly
> interface act as a switch/single broadcast domain.
> I also have setup my host as the router in-between each Host-only, using
> iptables to block/allow whatever I want.

It's a quite common setup, and like all similar setups it is bending the 
definition of "host only" somewhat. It relies on the advanced networking 
capabilities of the host OS, in this case Linux.

I guess you needed to tweak the guest VM configs a little as the DHCP 
server for host only will not give out a router configuration and thus 
the VMs will have no default route.

> My goal was to avoid an extra VM acting as a firewall/router for each
> network, having these network as Internal and that VM firewall linked to
> a single host-only interface.

You clearly achieved your goal.

> Currently, this work great, and I am quite happy with the setup - easy
> to manage, configure, no perf issues.
> But my question is this one : was it the intended use? will it cause
> problems if I add more VMs performance wise? Can I have side effects I
> didn't notice so far?

Adding more VMs will only have an effect on the setup if the traffic 
increases. Eventually you might hit bandwidth limits (which are 
reasonably high, depending on your hardware), especially if you have a 
lot of traffic going through the router.

> Or is the best practice when it comes to Virtualbox is to use Internal +
> routing VM + 1 host-only NIC?

Having a routing VM achieves the best isolation since the networks are 
further away from the host, but if you're happy with your setup I see no 
immediate reason to make changes. With your setup you can wreck both the 
host and certain aspects of the VM connectivity by making changes to the 
iptables config. With a separate router VM it is clearly separated.

Klaus

>
> Thank you for your insight on this.
>
> Best regards,
> Max

More information about the vbox-dev mailing list