virtualbox.org

I have a system consisting of four real computers (running Windows 10) that I want to model as VMs on a Windows 10 host using VB 6.1.16. The real system consists of two routers and several VLANs:

Router_A connects to PC_A1 and PC_A2 and Router_B
Router_B connects to PC_B1 and PC_B2 and Router_A

There is a VLAN VLAN_All that covers all six devices. Furthermore there are two VLANs covering all devices having an "A" in their name (VLAN_A) and all devices having a "B" in their name (VLAN_B). The tricky thing is (and unfortunately I cannot change this), VLAN_A and VLAN_B use the same IPv4 subnet but different IPs. They are separated by the routers not forwarding VLAN_A and VLAN_B between them. (See attachment.)

I tried to model this by using multiple networks within VirtualBox and assigning adapters within the guests to the respective networks: Adapter 1 (always host-only adapter) models VLAN_All, Adapter 2 (always internal network named "A") models VLAN_A and Adapter 3 (always internal network named "B") models VLAN_B. IPs are then set accordingly within the hosts. However, VLAN_A and VLAN_B do not work as expected: PC_A1 can reach only PC_B2 (and vice versa) using the VLAN_A or VLAN_B IPs. PC_A2 and PC_B1 do not reach any other PC on VLAN_A or VLAN_B IPs.

Is this a known limitation or bug, or am I using the wrong approach, or something else?

Any help is highly appreciated!

You might want to look over Virtualbox Networks: In Pictures to see how the Virtualbox networks work.

What I've heard of regarding VLANs is that there is one connected physical network adapter in the computer, with multiple separate network environments working over that one adapter. So I'd guess that your physical PCs each have one network cable attached to the appropriate router, and there is one cable between routers. If that's not correct, please let us know.

If this understanding is correct, then this:

SplitNet wrote:using multiple networks within VirtualBox ... host-only ... internal

does not duplicate the physical setup. You'd need one network to each VM, not two.

Additionally, Virtualbox does not have a virtual 'router' to insert into the networks wherever you want. (While Virtualbox NAT and NAT Network behave like routers to the VMs set to use them, they don't allow adjusting the connection of the 'WAN' port from anything else than the host, and no VLAN capabilities. Internal and host-only have only unmanaged switches. So they can't be used as full-blown routers.)

To fully simulate your physical network, I'd suggest 6 VMs: the four existing Windows VMs, and two more VMs running router OS's (like pfSense).

Windows VM 'A' connects only to internal network 'A'.
Windows VM 'B' connects only to internal network 'B'.
Windows VM 'C' connects only to internal network 'C'.
Windows VM 'D' connects only to internal network 'D'.
The router VMs have three adapters activated in each VM.
Internal network A connects to the first adapter in router VM 1. This adapter will be in router VM 1's LAN.
Internal network B connects to the second adapter in router VM 1. This adapter will be in router VM 1's LAN.
Use router VM 1's bridging function to bring the first and second LAN adapters together to make a managed switch.
Router VM 1's third adapter will connect to Internal network 'WAN'. This adapter will be the router VM 1's WAN connection.
Internal network C connects to the first adapter in router VM 2. This adapter will be in router VM 2's LAN.
Internal network D connects to the second adapter in router VM 2. This adapter will be in router VM 2's LAN.
Use router VM 2's bridging function to bring the first and second LAN adapters together to make a managed switch.
Router VM 2's third adapter will connect to Internal network 'WAN'. This adapter will be the router VM 2's WAN connection.

Now all the VMs are connected via single cables, with full routers in the middle. Then start VLAN-ing.

Your initial statement about the cabling of the physical PCs is correct. Also your conclusion that in the VM environment I do not exactly duplicate the physical setup. (I tried to circumvent the missing VLANs by introducing separate internal networks. Additionally I added the host-only network to contain another VLAN -- not originally mentioned -- to represent a VLAN shared by all four PCs.) So, essentially, the two 192.168.10.x VLANs (red, blue in sketch) were supposed to be completely separate networks, each capable of simulating a VLAN. And the black H in the sketch was supposed to be another VLAN containing all four PCs.

I welcome your suggestion to have additional pfSense VMs to simulate my hardware routers. It has some additional startup effort, but thereafter the major benefit of not having to have a separate VirtualBox network setup (for the PCs). Great idea!

Still, I do not understand the observed behavior of PC_A1 seeing only PC_B2 and vice versa and PC_A2 and PC_B1 being unreachable by all other machines. Seems to me like VirtualBox gets confused by the same subnet being used in multiple internal networks. Even with your proposed four VLANs, one for each PC, this problem could arise since the subnet is used in several internal networks.

I'm definitely no VLAN guru, in fact I've never tried to run a VLAN. So I didn't concentrate too heavily on the communication issues between the VMs in your internal/host-only setup, only on duplicating the setup.

Without knowing the configuration of the host-only network, and the settings in the VM OS's for IP addresses to use on the internal networks (since Internal doesn't have a DHCP server by default, the network adapter requires a static IP address), I wouldn't be able to say what might have gone wrong. But if you were planning to test true VLANs over the Virtualbox networks, the combination of Internal and Host-Only would give each VM two network adapters and channels, not just one, and there's no telling what the VLAN setup would do.

I'd give up on the setup before and the comm issues therewith, and try to set up the router VMs, then make up true VLAN rules inside the routers.

You've probably turned on Ping (ICMP Echo Request) in all of the VMs, but just in case: ping is blocked by default in Windows Firewall.

SplitNet wrote:Seems to me like VirtualBox gets confused by the same subnet being used in multiple internal networks.

As best I understand, no, Virtualbox keeps everything on the Internal in the Internal, and can have multiple Internals with the same IP range without confusion. (There could be a bug, but we haven't heard of it yet.)

SplitNet wrote:your proposed four VLANs

Just to make sure we keep understanding each other, these were four Internal networks, not VLANs. Internal is just a "cable", part of the network "hardware" for all intents and purposes (through there is an "unmanaged switch" in the "cable" to facilitate more than two VMs connected to the Internal). VLANs, as I understand them, are a software construct that sits on top of the network "hardware" and can make one network channel carry more than one separate network stream. Virtualbox networks are only "hardware". The VLANs have to be set up inside the OS's running inside the VMs.

So the setup I proposed was each VM on its own separately-named Internal network to the appropriate router VM. The router VM provides the switch to bring the two VMs' separate Internal networks together into a "switch". The routers are then connected via a fifth Internal network. You'd then set up VLANs inside the routers and routing tables et al to make the VLANs communicate appropriately.

I will try the four internal networks (not VLANs ) tomorrow. Just got the first pfsense instance up and running. Will do more tomorrow. Thanks so far!