Posted inVMware

Building an Effective Virtual Network Lab with VMware Workstation: Configuring Multiple VMs and Simulating Network Topology

VMware tutorial - IT technology blog
VMware tutorial - IT technology blog

Building an Effective Virtual Network Lab with VMware Workstation: Configuring Multiple VMs and Simulating Network Topology

Are you just starting in the IT industry, or looking to transition into Infrastructure, Networking, or Systems? You’ve probably found that the lack of hardware for hands-on practice is a significant barrier. Not everyone has the luxury of buying physical switches, routers, or a whole rack of computers to build their own lab, right? This often leads us to only learn theoretical concepts, making it difficult to gain practical experience or truly understand how systems operate.

Experience shows that networking configuration and troubleshooting skills become solid only when you personally deploy, observe, and debug. So, how can we solve this problem without incurring high costs? Don’t worry, the optimal solution is to build a virtual network lab.

This article will guide you on how to leverage VMware Workstation – a familiar virtualization software. You will set up a multi-VM network lab environment, thereby effectively practicing complex network topologies.

Core Concepts: Virtual Network Lab and the Role of VMware Workstation

A virtual network lab is an environment that simulates a computer network directly on your physical machine, thanks to virtualization technologies. Instead of using physical devices, we will work with Virtual Machines (VMs), along with virtual network adapters and virtual switches provided by the virtualization software.

VMware Workstation is a Type 2 hypervisor, meaning it runs on a host operating system (Windows, Linux). This makes it an excellent choice for personal labs due to its ease of installation and use. I remember spending a long time with VMware Workstation when I first started learning about virtualization.

Later, I transitioned to bare-metal solutions like Proxmox VE for my personal lab. Both platforms have their own advantages. However, VMware Workstation is truly an ideal starting point for learning and practicing networking. Its intuitive interface and flexible virtual network configuration capabilities are major strengths.

In a virtual network lab, the three main components we will interact with the most are:

  • Virtual Machines (VMs): These are the servers, workstations, routers, firewalls, etc., within the network.
  • Virtual Network Adapters: Each virtual machine can have multiple network adapters, used to connect to different virtual network segments.
  • Virtual Switches (VMnets): These are the “heart” of the virtual network in VMware Workstation. These VMnets function like physical switches, helping to connect virtual machines to each other, or connect virtual machines to the host and external physical network. VMware provides VMnet0 (Bridge), VMnet1 (Host-only), VMnet8 (NAT) by default, and you can also create additional custom VMnets.

Detailed Practice: Building a Multi-VM Network Lab

To begin, I’ll assume you have VMware Workstation installed on your computer. If not, you can refer to basic installation guides.

1. Resource Preparation

  • Operating Systems: ISOs of the operating systems you wish to use. For example: Windows Server (for Domain Controller, Web Server), Ubuntu Server/CentOS (for Router, Firewall, Linux Client).
  • System Resources: Ensure your host computer has enough RAM and CPU to run multiple virtual machines simultaneously (e.g., a minimum of 8GB RAM, 4-core CPU or higher to smoothly run 3-5 virtual machines).

2. Creating Basic Virtual Machines

We will create at least three virtual machines to simulate a simple network: one server, one client, and one router/firewall.

When creating a VM, pay attention to the network adapter configuration. Initially, you can leave it in NAT or Host-only mode. We will fine-tune the details later.

3. Configuring Virtual Networks (Virtual Network Editor)

This is a crucial step to “build” your network topology. Access Edit > Virtual Network Editor... in VMware Workstation.

In this window, you will see the default VMnets. You can add new VMnets and configure them as desired:

  • VMnet0 (Bridged): Connects the VM directly to the host’s physical network. The virtual machine will receive an IP from the physical DHCP server (if available) or you can manually configure a static IP in the same subnet as the host. This type is very useful when you want the virtual machine to access the Internet and communicate with other physical devices on the LAN.
  • VMnet1 (Host-only): Creates a private network solely between the VMs and the host. VMs within VMnet1 can communicate with each other and with the host, but cannot access the Internet. VMware’s DHCP will assign IPs in this range. This is often used for completely isolated internal networks.
  • VMnet8 (NAT): The virtual machine can access the Internet through the host’s network adapter. Conversely, you cannot directly access the virtual machine from the outside. VMware’s DHCP will assign IPs and perform NAT. This type is suitable for clients that need Internet access without needing a public IP address.

Creating Custom VMnets: Click Add Network... to add new VMnets (e.g., VMnet2, VMnet3). Select the Host-only type for these VMnets to make them operate independently. If you want to manually configure static IPs for all virtual machines, you can set up the IP range yourself and disable DHCP.

# Example configuration for VMnet2 as Host-only, range 192.168.10.0/24
# Turn off DHCP if you want to manually assign static IPs to VMs

4. Building a Simple Network Topology: LAN and Router

Let’s assume we want to build a model with two separate LANs, connected via a router. One of these LANs can access the Internet through that router.

Model:

[Client1 (LAN1)] --- [Router_VM] -- [Server1 (LAN2)]
                        |           
                        | (NAT/Bridged)
                        | 
                     [Internet]

Steps to perform:

  1. Router_VM (e.g., Ubuntu Server):

    • For Router_VM (e.g., Ubuntu Server), you need to add 3 virtual network adapters:
    • Card 1: VMnet8 (NAT) – Allows Router_VM to connect to the Internet.
    • Card 2: VMnet2 (Host-only) – To connect with Client1 (LAN1).
    • Card 3: VMnet3 (Host-only) – To connect with Server1 (LAN2).
    • Configure static IP for each network adapter on Router_VM. For example:
    # Configure network adapters on Router_VM (e.g., file /etc/netplan/01-netcfg.yaml or /etc/network/interfaces)
# eth0 (NAT): Get dynamic IP from VMware's DHCP
# eth1 (VMnet2): 192.168.10.1/24
# eth2 (VMnet3): 192.168.20.1/24

# Example with netplan (Ubuntu Server 18.04+)
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: true
    eth1:
      addresses: [192.168.10.1/24]
    eth2:
      addresses: [192.168.20.1/24]
    • Next, you need to enable IP Forwarding on Router_VM. This allows it to forward packets between networks:
    sudo sysctl -w net.ipv4.ip_forward=1
sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sudo sysctl -p
    • If you want Client1 and Server1 to be able to access the Internet via Router_VM, configure NAT on Router_VM as follows:
    sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
# Save iptables rules so they are not lost upon reboot
sudo apt-get install iptables-persistent
sudo netfilter-persistent save
  2. Client1_VM (e.g., Ubuntu Desktop/Client):

    • For Client1_VM (e.g., Ubuntu Desktop/Client), you only need 1 virtual network adapter: VMnet2 (Host-only).
    • Configure static IP: 192.168.10.10/24. The Gateway is the IP of Router_VM on VMnet2 (192.168.10.1). The DNS server can use Google’s 8.8.8.8.
  3. Server1_VM (e.g., Windows Server):

    • For Server1_VM (e.g., Windows Server), you also only need 1 virtual network adapter: VMnet3 (Host-only).
    • Configure static IP: 192.168.20.10/24. The Gateway is the IP of Router_VM on VMnet3 (192.168.20.1). The DNS server can use 8.8.8.8.

5. Building a More Complex Topology: Small Company Network with DMZ

To simulate a more realistic environment, let’s try adding a DMZ (Demilitarized Zone) for the Web Server. This area will be completely separate from the internal network and the Internet.

Model:

[Internet] -- (VMnet8/NAT) -- [Firewall_Router_VM] -- (VMnet4/DMZ) -- [Web_Server_VM]
                                  |                       
                                  | (VMnet2/Internal LAN)
                                  |                      
                               [Client_VMs]

Additional steps to perform:

  1. Add new VMnet: Create an additional VMnet4 (Host-only) for the DMZ with its own IP range (e.g., 192.168.30.0/24).
  2. Firewall_Router_VM (e.g., pfSense, OPNsense or Linux Router):

    • At this point, Firewall_Router_VM needs 3 virtual network adapters:
    • Card 1: VMnet8 (NAT) (WAN/Internet)
    • Card 2: VMnet2 (Host-only) (Internal LAN)
    • Card 3: VMnet4 (Host-only) (DMZ)
    • Configure static IPs for each interface on Firewall_Router_VM, matching the defined network ranges.
    • Finally, set up firewall rules (ACLs) to tightly control traffic between WAN, LAN, and DMZ. For example:
      • Only allow HTTP/HTTPS access from WAN to Web_Server_VM in the DMZ (e.g., ports 80, 443).
      • Allow Client_VMs in the LAN to access Web_Server_VM.
      • Restrict Client_VMs in the LAN from directly accessing the WAN (they must go through the firewall’s NAT for enhanced security).
      • Absolutely prevent the DMZ from directly accessing the internal LAN; this is an important security principle.
  3. Web_Server_VM:

    • For Web_Server_VM, you only need 1 virtual network adapter: VMnet4 (Host-only).
    • Configure static IP in the DMZ range (e.g., 192.168.30.10/24), the gateway is the IP of Firewall_Router_VM on VMnet4 (192.168.30.1).
  4. Client_VMs:

    • The Client_VMs will connect to VMnet2 (Host-only).
    • Configure static IP in the internal LAN range (e.g., 192.168.20.10/24), the gateway is the IP of Firewall_Router_VM on VMnet2 (192.168.20.1).

6. Checking and Troubleshooting

After configuration, always check connectivity:

  • Use the ping command from virtual machines to check if they can communicate with each other.
  • Use traceroute (on Linux) or tracert (on Windows) to trace the packet path.
  • Check IP configuration (ip addr show on Linux, ipconfig /all on Windows) and routing tables (ip route show on Linux, route print on Windows) for accuracy.
  • Make sure firewalls on virtual machines (like Windows Defender Firewall, UFW on Linux) are not blocking any desired connections.
  • Always double-check VMnet configurations in the Virtual Network Editor.
# Some useful checking commands on Linux VM


ip a # View IP configuration of interfaces
ip r # View routing table
ping 192.168.10.1 # Ping gateway
ping google.com # Check DNS and Internet access
traceroute google.com # Trace packet path

Conclusion

Building a virtual network lab with VMware Workstation is not only a cost-effective solution but also an extremely flexible and powerful tool for honing your networking skills. Being able to create isolated environments, easily change configurations, deploy, and tear down will allow you to freely experiment with various scenarios without affecting your real system.

Whether configuring basic virtual machines or simulating complex network models like a company network with a DMZ, VMware Workstation provides all the necessary tools. So, what are you waiting for? Start practicing today to turn dry theory into valuable practical experience for yourself!

Share:
Tags: