How do virtual servers work without NAT/PAT?

[dstarfire]

Virtual servers are all the rage at datacenters and large corpororations today, but how can you put several virtual servers in a single physical device with (presumably) a single network connection and IP address?

I know you can mimic multiple ip addresses by mapping certain ports to another, internal ip address, but servers generally need to be reachable at specific ports. So, if 10.10.10.10 corresponds to a physical server hosting (call it host1) multiple virtual servers, how would I reach virtual web server 1 on host1 rather than virtual web server 2 on host1?

[Sparklo]

dstarfire:

Virtual servers are all the rage at datacenters and large corpororations today, but how can you put several virtual servers in a single physical device with (presumably) a single network connection and IP address?

You could have a machine with multiple network cards but more likely the single interface is configured for many IP addresses. So, traffic for 10.10.10.10, 10.10.10.11, 10.10.10.12, etc. is all routed to the same machine. The virtualization software would be configured to send the appropriate traffic to the individual virtual machines.

[dam0]

On our virtual servers we assign a single ip to the ‘hypervisor’, which is the operating system which manages the virtual servers hosted on that hardware. We then commission new machines and assign a ip or range of ips on the server directly as you would any other server. It’s as simple as that.

There is no need for NAT, it’s clever virtual networking within the hypervisor which is fairly autonomous.

[engineer_comp_geek]

I run a lot of virtual machines at work. There are different ways to configure them, depending on what you want to do with them and who you want to have access to who. They can be set up with NAT. They can also be bridged and have their own virtualized network connection. To the outside world it looks like multiple real hardware adapters located behind a router. The virtual machines not only have their own IP address but also have their own MAC address and virtual interface as well.

My system is excessively complicated with multiple networks and such but for simplicity’s sake if you only consider the local network in my office, the host machine is 192.168.0.1 and the virtual machines are 192.168.0.100, 192.168.0.101, etc. There is a formula that the virtual machine software uses to assign the MAC address but you can override that and input your own MAC address if desired. The software also can configure the maximum amount of RAM, disk space, CPU ticks, and other resources that it takes from the host machine.

[drachillix]

dstarfire:

Virtual servers are all the rage at datacenters and large corpororations today, but how can you put several virtual servers in a single physical device with (presumably) a single network connection and IP address?

I know you can mimic multiple ip addresses by mapping certain ports to another, internal ip address, but servers generally need to be reachable at specific ports. So, if 10.10.10.10 corresponds to a physical server hosting (call it host1) multiple virtual servers, how would I reach virtual web server 1 on host1 rather than virtual web server 2 on host1?

Remember concepts like IP addresses and network ports are functions of software, therefore can be spindled and mutilated as needed to suit your need. Imagine that your server has a little software based router built into it and can assign adresses behind it just like any router can.

I am in the process of setting up a small version of what you are asking about. In my case, my backup services I run at my shop is selling like crazy and I am neededing to upgrade hardware as well as provide myself some better backup strategies on my own system. Virtual servers are great for this because a VM/VS, is basically just one big file you back up to a NAS. Something goes wrong, drag yesterdays copy of the VM back to the physical server and reboot.

[md2000]

You totally misunderstand how switches and computers work.

VMware ESXi, for example, allows you to create a “virtual switch” in the host to connect your virtual guest machines.

Normally, a network switch does not care what is at the other end. At layer 2 (basic ethernet) it is all about MAC addresses. Every network interface has a unique MAC address of 12 hex digis. The switch builds a list of MAC addresses that it thinks are at the other end of a wire connection by taking the MAC address from each packet that comes down the wire. (unplug a machine, move it, and the switch quckly realizes “that MAC is coming down this wire instead now”)

This is the beauty of layer-2 ethernet, why it is so simple and scalable. Each switch does a very simple and easy thing - it receives a packet in a port, and retransmits it to ether the port it knows to find it on, or all ports if it does not know (or if it is a broadcast packet). If the packet finds its destination, eventually a reply will come back and that will tell the switch what wire that MAC can be found on. *

The guest machines get virtual network cards with random generated non-duplicate MACs. As far as the rest of the network is concerned there is a switch at the other end of the iwire, not a host computer. The virtual switch is of course just a program that accepts packets from the wire like a switch would, then passes them to the virtual machine programs the same as it would as if everything were physical. So virtual machines can have virtual network cards with IP’s on the same network, or use NAT. It’s up to the systems setup technician.

(Where does IP Address come in? “ARP”. Very simple

• if according to the subnet mask, the host is on the same network - same IP address range - then the machine sends out an “ARP” request - “Who is 182.168.1.244?” The machine, if online, replies “That’s me” and since the response packet has TO and FROM MAC addresses, now the sender knows the MAC of the receipient. From DOS prompt, type ARP -A to see the cache.
  -if according to the subnet mask, the IP is out of the same network, the computer goes through the same ARP rigamarole but to send the packet to the DEFAULT GATEWAY, so if it does not already know the MAC of the default gateway, it finds it via ARP - “Who is 192.168.1.1?” then send the packet to the default gteway’s MAC but with the real destination’s IP. What happens next is up to the gateway, that’s layer 3 networking.)

Some VM Host systems can give you the option, “bridge” where it’s as if all the Virtual Machines are on a virtual switch (an ethernet switch is just a multiway bridge) while you also have the option of NAT, the “virtual switch” instead acts like a home router, NATing everything from the internal, virtual machines.

• You see the scalability flaw of layer 2 - you need to keep a table of all the MAC addresses on the same subnet. The largest subnets I have seen in reality are about 2048 addresses (i.e. subnet mask of 255.255.248.0) At a certain point there’s too many addresses to remember, looking them up takes too long, too many broadcasts, etc. That’s where you put a router in and have multiple subnets. A router doesn’t care about MAC, it’s layer 3 -IP addresses. It has tables about where to send packets based on IP addresses - either to another locally attached network, or onward to a higher gateway.

You may see a reference to things like “spanning tree”. This gives a switch some smarts, to find other like-minded smart switches and build a tree of connections. Thus it can find loops in the connections (usually not good, packets go round in circles and flood the network). Spanning tree can shut down redundant connections, but remember them so they can be “turned on” if a key link goes down - adding redundancy to a network. No reason why a virtual switch can’t pretend it’s also real, and a host could have multiple connections through multiple real network connections on the Hos machine.