Bridged vs. NAT: a Virtualbox and VMWare Comparison

I installed VMWare Workstation 7.1.x and Virtualbox 4.0.8 on two different hosts, so I could compare.

I set the virtual network adapter on both to NAT, which was successful for both. The result:

Virtualbox address: 10.10.2.13 VMWare address: 192.168.0.20

The IP assigned to the VMWare guest was expected. But I was surprised by the IP address given to the virtualbox. These machines are on my home network, which only have NAT addresses (192.168.x.x), so when I saw the 10.10.2.x - I was somewhat amazed.

Then I switched both VMs to use bridged networking. The VMWare guest continued to use a NAT address, but the Virtualbox started using a NAT address as well.

In short, I suppose the VMWare guest behavior is what I expected. The Virtualbox behavior was strange to me. If anything, I would have expected the Virtualbox to have done the opposite (use a NAT address for a NAT lan adapter, and a non-NAT address for bridged routine). Don't get me wrong, I was surprised to see the non-NAT address with Virtuabox - under any configuration.

But can someone explain to me why I got the results that I did? And how/why was the IP address 10.10.2.x "working" on my home network?

Keep in mind that both VM guests had successful networking at all times.

Brent Arias

Posted 2011-06-20T16:38:36.313

Reputation: 459

Answers

This all looks normal to me.

Anything under 10.0.0.0/8 (and also 172.16.0.0/12) are perfectly normal NAT addresses. When you put your VMs in NAT mode, the software is essentially acting as it's own dhcp server for the guest machines and will do translations to the host network, so that all the guests on a particular host share an IP with the host. Anything in any of those ranges are fair game for NAT. It appears that VMWare uses a 192.168.0.0/24 range by default, and VirtualBox uses a 10.0.0.0 range. Both are just fine, and neither is better than the other (though I personally prefer 10.0.0.0 ranges because there are 255 times more addresses available).

It sounds like maybe you expected NAT mode to use the NAT between your host network and the internet, but that just doesn't happen. In fact, that is what bridge mode does. Switching to bridged mode means your VM guests are now connected directly to your home router's dhcp server for addresses. VirtualBox and VMWare will both now get addresses from the same place. VMware will have changed as well, it's just that the old mode and the new mode were assigning addresses from similar pools.

Joel Coehoorn

Posted 2011-06-20T16:38:36.313

Reputation: 26 787

It's 172.16.0.0/16 :-). Also why 10.0.0.0 addresses because "there are more addresses available"? Do you think you'll ever reach the amount? – sinni800 – 2011-06-20T16:52:41.713

3@sinni - no, it is 172.16.0.0/12, as 172.31.255.255 marks the end of the range. /16 would end at 172.16.255.255. And I work on a larger network where it's convenient to assign pools for certain classes - so all printers are in 10.x.15.0, for example. All clients in one department are 10.2.0.0, another 10.3.0.0. The first department's printers are 10.2.15.0-10.2.15.255, the 2nd department's are 10.3.15.0. to 10.3.15.255. I'll never use all the addresses, but it's nice to have more blocks to assign out. – Joel Coehoorn – 2011-06-20T16:56:01.467

it's 172.16.0.0/16 because 16 to 32 are all their own subnetwork normally. So theres 16 nets in total in this range... I know what you mean, but I thought a little differently about it when you first said it. Subnetting it more than once makes sense :) – sinni800 – 2011-06-20T17:00:18.603

The whole range is 172.16.0.0/12, but it is normally considered to be a block 16 /16s (172.16.0.0/16, 172.17.0.0/16, ..., 172.31.0.0/16) rather than one /12 in the same way 192.168.0.0/16 is usually considered to be 256 /24s and not one /16. – David Spillett – 2011-06-20T18:24:38.313

The 10.x.x.x range is officially unallocated and intended for internal use just as 192.168.x.x is, so using addresses from this range is no more odd than using a subnet of 192.168.x.x (it just isn't as common - most consumer devices that don NAT and/or DHCP default to a /24 within 192.168.0.0/16).

172.16-32.x.x are reserved for private addressing too, but these are even less commonly used.

The 10.10.2.x range is only visible to virtualbox and the VMs it is running with a NATed network adaptor. for outgoing connections this gets translated, via NAT, to the address used by the NIC of your VMWare host machine, and replies are translated back - this is no different to what VMWare is doing with a 192.168.something.0/24 range.

David Spillett

Posted 2011-06-20T16:38:36.313

Reputation: 22 424

"The 10.10.2.x range is only visible to virtualbox and the VMs it is running with a NATed network adaptor." tell me if I understood it wrong, but if every VM is in that virtual network, they could connect to each other, which is not possible in NAT mode. This is possible in "Host Network" mode. – sinni800 – 2011-06-20T16:58:05.017

IIRC under VMWare in NAT mode, VMs that are using the same interface can see each other. In host-only mode a VM will only see the host directly though the host could still perform routing/NAT so the VM can access anything the host allows it to (it just defaults to only being able to see the host and nothing else). From your description is sounds like VB uses "NAT network" to mean something like what VMWare calls "host only". I generally use bridged for everything in my environments anyway, so I may not be remembering accurately. In either case 10.x.x.x is as valid as 192.168.x.x. – David Spillett – 2011-06-20T18:20:50.030

What is a "non-NAT" address in your definition? You mean "local network" addresses. I think you're getting something wrong here.

If you choose "NAT" in the settings pane of your virtualization solution it does not matter which kind of IP it gives the guest in the end, thanks to NAT. It behaves like a gateway (router) in this case, hiding the guest from your outer network but still gaining it Internet access.

NAT exists because the local network address 192.168.0.20 could exist a million times on the whole globe. So those million times don't interfere with each other, it translates (hence the term "network address translation") those "local" addresses to the internet IP your router gets from your ISP.

The Wikipedia article describes it better than I can do.

sinni800

Posted 2011-06-20T16:38:36.313

Reputation: 3 048