Experimenting with Oracle Virtualbox

I have been using VMWare Fusion on my MBP for a while.  I noticed significant performance issues after upgrading to Mavericks.  That is when I decided to try out Oracle Virtualbox.  More importantly some of the devops I was trying such as Vagrant and Docker did have readily available VMs for Virtualbox.  I never bothered to checkout Virtualbox in the past as I owned licenses for VMWare Fusion and VMWare WorkStation.  Staying with VMWare was more productive as I can move around VMs between my development environments and Office work environment.

Storage

The first step was to getting all my existing VMs running on VirtualBox.  I must say that running my SLES and Ubuntu VMs were easier than I thought. All that I need to do was create a new instance and use the same vmdk image from VMWare.    By default VirtualBox will use a SATA/SCSI interface for the disk image.  It worked well for Unix/Linux virtual machines, but for Windows, I had to forcefully use IDE interface.  Do the following for Windows (I tested with 7.x and 8.1) images.

  • Once the VM is created, goto settings and Storage
  • Delete the SCSI instance associated with your vmdk file
  • Add an IDE interface and choose the same vmdk file.

Networking

The next configuration required is with respect to Networking. I normally use a NAT’d environment with specific CIDR for all my development VMs. I can access this private network from my host on VMware WorkStation or Fusion.  It appears that only way to access services running on Virtualbox image on a private interface is through port forwarding.  Even to SSH to to guest OS, you need to forward a host port to 22 on the guest.  Thankfully the network configuration dialog in the VM settings provides an option to do that.  There is an experimental NetWork Address Translation Service in VirtualBox.  I haven’t been able to get that working on my OSX yet.

Shared Folder

Shared folder concepts are a little convoluted on VirtualBox. Apparently they disable the ability to create symbolic links in a shared folder due to some bizarre security reasons.  You need to enable them manually for each shared folders in each VMs.  More importantly, you need to restart the VirtualBox application after enabling them.  Given below is the syntax for enabling the creation of symbolic links on a given volume.

The SHARE_NAME at the end of the parameter should be a full path to the shared folder on your host.

Headless Mode

One of the features I liked in VirtualBox is the headless mode.  You can run a vm in the background without any UI elements.  This saves some memory on your host and typically you can run any linux instances in runlevel 3.  Push shift key while clicking on the Start button or use VBoxManage command line tool to start a VM in a headless mode.

Overall I find the performance of VirtualBox better than Fusion for my workload.  I’m also liking the command line tools and programmability via its rich set of APIs.  Tune in for more of my VirtualBox experiments.

Linux Advanced Routing: Setting up a Mixed Public-Private Network

Recently I had a unique need to have a mix of public and private network on a particular server for some testing.  A number of services were already configured for the public interface. I had to test a particular feature using a NAT environment and the easiest I could think of was to configure the same server with a NAT ifc in the VMWare environment and configure that feature to use this private interface.  Setting up the proper routes where I can reach the server through the public interface or through the router’s port forwarding via the NAT interface was a challenge in this case. 

Network-ppMy networking requirement is something like this.  As the diagram suggests, 164.99.89.77 is the public interface (eth1) and 172.17.2.80 (eth0) is the private interface.  vmnet5 provides the NAT environment with the network 17217.2.0.  My requirement was to reach the guest via eth0 or eth1 from the 164.99 network.  The host (164.99.89.74) also provides port forwarding so that I can connect to the gust via the private interface. 

I realized that I need to make sure that all answers to traffic coming in on a particular interface get answered from that interface. 

After a little research on Linux advanced routing, I stumbled upon this page.

I designed my routing table based on the recommendations from there.  I’m listing the steps I followed for future reference.

  1. Disable reverse-path filtering for both interfaces.  When source and destination traffic to the same IP using different interface occurs, the Linux kernel drop the traffic as potentially spoofed.  This is called reverse-path filtering. 
  2. Create two additional routing tables, say T1 and T2 in /etc/iproute2/rt_tables.   This file will look something like this

    image

  3. Then populate these tables as given below

    ip route add 164.99.0.0 dev eth1 src 164.99.89.77 tabel T1
    ip route add default via 164.99.89.254 table T1
    ip route add 172.17.2.0 dev eth0 src 172.17.2.80 table T2
    ip route add default via 172.17.2.2 table T2

    164.99.0.0 => public network
    164.99.89.77 => IP address of the public interface
    164.99.89.254 => Gateway address for the public network
    172.17.2.0 => Private network
    172.17.2.80 => IP address of the private interface
    172.17.2.2 => Gateway address for the public network

  4. Set up the main routing table.

    ip route add 164.99.0.0 dev eth1 src 164.99.89.77
    ip route add 172.17.2.0 dev eth0 src 172.17.2.80

  5. Then a preferred default route

    ip route add default via 172.17.2.2

  6. Next set up the routing rules

    ip rule add from 164.99.89.77 table T1
    ip rule add from 172.17.2.80 table T2

Above rules will make sure all answers to traffic coming in on a particular interface get answered from that interface 

My routing table looks something like this with the above changes

image

There are a few more desirable routing additions mentioned here

With these changes, I can connect to the server via the public interface or via the private interface with the port forwarding in the router.

image

image