Networking in Windows Virtual PC
This article will briefly explain how Networking works and the configuration options for Networking in Windows® Virtual PC (WVPC).
The Virtual PC host application emulates Intel DEC 21140A network cards. Each Virtual Machine (VM) can have up to four such emulated network cards. The ‘Create Virtual Machine wizard’ in WVPC attaches by default one or two network adapters to connect to one wired and one wireless host network adapter (Fig. 1). Each emulated network adapter is assigned a unique MAC address in the range 00-03-ff-XX-XX-XX. The last three octets are calculated using the host network adapter MAC address. Each network card optionally connects to the various networking options described below.
Fig 1: Setting Dialog box to configure VM network adapters.
Windows® XP Mode is by default connected to the Shared Networking or NAT, which is one of the four network connection options WVPC provides.
Network Connection Options in Windows Virtual PC
Each of the network adapters can be configured to connect to the virtual network as explained below. Fig. 1 shows the Setting dialog box and each network card can optionally connect to the network using the following options:
1. Not Connected: This option leaves the card unconnected to any network and will show that the network cable is disconnected inside the virtual machine.
2. Host Adapter: This option, called the ‘Bridge Mode’, is used to connect to the external network using the host network adapters. When the VM is connected using this option, the virtual card has a unique presence on the network. This option requires the Virtual PC Network Filter driver to be installed in the host networking stack. This driver gets installed during the WVPC installation and also binds to all the 802.3/802.11 based network adapters. In the diagram below you can see that Virtual PC Network filter driver is bound to one of the host adapter. To open this dialog, open Windows Start menu, type Network and Sharing Center. In the left click on Change Adapter settings. Select the required Adapter and right click to open properties which will show you this dialog.
Fig 2: WVPC network filter driver bound to the host, while using Bridge Mode.
Brief Architecture of Bridge Mode Networking in Windows Virtual PC
This driver is a NDIS 6 Filter driver and sits above the miniport layer in the NDIS stack. It maintains a 1:1 mapping between the protocol and miniport layers of NDIS. It is designed to handle Ethernet packets which makes it protocol agnostic and thus can support protocols other than TCP/IP. The above diagram shows that the Virtual PC Network Filter driver is bound to the Host Ethernet adapter and Guests can use this adapter to connect to the external network.
Fig 3: High Level Architecture of Bridge Mode Networking
Fig 3 shows the high level architecture of the bridge mode networking. In this diagram, the left side shows the host networking stack in which WVPC network driver vpcnfltr.sys is installed. The block on the right hand side represents the WVPC application which emulates the network card, connects it to the virtual network which in turn can connect to the vpcnfltr driver. This driver is a filter driver which intercepts the packets, inspects them and does basic level Ethernet switching to route it to its destination. When the packet is sent from the guest, it checks the MAC address destination and if it is meant for the host it injects into the higher level host NDIS stack. If the packet is meant for another guest, it indicates to them internally and remaining packets are sent to the external network through the host adapter.
The host Ethernet adapter generally accepts only those packets which are destined for its own MAC address. To receive other packets which could be destined for the guests, it puts the adapter in promiscuous mode (only for 802.3) which will make the host adapter start accepting all packets. The driver on receive from the adapter checks for the MAC address and if it matches for any of the guest registered with the driver, it sends it to the guest. Also if the packets are directed then it is not sent to the host upper layers. Similarly packets meant for the host are not sent to any other guest and is indicated to the higher level NDIS stack for further processing.
3. Shared Networking: Shared Networking or Network Address Translation (NAT) is another way that the guest can connect to the external network. The main difference between this and the bridge mode is that the guest is behind the NAT and it does not have a unique identity in the external network. It supports all connections which uses TCP/IP. Connecting using the bridge mode networking requires separate IP Address for the guest, thus in situations where there is a shortage of IP addresses, connecting using NAT is a valuable option. This option should also be used in cases when you don’t want to directly connect to an external network and remain behind this NAT. This acts as a strong firewall which protects the guest from outside attacks.
There are certain limitations while connecting using NAT. If the payload contains the source IP Address, then it may break as the IP address is replaced with the host but the payload will still contain the guest IP address. Also connecting via VPN from inside the guest is not supported. Some VPN requires raw sockets to be opened, which needs admin privileges to successfully open these sockets, whereas WVPC application runs in the user context. Applications using TCP/IP like Internet Browsing, messenger, shared access, etc. will work when connected using NAT. It is recommended to connect using the bridge mode when the guest needs to use VPN.
4. Internal Network: This option is used to connect two or more guests together for an isolated network. When the guest is using this option, it can only connect to the other guests on the same physical machine. WVPC application internally has a software switch which forwards the packets meant for the destination guest without connecting to the external world. This is useful for cases where you want to connect to two or more machines completely isolated from the network. The internal network also maintains the DHCP server and provides the DHCP addresses in the range of 169.254.0.16 to 169.254.10.254. If another guest is acting as DHCP Server, you would need to disable the DHCP server so that DHCP packets can reach to that guest.
There are multiple options to connect VMs created using WVPC to internal and external networks. We hope this information is useful to you. Check out Windows® XP Mode today, and let us know what you think, either via the comments section here, or sharing your feedback on the WVPC and Windows XP Mode Forum on TechNet here.
Microsoft Virtualization Team