oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

Build a Virtual Routed Network

by Mitch Tulloch

Although computer hardware is rock-bottom cheap nowadays, there are times when even a geek like me doesn't want to shell out a couple of hundred bucks for still another used AMD x64 box to add to the ones already taking up half a wall in my office. I mean, my gas heating bill is already almost zero because of all the heat my computers generate, so why do I want another?

Because sometimes your test network is just not big enough. Building a multi-domain, multi-site testbed network with a workstation in each domain and at each site can take about half a dozen machines -- or one physical machine running Microsoft Virtual PC 2004. That's how cool Virtual PC (VPC) is as a testing platform, and for one who loves his office air-conditioned, I'm thankful for this product.

The Target Network

To see what VPC can really do, let's set up an internetwork (routed network) that consists of three subnets, and then test our setup by using the ping command to ping a host in subnet 3 from a host in subnet 1. Specifically, our virtual network will look like Figure 1:

Thumbnail, click for full-size image.
Figure 1: The network we want to build. (Click for full-size image.)

This network can be summarized as follows:

  • It has three subnets (,, and joined by two routers.
  • Router 1 has an interface on subnet 1 and an interface on subnet 2.
  • Router 2 has an interface on subnet 2 and an interface on subnet 3.
  • Subnet 1 has one Windows XP host on it with the address
  • Subnet 3 has one Windows XP host on it with the address

Clearly our internetwork works if we can ping host XP-2 from host XP-1, so that will be our test for success. Now let's set up the network.

Setting Up the Network

The trick to doing this is to use Windows XP's capability of routing IP traffic. Here are the basic steps to follow:

1. Create four new virtual machines (VMs) in Virtual PC and install Windows XP on each of them. A quick way of doing this is to use Sysprep as described in an article I wrote awhile back for Name your VMs XP-1, XP-2, XP-ROUTER-1, and XP-ROUTER-2 or something similar (the first two VMs are obviously the hosts and the other two will be the routers).

2. Open the settings for the two host VMs and configure the Network settings so they have one NIC each, set to Local Only networking (this isolates the virtual network from your real network to protect it). Figure 2 shows this for XP-1:

Thumbnail, click for full-size image.
Figure 2: Network settings for XP-1 VM. (Click for full-size image.)

3. Open the settings for the two router VMs and configure Network settings so they have two NICs each, both set to Local Only. Figure 3 shows this for XP-ROUTER-1:

Thumbnail, click for full-size image.
Figure 3: Network settings for XP-ROUTER-1 VM. (Click for full-size image.)

4. Configure the TCP/IP properties for each connection on each VM as in the following table.

VM name Connection IP Subnet mask Default gateway
XP-1 Subnet
XP-ROUTER-1 Subnet None
XP-ROUTER-2 Subnet
Subnet None
XP-2 Subnet

Note that if you're prompted for DNS server settings you can assign any IP you like since we won't be using DNS in this scenario.

5. Open Regedit.exe on XP-ROUTER-1, navigate to HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, and change the value of IPEnableRouter from 0 to 1. This turns your multi-homed XP machine into a router. Well, not quite -- restart the machine to make the setting take effect.

6. Repeat with XP-ROUTER-2, and don't forget to restart the VM.

7. One more step, but it's important. Open Windows Firewall on each VM, select Advanced, and under ICMP click Settings. Then make sure that an exception is open for ping traffic (see Figure 4).

Figure 4
Figure 4: This exception must be open for an XP machine to respond to ping.

That's it, you're done! To test everything out, let's open a command prompt window on XP-1 (which is on subnet 1) and try pinging XP-2 (which is on subnet 3). Figure 5 shows the result and it's just what we expect, i.e., the TTL was decreased from 128 to 126 two hops.

Thumbnail, click for full-size image.
Figure 5: Pinging a host two subnets away. (Click for full-size image.)


Virtual PC is a great tool for building test networks, even multi-subnet ones. And while Microsoft Virtual Server is now a free product (although VPC still costs money) I actually prefer VPC for most software testing because it has an easy-to-use interface as opposed to the clunky web-based interface of Virtual Server. For production environments, of course, Virtual Server is definitely more powerful, as is VMware. And for a comparison between Virtual Server and VMware, check out this recent interview I did with MVP Charlie Russel. But as for little ol' me, I still like Virtual PC -- hey, I'm a poet as well as a geek!

Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.

Return to the Windows DevCenter.