I’ve developed a virtual machine manager application using the macOS Virtualization framework. The application currently supports both NAT and bridged networking configurations.
I’m now looking to implement host-only networking, where the guest VM can communicate with the host but not with external networks. Is this networking mode supported by the Virtualization framework, and if so, what is the recommended approach to set it up?
Additionally, I would like to implement port forwarding from the host to the guest (e.g., redirecting traffic from a specific port on the host to a port on the guest). Is there a way to configure port forwarding using the built-in APIs of the Virtualization framework, or would this require a custom networking solution?
Any guidance or best practices for implementing these features within the constraints of the framework would be greatly appreciated.
For both host-only and port forwarding, teams typically implement the networking themselves using the VZFileHandleNetworkDeviceAttachment.
This requires a user-space network stack. There are a few open source projects that can be used there.
Given that the whole stack becomes under the control of the app, the exact policy for how VMs are connected and ports handled is fully customizable through the implementation.
For best performance, it's recommended to use the VZFileHandleNetworkDeviceAttachment.maximumTransmissionUnit to set a large MTU for such mode. That reduces the emulation overhead for each packet. Another valuable parameter is the buffer size of the sockets passed through the NSFileHandle.