Networking model

Networking is declarative: virtual L2 segments with daemon-supplied DHCP/DNS/NAT/routing/L3 filtering in userspace — no vmlab net CLI.

Networking is declarative in vmlab.wcl — there is no vmlab net CLI. A segment is a virtual L2 switch; the lab daemon supplies DHCP, DNS, NAT, routing and L3 filtering entirely in userspace (which is why vmlab needs no CAP_NET_ADMIN, tap or bridge). Runtime rule mutation is available from wscript via the Segment API.

Segments are declared with segment {} blocks (see the segment block and its sub-blocks). record and sinkhole blocks may also appear at lab level (lab-wide). A nic { nat = true } shorthand attaches a VM to a per-lab built-in NAT segment without declaring one.

- lab {} block

- vm {} block

- segment {} block

- segment {} sub-blocks

- Daemon model

- Segment

- The vmlab.wcl schema

§ 2Referenced by

- Daemon model

- Containers

- WSL2

- lab {} block

- segment {} block

- nic {} block

- Segment

- segment {} sub-blocks

- The vmlab.wcl schema