Re: Networking: NAT vs. Bridged?

tirmidi · ‎06-28-2007

I am running OSX 10.4.10 and beta 4.1, with an XP SP2 guest, on a MacPro Quad 3 ghz with 6 GB RAM. I had selected NAT networking, and all seemed well. However, using the speed tests on DSL Reports(www.dslreports.com/tools), I found an anomaly: whlie my download speed over cable was quite respectable (_{20 k/sec), my upload speed started off fast (}1.5 k, but then bogged down to an average of 300 bits/sec). On the Mac side, download was comparable, but upload was 1.5. I reproduced this several times with different servers and different browsers.

So, I thought, let me try bridged networking. Voila! Slightly higher (~25 k/sec) downloads and reasonable (1.5 k/sec) uploads.

Why should this be? It really appeared that the outgoing network connection was saturating on the VM end of things under NAT. And no, the Mac side wasn't using the network.

nathanp · ‎06-28-2007

Usually, I'm not a "me too" person, but I did a quick comparison with my cable between NAT and Bridged.

NAT 6344 kb down / 300 kb up

Bridged 7474 kb down / 1516 kb up

So, downstream doesn't seem too affected, but my upstream got cut down by 5x.

That is the same ratio yours got as well for upload.

I ran it again and the downstream varied a bit, but upstream was pretty much exactly the same.

dp_fusion · ‎06-28-2007

What is the CPU(s) doing (system monitor) when you make these comparisons?

Edit: On my system using only NAT I got twice the output on the host and CPU was lower than when using the guest. I expect that given the interface is virtualized some performance hit would be normal. 2X is more than I expected. I don't run any services though so really don't care - it's interesting, though. I was using http://www.speedtest.net/ to and from Seattle.

Message was edited by:

dp_fusion

tirmidi · ‎06-29-2007

I have not made a comparison of resource utilization, but I have found what is for me a substantial advantage of bridged networking: I can now cross-mount drives and directories on host and guest, as well as do remote printing on the host from the guest; thus I do not need to attach and detach the printer USB connection. And I can bid "au revoir" to "Bonjour," the other alternative.

So, in my application, not only is bridged networking superior in terms of network performance, but it provides just the functionality I need as well. If there are penalties, I am not aware of them.

Question: can someone provide a reference in the documentation that further clarifies the difference between NAT and bridged networking? This may well be redundant, but it would be very useful to me.

westside_guy · ‎06-30-2007

Question: can someone provide a reference in the
documentation that further clarifies the difference
between NAT and bridged networking? This may well be
redundant, but it would be very useful to me.

Do you mean just in terms of performance, or in general?

Certainly if network speed doesn't particularly matter, and you don't need to join an AD domain (since you don't have to join a domain to get at domain shares etc. for the most part), NAT has the benefit of helping protecting your Windows install from the outside world. Since I mainly use XP for testing web pages on IE, and for playing some older Windows games - I use NAT, turn off the Windows firewall and generally don't run antivirus protection (things that'd be ill-advised if you were running in Bridged mode). I do run the OS X firewall, of course.

tirmidi · ‎06-30-2007

Thanks for the clarification. In my case, I need optimal network speed; I'm behind a NAT'ed router, and run firewalls on both host and guest side; and have robust virus protection. So it appears that "bridged" really is the right choice for me.

westside_guy · ‎06-30-2007

I have to admit I was surprised to read about the very significant speed difference you and others have measured. I know I'm stating the obvious; but NAT in and of itself isn't the source of that.

I'm too lazy to try this right now, but it might be interesting to set up a separate NAT server daemon on the Mac, and to point the virtual machine (bridged) at that. It'd require a bit of monkeying around with the firewall though; and while I've done that with Linux iptables I don't have the experience to do that quickly using ipfw.

admin · ‎06-30-2007

I'll agree the speed difference is surprising (note I have absolutely no knowledge of how Fusion's networking stack operates); you should file a bug[/url] (perhaps include a link to this thread).

Yaztromo · ‎06-30-2007

Question: can someone provide a reference in the
documentation that further clarifies the difference
between NAT and bridged networking? This may well be
redundant, but it would be very useful to me.

One other thing to keep in mind is that the networking is significantly simplified when using NT if you're a laptop user that frequently moves between wireless networks. Under NAT, as VMware/OS X is handling the address assignment to the guest OS's, they don't need to re-authenticate when moving between networks -- only the host OS needs to. Under bridged mode, each guest would also have to authenticate, and get new NAT addresses, etc.

Whether or not this impacts you depends. In my case, my MacBook tends to roam through three different wireless networks over the course of the day -- my home network (which uses WPA2-based authentication), the campus network (which uses 802.1X-based authentication), and my department's network (which uses a web-based authentication scheme). Using NAT, I can kep using VM's as I cross these various network boundries throughout my day without affecting them at all -- they don't need a new IP address, and need do no authentication. If I were to run them all in Bridged mode, I'd have to authenticate against the campus and department wireless networks as I move between them during the day, for each and every guest OS (as well as the OS X host).

Little of which matters for a desktop system, but for a roaming laptop user, NAT mode can certainly reduce a lot of headaches. I can just imagine that in Bridged mode, if you were to stop somewhere with paid WiFi access (like many airports, at least here in Canada), you'd have to pay once per host/guest if you wanted all of them to have network access, whereas in NAT mode only the host needs pay, and everyone else can "ride for free".

Yaz.

westside_guy · ‎06-30-2007

Okay, I decided to try this out as well so we'd have another data point. In my case, NAT vs. Bridged doesn't significantly impact the download speed - but NAT's upload speed is ~42% lower under NAT than in Bridged mode.

I used Firefox to connect to the Speakeasy speed test http://www.speakeasy.net/speedtest/, and connected to San Francisco each time. I did three reps for each connection.

OS X (native): download 4585.3kbps, upload 359.7kbps

VMware w/ NAT networking: download 4505.00kbps, upload 207.0kbps

VMware w/ Bridged networking: download 4488.7kbps, upload 353.7kbps

Then I switched back to NAT and tried again, just to be sure it wasn't a transient problem - the upload speed was about 210kbps again

sbartel · ‎06-30-2007

Ah, this explains the issue I posted a couple of days ago regarding my slow FTP upload speed. I was in NAT and though I thought it was also happening in Bridged, a couple of tests this evening confirms that while there are slight variations, the problem is definitely with NAT. Bridged mode is currently netting me within a 10% allowance of the speeds I get from FTP with the host Mac, while NAT is off by a factor of about 75%.

tirmidi · ‎07-01-2007

...you should
fil
e a bug[/url] (perhaps include a link to this thread).

Hmm. That link doesn't any longer go to the bug report page, but to the support page. Is there an alternate URL?

admin · ‎07-01-2007

As far as I know, that link is the way to report bugs, request support, and make feature requests. You can get to it from vmware.com/mac > Report a Problem, so if it's wrong, the site needs to be corrected.

westside_guy · ‎07-01-2007

Hmm. That link doesn't any longer go to the bug
report page, but to the support page. Is there an
alternate URL?

It worked fine for me.

You log in to that support page, and there's support contact information for various VMware products including Fusion. Clck on the link for Fusion, and you'll be taken to a form allowing you to file a bug report.

I did NOT file a bug report; but I did follow the links and got to the reporting form without problems.

tirmidi · ‎07-01-2007

Quite right. Service request 190586901 has now been submitted. Where is my brain when I need it?

052569 · ‎07-19-2007

I don't know if this is related, but has anyone looked at the CPU usage of the NAT daemon (vmnet-natd) differs between downloading / uploading?

I noticed that vmnet-natd would consume quite a bit of CPU when there are a lot of network traffic going to a VM, sometimes even more than the vmware-vmx process itself. I suspect when that happens, network throughput within the VM drops.

I haven't tried running NAT using OS X's natd for a comparison, but it may be worth trying.

eduncan911 · ‎07-01-2008

This thread was started over a year ago; but yet, I have the latest and greatest with the same problem.

OS X 10.5.4 Leapord

Fusion 1.1.3 (I see 2.0 Beta is out, but I can't test that now)

Windows Vista

MacBook Pro Core 2 Duo, 4 GB ram (2gb for Vista's VM)

First, I have a monster connection speed. These are the speeds when run at through the mac. No, this is not a fluke. I got a special deal for 20 Mbps down and 20 Mbps up @ home (got to love Verizon FIOSand discount vendors).

20805 kbps (2540 kB/s), verification link -

16327 kbps (1993 kB/s), verification link -

Sadly, my Vista instance of Fusion shows only 300kbps (30kB/s) upstream (downstream is very close to normal speeds). I am using one network interface as NAT and one as Host Only. My idea was to use the Host Only to map a dedicated share (and put my data files on the mac's drive).

After I shut down tonight, I will switch over to Bridged mode for the primary network card. But I highly agree with Yaztromo with his post here: http://communities.vmware.com/message/685175#685175

Switching to Bridged is not a viable solution with all of the roaming I do, but I must do it for now (and God do i hope i have faster speeds when u guys are using).

Will this ever resolved? I made a comment in this http://communities.vmware.com/docs/DOC-2527 for future reference of this issue.

Eric A. Duncan - http://eduncan911.com "My attention to detail is both a blessing and a curse."

eduncan911 · ‎07-02-2008

As others here have experienced, once you switch to Bridged mode it does greatly increase the upload speed.

But only by 300% - which seems capped at 1.2 Mbps upload. Here are my results after 5 tests, 4 last night and one this morning.

1222 Kbps about 1.2 Mbps - verified url

Again, my upload has been tested on multiple machines, and even the hosting Mac OS this Fusion is running within. All test around 16 to 17 Mbps upstream.

To recap this unresolved issue:

NAT mode limits your upstream/upload to around 300 kbps (around 30 kB/s)
Bridged mode limits you upstream/upload to around 1200 kbps (around 1.2 Mbps or 120 kB/s)

So clearly Bridged mode is best, if you can live with it (see my post above). One would think this solution could be resolved because the downstream is blazingly fast (I tested it at 19 Mbps on my 20Mbps Fios line).

Eric A. Duncan - http://eduncan911.com "My attention to detail is both a blessing and a curse."

rmehta · ‎07-02-2008

Hi eduncan911,

I looked up the results and found that you had just one run for Bridged networking. Is it possible, if you can get more runs.

I also found a case where the VM reported for upload.

Fri Jun 27 2008 @ 6:48:06 pm

UP

5983 kB

13078 kbps (1596 kB/s)

Can you please verify which mode of networking are you using?