virtualbox.org

End user forums for VirtualBox
https://forums.virtualbox.org/

Wierd network behavior in NAT

https://forums.virtualbox.org/viewtopic.php?t=19951

Page 1 of 1

Wierd network behavior in NAT

Posted: 13. Jul 2009, 08:06
by noaml
Hi All,

I am hosting various windows OSs and am seeing very funny behavior in NAT.
Sometimes I see large packet loss.
Sometimes I see "interesting" behavior of ping.

Here is output of pinging the host OS from within the guest. Note the large response times (should be <1ms):

C:\Documents and Settings\Joe>ping noamvbox -n 10000

Pinging noamvbox.iloffice.mainsoft.com [172.17.8.155] with 32 bytes of data:

Reply from 172.17.8.155: bytes=32 time=501ms TTL=127
Reply from 172.17.8.155: bytes=32 time=1001ms TTL=127
Reply from 10.0.2.2: bytes=32 time=500ms TTL=127
Reply from 172.17.8.155: bytes=32 time=501ms TTL=127
Reply from 172.17.8.155: bytes=32 time=1001ms TTL=127
Reply from 10.0.2.2: bytes=32 time=500ms TTL=127
Reply from 172.17.8.155: bytes=32 time=500ms TTL=127
Reply from 172.17.8.155: bytes=32 time=1001ms TTL=127
Reply from 10.0.2.2: bytes=32 time=501ms TTL=127
Reply from 172.17.8.155: bytes=32 time=500ms TTL=127
Reply from 172.17.8.155: bytes=32 time=500ms TTL=127
Reply from 172.17.8.155: bytes=32 time=1001ms TTL=127
Reply from 172.17.8.155: bytes=32 time=500ms TTL=127
Reply from 10.0.2.2: bytes=32 time=501ms TTL=127
Reply from 172.17.8.155: bytes=32 time=1001ms TTL=127
Reply from 172.17.8.155: bytes=32 time=501ms TTL=127
Reply from 10.0.2.2: bytes=32 time=500ms TTL=127
Reply from 172.17.8.155: bytes=32 time=1001ms TTL=127
Reply from 172.17.8.155: bytes=32 time=500ms TTL=127
Reply from 10.0.2.2: bytes=32 time=500ms TTL=127
Reply from 172.17.8.155: bytes=32 time=1001ms TTL=127
Reply from 172.17.8.155: bytes=32 time=501ms TTL=127
Reply from 10.0.2.2: bytes=32 time=501ms TTL=127
Reply from 172.17.8.155: bytes=32 time=1001ms TTL=127
Reply from 172.17.8.155: bytes=32 time=501ms TTL=127
Reply from 10.0.2.2: bytes=32 time=500ms TTL=127
Reply from 172.17.8.155: bytes=32 time=501ms TTL=127
Reply from 172.17.8.155: bytes=32 time=1001ms TTL=127
Reply from 172.17.8.155: bytes=32 time=501ms TTL=127
Reply from 172.17.8.155: bytes=32 time=500ms TTL=127
Reply from 172.17.8.155: bytes=32 time=1001ms TTL=127
Reply from 172.17.8.155: bytes=32 time=501ms TTL=127
Reply from 172.17.8.155: bytes=32 time=500ms TTL=127
Reply from 172.17.8.155: bytes=32 time=1001ms TTL=127
Reply from 10.0.2.2: bytes=32 time=500ms TTL=127
Reply from 172.17.8.155: bytes=32 time=501ms TTL=127

Ping statistics for 172.17.8.155:
Packets: Sent = 36, Received = 36, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 500ms, Maximum = 1001ms, Average = 653ms
Control-C
^C


Here is output from pinging another system. Note that at some point the host starts responding !
C:\Documents and Settings\Joe>ping fileserver /n 1000

Pinging fileserver.iloffice.mainsoft.com [172.17.0.207] with 32 bytes of data:

Reply from 172.17.0.207: bytes=32 time=5ms TTL=127
Reply from 172.17.0.207: bytes=32 time=1ms TTL=127
Reply from 172.17.0.207: bytes=32 time<1ms TTL=127
Reply from 172.17.0.207: bytes=32 time=501ms TTL=127
Reply from 172.17.0.207: bytes=32 time<1ms TTL=127
Reply from 172.17.0.207: bytes=32 time<1ms TTL=127
Reply from 172.17.0.207: bytes=32 time<1ms TTL=127
Reply from 172.17.0.207: bytes=32 time<1ms TTL=127
Reply from 172.17.0.207: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time=501ms TTL=127
Reply from 172.17.0.207: bytes=32 time<1ms TTL=127
Reply from 172.17.0.207: bytes=32 time<1ms TTL=127
Reply from 172.17.0.207: bytes=32 time<1ms TTL=127
Reply from 172.17.0.207: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time=501ms TTL=127
Reply from 172.17.0.207: bytes=32 time=500ms TTL=127
Reply from 10.0.2.2: bytes=32 time=501ms TTL=127
Reply from 172.17.0.207: bytes=32 time<1ms TTL=127
Reply from 172.17.0.207: bytes=32 time=501ms TTL=127
Reply from 10.0.2.2: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time=501ms TTL=127
Reply from 172.17.0.207: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time=501ms TTL=127
Reply from 10.0.2.2: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time=500ms TTL=127
Reply from 10.0.2.2: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time=501ms TTL=127
Reply from 172.17.0.207: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time=500ms TTL=127
Reply from 172.17.0.207: bytes=32 time<1ms TTL=127
Reply from 172.17.0.207: bytes=32 time<1ms TTL=127
Reply from 10.0.2.2: bytes=32 time=501ms TTL=127
Reply from 172.17.0.207: bytes=32 time=1ms TTL=127
Reply from 172.17.0.207: bytes=32 time=1ms TTL=127

Ping statistics for 172.17.0.207:
Packets: Sent = 38, Received = 38, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 501ms, Average = 303ms
Control-C
^C

Any idea?

Noam

Re: Wierd network behavior in NAT

Posted: 13. Jul 2009, 20:16
by Sasquatch
The first behaviour is probably because both IP addresses point to the same machine, and that can cause some confusion giving this kind of delay.

For the second ping test, I think that it's because of the NAT translation itself. The host gets the ping replies and needs to send them to the Guest. This sometimes causes the packets to get a different source address, because they might not be translated fast enough by VB. This is just speculation, based on what I see. You might want to run a packet sniffer like Wireshark to get more info on what is happening.

Re: Wierd network behavior in NAT

Posted: 14. Jul 2009, 11:28
by brensly
I've had a similar problem since I reinstalled Ubuntu (host) a week ago. I get either 500ms or 1000ms delay when pinging the host IP, and I keep losing connection to some Internet-based applications I use. The host works perfectly though. This only happened after I reinstalled Ubuntu (Jaunty), before that everything worked as it should.

Re: Wierd network behavior in NAT

Posted: 14. Jul 2009, 16:25
by noaml
Sasquatch wrote:The first behaviour is probably because both IP addresses point to the same machine, and that can cause some confusion giving this kind of delay.

For the second ping test, I think that it's because of the NAT translation itself. The host gets the ping replies and needs to send them to the Guest. This sometimes causes the packets to get a different source address, because they might not be translated fast enough by VB. This is just speculation, based on what I see. You might want to run a packet sniffer like Wireshark to get more info on what is happening.
This is not the case.
The VirtualBox host is noamvbox.iloffice.mainsoft.com. It in fact does have two IPs: 172.17.8.155, and 10.0.2.2 (in the NAT network).
The other machine fileserver.iloffice.mainsoft.com only has one IP (172.17.0.207). When pinging it, sometimes the VirtualBox host answers (10.0.2.2).

Noam

Re: Wierd network behavior in NAT

Posted: 14. Jul 2009, 20:11
by Sasquatch
noaml wrote:
Sasquatch wrote:The first behaviour is probably because both IP addresses point to the same machine, and that can cause some confusion giving this kind of delay.

For the second ping test, I think that it's because of the NAT translation itself. The host gets the ping replies and needs to send them to the Guest. This sometimes causes the packets to get a different source address, because they might not be translated fast enough by VB. This is just speculation, based on what I see. You might want to run a packet sniffer like Wireshark to get more info on what is happening.
This is not the case.
The VirtualBox host is noamvbox.iloffice.mainsoft.com. It in fact does have two IPs: 172.17.8.155, and 10.0.2.2 (in the NAT network).
The other machine fileserver.iloffice.mainsoft.com only has one IP (172.17.0.207). When pinging it, sometimes the VirtualBox host answers (10.0.2.2).

Noam
That's what I'm talking about. VB needs to change the packets so it gets to the VM properly. But when it gets a lot of packets to process, this can happen, where it doesn't change the source address to the actual source, but the gateway IP. Or to be more precise, VB isn't fast enough to change the package source address to contain the true source, but notes the gateway instead.

Re: Wierd network behavior in NAT

Posted: 15. Jul 2009, 17:45
by jasetheace
I've also seen this issue. Things work fine in VB 2, but in VB 3.0 and 3.0.2, I see this issue too. I don't think it has to do with the load on the host, since it happens for me even when there is not much of a load. And simple pings do not all a lot of traffic. For now, I've had to run my guests in bridged mode.

I've seen this issue using Wireshark on my guest, with UDP packets as well.

Hopefully this issue will get fixed soon.

Jase

Re: Wierd network behavior in NAT

Posted: 15. Jul 2009, 20:03
by Sasquatch
I don't really see the problem here. Ok, you get a few strange results, but a default ping, that's 4 replies, doesn't show this problem. It only happens after around 30 or so.

Re: Wierd network behavior in NAT

Posted: 15. Jul 2009, 20:57
by MKhaos7
WHich version of VBox are you running? In 3.0.0 some people were complaining about network issues. This definetively looks like something related to it.
Try updating to the latest version and see if this continues.

If you still get this behavior open a bug. It looks like VBox is wrongly translating some packets.

Re: Wierd network behavior in NAT

Posted: 15. Jul 2009, 21:20
by jasetheace
I have opened a bug for a NAT issue - not sure if it's exactly what you're experiencing or not, but it could be part of it.

http://www.virtualbox.org/ticket/4540
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited