barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec

• Previous message (by thread): barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec
• Next message (by thread): barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lincoln Dale wrote:

>>Lower than 1500 mtu always requires some kind of hack in real life.
>>
>>That would be the adjust-mss which is the hack-of-choice
> 
> 
> note that using 'adjust-mss' only adjusts the MSS for TCP.
> it won't do much good for already-encapsulated IPSec traffic with protocol 47
> or tunneled over UDP...

Which is why its configured on the ipsec tunnel. And if there isnt one, 
on the the ingress interface. Which brings forth the observation that 
adjust mss should rather be used in route-map pbr style.

I know we had that whole discussion right here, back when I was younger 
and dumber, such as here:

http://www.merit.edu/mail.archives/nanog/2003-12/msg00088.html

Anyways, initial reports are that as per my advice, customer calls 
vendor says "voip not working" vendor says "i changed something, wont 
tell you what, reboot everything in 30" and now things seem to work 
perfectly, strangely enough EVEN the traceroutes.

This is obviously not best effort. Best guess would be "managed 
bandwidth" differentiated by ip ranges and that the "change" was a 
different pool assignment.

I suspect the stellar icmp echo performance is also intentional.

Compare:

tcptraceroute lsvomonline.dnsalias.com -q 5 -w 1  80 -f 7
Selected device eth0, address 192.168.0.3, port 33204 for outgoing packets
Tracing the path to lsvomonline.dnsalias.com (82.166.56.247) on TCP port 
80 (www), 30 hops max
  7  kar2-so-7-0-0.newyork.savvis.net (204.70.150.253)  45.008 ms 
52.978 ms  32.404 ms  50.676 ms  33.657 ms
  8  dcr3-ge-0-2-1.newyork.savvis.net (204.70.193.98)  49.037 ms  33.145 
ms  48.029 ms  34.355 ms  48.453 ms
  9  208.173.129.14  32.841 ms  32.669 ms  33.274 ms  31.861 ms  32.570 ms
10  barak-01814-nyk-b2.c.telia.net (213.248.83.2)  37.181 ms  32.600 ms 
  33.442 ms  32.696 ms  32.882 ms
11  po1-3.bk3-bb.013bk.net (212.150.232.214)  177.165 ms  175.852 ms 
178.104 ms  179.217 ms  175.214 ms
12  gi2-1.bk6-gw.013bk.net (212.150.234.94)  180.923 ms  182.761 ms 
179.170 ms  203.878 ms  178.905 ms
13  gi8-1.bk6-acc3.013bk.net (212.29.206.41)  174.266 ms  177.854 ms 
177.198 ms  177.439 ms  176.400 ms
14  bk6-lns-3.013bk.net (212.29.206.55)  181.717 ms  176.460 ms  228.843 
ms  174.942 ms  176.706 ms
15  82-166-56-247.barak-online.net (82.166.56.247) [open]  190.395 ms 
188.043 ms  189.961 ms  200.064 ms  192.943 ms

• Previous message (by thread): barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec
• Next message (by thread): barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]