icmp performance vs. traceroute/tcptraceroute, ssh, ipsec

Steven M. Bellovin smb at
Mon May 7 00:47:23 UTC 2007

On Sun, 06 May 2007 20:27:20 -0400
Joe Maimon <jmaimon at> wrote:

> Lincoln Dale wrote:
> >>traceroute/tcptraceroute show packet loss and MUCH higher rtt than
> >>the corresponding direct pings on the reported hop entries.
> >>
> >>Is this some sort of massaging or plain just "faking it"? Or is such
> >>things merely net-urban myth?
> > > > the vast majority of routers on the internet respond very
> > > > differently to
> > traffic 'directed at them' as opposed to traffic 'routed through
> > them'.
> Thanks for your reply.
> I did include icmp echo directly to each hop as a comparison.
Right, but from what you posted you didn't send 1500-byte packets.  My
reaction was the same as Lincoln's -- it smells like a Path MTU
problem.  To repeat -- ping and traceroute RTT from intermediate nodes
is at best advisory, especially on timing.

I should add -- DSL lines often use PPPoE, which in turn cuts the
effective MTU available for user packets.  If the PMTUD ICMP packets
don't get through -- and they often don't, because of misconfigured
firewalls -- you're likely to see problems like this.

		--Steve Bellovin,

More information about the NANOG mailing list