barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec
jmaimon at ttec.com
Mon May 7 01:07:17 UTC 2007
>>I did include icmp echo directly to each hop as a comparison.
> Right, but from what you posted you didn't send 1500-byte packets. My
> reaction was the same as Lincoln's -- it smells like a Path MTU
> problem. To repeat -- ping and traceroute RTT from intermediate nodes
> is at best advisory, especially on timing.
> I should add -- DSL lines often use PPPoE, which in turn cuts the
> effective MTU available for user packets. If the PMTUD ICMP packets
> don't get through -- and they often don't, because of misconfigured
> firewalls -- you're likely to see problems like this.
Of course, and thats why I have cut down ip mtu and tcp adjust mss and
all the rest.
Not making much of a difference.
Furthermore, ipsec performance with normal sized icmp pings is what I
was referring to, and those are nowwhere near full-sized.
More information about the NANOG