barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec

Joe Maimon jmaimon at ttec.com
Mon May 7 01:07:17 UTC 2007



>>
>>I did include icmp echo directly to each hop as a comparison.
>>
> 
> Right, but from what you posted you didn't send 1500-byte packets.  My
> reaction was the same as Lincoln's -- it smells like a Path MTU
> problem.  To repeat -- ping and traceroute RTT from intermediate nodes
> is at best advisory, especially on timing.
> 
> I should add -- DSL lines often use PPPoE, which in turn cuts the
> effective MTU available for user packets.  If the PMTUD ICMP packets
> don't get through -- and they often don't, because of misconfigured
> firewalls -- you're likely to see problems like this.
> 

Of course, and thats why I have cut down ip mtu and tcp adjust mss and 
all the rest.

Not making much of a difference.

Furthermore, ipsec performance with normal sized icmp pings is what I 
was referring to, and those are nowwhere near full-sized.





More information about the NANOG mailing list