icmp performance vs. traceroute/tcptraceroute, ssh, ipsec

Joe Maimon jmaimon at
Mon May 7 01:12:34 UTC 2007

Lincoln Dale wrote:

>>I did include icmp echo directly to each hop as a comparison.
> i guess what i'm saying is that you can't read much from the backscatter of
> what a either:
>  - ping of each hop
>  - eliciting a response from each hop (as traceroute does)
> as the basis for determining much.
> you can perhaps derive SOME meaning from it, but that meaning rapidly
> diminishes when there are multiple intermediate networks involved, some of
> which you have no direct connectivity to verify problems with easily, likely
> different return path for traffic (asymmetric routing) etc.

When the cards consistently fall in certain patterns, you can actually 
read them quite easily.

The standard control plane arguments dont apply when the pattern holds 
all the way through to equipment under your {remote-}control.

In this specific instance, I find interesting the disparity of results 
between each hop ICMP echo and traceroute time exceeded processing, all 
the way up to the final hop.

I wouldnt care if the application protocols rode well, but they dont 
seem to.

> as i said before, if you have such terrible ssh/IPSec type performance, far
> less than you think is reasonable, then my money is on a MTU issue, and
> probably related to your DSL-based final hops.
> cheers,
> lincoln.

More information about the NANOG mailing list