icmp performance vs. traceroute/tcptraceroute, ssh, ipsec

Adrian Chadd adrian at
Mon May 7 01:49:48 UTC 2007

On Sun, May 06, 2007, Joe Maimon wrote:

> When the cards consistently fall in certain patterns, you can actually 
> read them quite easily.

Not if the cardplayer is lying..

> The standard control plane arguments dont apply when the pattern holds 
> all the way through to equipment under your {remote-}control.
> In this specific instance, I find interesting the disparity of results 
> between each hop ICMP echo and traceroute time exceeded processing, all 
> the way up to the final hop.
> I wouldnt care if the application protocols rode well, but they dont 
> seem to.

Have you fired up ethereal/wireshark at either end and sniffed the packet flow
to see exactly whats going on under these circumstances? Is there a difference
between IPSEC and normal TCP traffic? Whats handling your IPSEC at either
end? etc, etc.

I've got plenty of graphs available which show modern Cisco equipment holding
-horrible- ping variance compared to forwarding variance. Eg - Cat 4500 acting
as LAN router and switch having ping RTT between <1ms and 15ms, but forwarding
ping RTT (ie, to a PC at the other end doing 100% bugger all) is flat sub-1ms.
(Makes for some -very- interesting VoIP statistics if you're not careful.)

I say "You need more information before jumping to conclusions" and "the
information you have, whilst probably quite valid when correlated with other
information, isn't going to be very helpful by itself."


More information about the NANOG mailing list