Do network diagnostic tools need upgrade?

Octavio Alvarez alvarezp at alvarezp.ods.org
Mon Feb 3 18:59:14 UTC 2014


On 02/03/2014 05:33 AM, Ammar Salih wrote:
> Hello NANOG list members,
> 
>  I have a question for you, are you happy with the current network
> diagnostic tools, like ping, trace route .. etc,

What tools are you referring to by "..."? There are many others. I like
tcptraceroute (there are two variants of it) and mtr.

> don't you think it's time
> to have an upgraded version of icmp protocol?

What is it that you are thinking?

ICMP is for signaling between machines. Increasing signaling for human
diagnostics can lead to reconnaissance attacks. We don't want yet
another option for some to incorrectly block ICMP [1], which in turn
leads to other problems.

[1] ... when they want to just block ICMP echo and reply, which is also
bad enough and must be done really selectively.

> First scenario:
> 
>  To be able to troubleshoot advanced networks with complex QoS and
> policy-based routing configuration, where ping, traceroute and other
> network diagnostic tools do not provide accurate readings, for example, you
> are troubleshooting a web server with ping, and it looks functioning quite
> well (packet loss and round trip time is all good), but web services are
> still significantly slow, the fact is icmp and tcp:80 might have different
> priorities and bandwidth limits on each router along the path between the
> client and the server, in this case, network admins usually use telnet
> applications like (Paping), well it may help if the forward and return path
> of all packets are exactly the same.

tcptraceroute.

> Second scenario:
> 
> So another possible scenario is that you need to determine readings for
> forward and return paths, TraceRoute for example gives you forward path
> only using icmp. But what if you need to troubleshoot a VoIP server for
> example, assuming that packets return path might not be the same as forward
> path.

It depends. Asymmetric routing is not necessarily bad unless it causes a
problem like packet loss, high latency, etc. For example, if the return
path has packet loss but you should 'hopefully' (yeah I know...) notice
it in the traceroute if you increment the probe count or run it twice.
Or try mtr, a periodic traceroute with different statistics presentation
that significantly reduces the 'hopefully' problem.

> Third scenario:
> 
> One of the most common problems in networking, is that you don't have
> access to all equipment between client and server, but you have to
> troubleshoot the path between them and to understand where the problem
> exactly is in order to contact the right person without having the
> privilege to check the configuration on each router.

This one's more difficult but also "it depends". State a specific
problem case.

> Fourth scenario:
> 
> Also, with trace route you can't determine the actual path, for example,
> the router may direct http traffic to proxy server while leaving other
> traffic going through a different hop.

tcptraceroute.




More information about the NANOG mailing list