Tshoot with Tracerout

Source of this post.

Default behavior

  • Traceroute send a probe packet with TTL of 1 to the destination.
  • Each router decrements the TTL with 1 and if it hits zero the router will send back an ICMP TTL Exceed message to the Source.
  • Next the TTL will be 2 and so on…
  • When the Source receives a ICMP Unreachable message, the trace ends.

 

  • Most traceroutes send 3 probe packet per hop to have a better measurement of RTT.
  • Each probe are unique
    • Most implementations use UDP packets with incrementing destination ports (ie.: Cisco traceroute)
    • ICMP or TCP also can be used (ie.: windows tracert uses ICMP
  • Each packet MAY be forwarded on a completely different path.
    • This may be visible to the user as multiple IP’s for each hop, but it also can be completely invisible too.

The calculation of latency is actually the sum of:

  • The time taken to forward the packet to the displayed router hop.
  • The time taken for the router to generate an ICMP response packet
  • The time taken for the ICMP packet to reach the sender.

Network Latency

Serialization delay

This is the delay caused by the encoding of data as packets across the network. The faster an interface is the quicker this process occur.

serialization-delay.PNG

This delay might be noticeable on low speed links.

Serialization delay can be caused by temporary high CPU utilization (ICMP packets are not considered important, so they will be processed later..). To distinguish whether it is temporary or permanent delay check the latency between hops.
If the latency persist across ALL future hops as well then you have a problem..
So if you see one hop with high latency and after that normal again that means the router generates ICMP slower. This doesn’t cause performance problem.

Queuing delay

Delay caused simply by buffering… qos

Propagation delay

This is the delay which shows how much time does the packet spent on the wire.
Obviously fiber is the best choice here.

Asymmetric Paths

Traceroute only shows the forward path. The only way to confidently analyze a traceroute is to have traceroutes in both directions!

example:
1  1.1.1.1   0.719 ms
2  2.2.2.2   0.574 ms
3  3.3.3.3   100.280 ms
4  4.4.4.4   101.876 ms
5  5.5.5.5   101.888 ms
  • There could be congestion between hop 2 and hop 3.
  • There might be asymmetric reverse path. (note: round trip)
    The route back might have a congested circuit. To find this you need a trace from the other side!

It is also possible that every single hop has another route back. In this case you have to check every hop one by one. (ie.: below image, every color is a trace hop)assymetric routing.PNG

Multiple paths and Load balancing

example:
 1 10.0.0.114 0 msec
 10.0.0.121 0 msec
 10.0.0.114 0 msec
 2 10.0.0.225 8 msec
 10.0.0.125 2 msec
 10.0.0.225 8 msec
 3 10.0.0.225 10 msec
 10.0.0.226 10 msec
 10.0.0.225 8 msec
 4 * 
 10.0.0.226 8 msec *

The above example shows the different outputs of all 3 traceroute probes / hop.

Every probe is independent!!

MPLS ICMP Tunneling example

mpls-icmp-tunneling

This might be weird because hops from 2 to 11 are part of a tunnel. The hops are visible (because the provider didn’t turn off TTL decrement) but the latency shows the delay from tunnel source to tunnel destination. So the traceroute probe fully goes through the tunnel at every hop.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑