Re: Specious network performance measurements.

["Paul D. Robertson" <proberts () clark net>]

On Tue, 21 Mar 2000, Peter J. Cherny wrote:

> The probes shown in the trace below is representative what happens
> after querying usatoday.com for the address of www.usatoday.com.

I can confirm this, though I no longer work for USA Today's parent
company I spent a number of years doing so, and helped with the initial
Web site topology and connectivity as well as provided some ongoing
assistance (indeed, I answered my fair share of BigIP related
questions when I was there.)

> The probes are a brace of three echo requests, three dns udp null queries,
> three tcp dns setups and a batch of udp traceroute packets, repeated a number
> of times over the following days.
>
> As the destination address is that of my border router (I use it's
> src address for some dns queries) the traffic leaped out of the logs.
>
> The explanation given by USAToday is included after the trace below.
>
> I also believe that the source of the packets are F5 networks boxen.

Indeed, I can confirm that to be the exact case.

> I question the naive assumption that the metrics so gleaned will tell
> anything at all about the topology of the network in which the target
> user resides. It certainly won't tell them  much about my leaf nodes or
> details about my upsteam provider Telstra's network.

When you try to scale a site to take the kind of traffic that USA Today
gets, it doesn't have to work perfectly for everyone, it simply has to
work fairly well for most (and even most is arguable) visitors.  Anyone it
doesn't work for will get the same effect that they would going to a
non-load balanced site, minus the delay given for the initial lookup.

> (In fact, their main dns forwarder lives in Canberra while the US gateway
> is most often out of Perth 3000 miles away).

In the case of USAT, it doesn't much matter, lines to .au are fairly
standard and I'd bet that anywhere other than the middle of the US is
about the same distance.

> I'd have thought AS routes would make a better way of finding the closest
> usatoday server, certainly not icmp echo and dns which often travel
> quite different paths to web traffic.

If it were that easy, F5 wouldn't have a roaring business in the
WebMonster arena.

> The assumption that any US based server will be closer than any other
> also fails spectacularly for clients not in the US.

The majority of USA Today's traffic is US-based.  If it's most
likely that if your intercontental links are West-coast based, you'll
actually get better connectivity from a West-coast based server farm.  

> I'm also concerned that if another 100K web sites decide to do the same
> measurements the net will be overwhelmed with noise.

If another 100,000 Web sites colocated at several geographic points,
interconnection between those points would get better and it probably
wouldn't matter as much.  In any case, the alternative seems to be
extermemly low TTLs and round robin, which doesn't work as well and causes
about as much traffic when poorly implemented.

> Looking for a sanity check, pjc

You seem to have everything lined up, if there's a specific question you'd
like answered, I might be able to help.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280