nanog mailing list archives

Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec

From: Joe Maimon <jmaimon () ttec com>
Date: Sun, 06 May 2007 21:07:17 -0400


I did include icmp echo directly to each hop as a comparison.


Right, but from what you posted you didn't send 1500-byte packets.  My
reaction was the same as Lincoln's -- it smells like a Path MTU
problem.  To repeat -- ping and traceroute RTT from intermediate nodes
is at best advisory, especially on timing.

I should add -- DSL lines often use PPPoE, which in turn cuts the
effective MTU available for user packets.  If the PMTUD ICMP packets
don't get through -- and they often don't, because of misconfigured
firewalls -- you're likely to see problems like this.

Of course, and thats why I have cut down ip mtu and tcp adjust mss andall the rest.


Not making much of a difference.

Furthermore, ipsec performance with normal sized icmp pings is what Iwas referring to, and those are nowwhere near full-sized.

Current thread:

barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Joe Maimon (May 06)
- RE: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Lincoln Dale (May 06)
  - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Joe Maimon (May 06)
    - RE: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Lincoln Dale (May 06)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Joe Maimon (May 06)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Adrian Chadd (May 06)
    - RE: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Lincoln Dale (May 06)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Steven M. Bellovin (May 06)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Joe Maimon (May 06)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Jo Rhett (May 07)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Joe Maimon (May 07)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Peter Dambier (May 07)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Jo Rhett (May 07)
    - RE: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Lincoln Dale (May 07)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Min (May 07)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Joe Maimon (May 07)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Joe Maimon (May 07)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Adrian Chadd (May 07)
    - Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec Joe Maimon (May 07)

(Thread continues...)