nanog mailing list archives

Re: tracking TCP session hop by hop


From: Peter Phaal <peter.phaal () gmail com>
Date: Wed, 29 Nov 2017 11:34:24 -0800

On Wed, Nov 29, 2017 at 9:06 AM, William Herrin <bill () herrin us> wrote:

On Tue, Nov 28, 2017 at 3:48 PM, Yifeng Zhou <zhuifeng0426 () gmail com>
wrote:

Is there any way that we can track TCP session hop by hop?

Say we have 10 ECMP between A and Z point, what's the easiest way to
track
specific session is using which path? How we can check between
servers(Linux/Unix) and between Routers(Cisco/Juniper etc)?


A TCP connection is uniquely identified by the combination of four numbers:
The source IP address, the source port, the destination IP address and the
destination port. You used the word session, but sessions happen above TCP
in the stack and may use more than one TCP connection.  Every packet in the
connection contains all four numbers and no packet from any other
connection contains the same four numbers.

If you want to track the connections, you capture the packets at each point
in the path (router products have vendor-specific ways of doing this) and
see which unique sets of the four numbers went through which router and
router interface.


If you want to -test- which path a TCP connection -would- take, Ruairi's
afore-mentioned tcptraceroute is the way to go. The regular traceroute with
modern Linux servers also supports the "-T" flag which does the same thing.
It works just like regular traceroute but uses synthetic TCP SYN packets
instead of ICMP or UDP packets, allowing the packets to pass firewalls
which would otherwise block the trace.

Bear in mind that in each case you will likely only see the path taken at
the IP level. Underlying transits at the Ethernet or MPLS level are
intentionally invisible to the endpoints.


In the data center context, enabling sFlow continuously captures packets
from all paths and can be used to trace multi-path packet flows, whether
layer 2 (MLAG/LAG), or layer 3 (ECMP). sFlow reports physical switch ports
and captures Ethernet packet headers, so you can relate paths to MPLS
labels, Ethernet headers, IP headers, TCP/UDP headers, VxLAN tunnels, etc.

The following article provides an example:
http://blog.sflow.com/2017/09/troubleshooting-connectivity-problems.html


Current thread: