Re: [Nolug] Cox Connection Dropping - Packet Loss Topic

From: Scott Harney <scotth_at_scottharney.com>
Date: Tue, 12 Oct 2004 15:34:05 -0500
Message-ID: <416C3FBD.4060805@scottharney.com>

John Souvestre wrote:
> Making ICMP low priority doesn't create packet loss unless the router is
> topped out or close to it. But I agree with you that as long as it passes
> ICMP, even though it doesn't respond itself, this is good enough.

It's not uncommon for Cisco CMTS's to drop ICMP pings -- even when not
overloaded (ie processor, or network). Of course transit ICMP to
destinations other than the CMTS go through fine so as I say, you'll
traces that show loss at the first hop, but no loss on subsequent hops
after that.

> One of the nice features of some of the various combo ping/traceroute programs
> is that they attempt to ping all the hops in a route in very quick succession.
> This lets you see the effect of a busy router blocking pings to hops behind
> it, even if it is sporadic. Note that it isn't the number of pings per hop
> which is fast, but that when 1 hop is pinged all are (at nearly the same
> time).

that's what mtr does for you. Similar to ping plotter but for *nix :)

so if our user pings his first hop and sees loss, it may be meaningless.
  But if he pings say, yahoo.com, and sees significant loss over several
pings, he needs to look closer using tools like mtr or ping plotter to
see where that loss starts. Maybe it starts right at the first hop or
at the ISP's edge and naturally gets worse. Or maybe it starts further
out at an apparent peering point....

> While the Cox article you mentioned is generally good, they are wrong in one
> respect. No core router should ever be configured to block all ICMP. It's
> bad enough tat many firewalls do this, but for a core router to do so would be
> unforgivable!

Agreed. I think the author meant to say edge routers. Lots of people
filter ICMP at or near their edge. So it's not uncommon to see latter
hops in a traceroute fail.

Not sure how this is relevant to linux anymore except the discussion of
network analysis tools common to our environment of choice. I encourage
folks to explore traceroute, fping, hping, and mtr.

-- 
Scott Harney <scotth@scottharney.com>
"Asking the wrong questions is the leading cause of wrong answers"
gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
___________________
Nolug mailing list
nolug@nolug.org
Received on 10/12/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST