|Kevin McAllister on 11 Jul 2015 09:51:14 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] Basic network monitoring and link quality software|
|On Jul 11, 2015, at 12:02 PM, Eric Lucas <email@example.com> wrote:|
A couple things to be cautious with when looking at mtr, ping traceroute numbers.
First. The mtr command you’re running is only doing 3 packets. It may not give you a great idea of what’s going on with a sustained flow of data. At work we like to beat the crap out of things using mtr by simulating something “like” a voice RTP flow. e.g.
mtr -s 200 -i 0.020 -c 3000 --report $destination
That will send a ton of test packets 200 bytes at 20ms intervals. (That’s close to what RTP traffic looks like in a voice application). And 3000 test packets will take 60s to run (still a short sampling period)
The second thing to be cautious of is the average latency from a single router on the way is going to be hard to reason about any problems. Many router vendors de-prioritize the responding to ICMP packets. I’ve had a set of brand new very expensive Junipers in a lab with no traffic running across them except for a small amount of mtr/ping traffic and I was showing packet loss and bad latency on the Juniper devices but my end to end numbers to the other test host on the same lab network were excellent.
Third, the main thing you can learn from mtr is if a problem is being introduced where it’s starting. And you’ll see that like follows. If your average latency on hop 4 jumped up to 150ms, but you saw a similar increase in every hop between you and the other end, including the device you are testing to. Then you can reason that there is an increase in latency which starts between hops 3 and 4.
This same reasoning can be used for packet loss. If you see 50% packet loss on a hop in the middle of your mtr trace but no significant loss further along the chain then there is no reason to worry about it.
Fourth, keep in mind you are measuring round-trip time and packet loss on round trips. It is not uncommon for routes on the Internet to be asymmetrical. That means your packet loss and latency numbers are not only measuring the path forward you can see from the mtr, but the return path that you can’t see. The only way to get an idea of the return path is to get a trace from the other side back toward you.
Fifth, flow based load balancing across redundant can screw up your return path trace to show a different path back to you than your forward trace is seeing.
With all those caveats, I think mtr is an excellent tool and use it daily, or at least daily when pulled into any sort of question of packet-loss, network performance. I especially like running it in non-report mode (interactive mode). It’s curses based so hit question mark and see what other modes you can use to look at live updating results while a test is being performed. I like hitting ‘j’ to see their jitter numbers and a drop counter.
So my assessment of the 85ms bad ping response from hop 4. I’d say no problem at all. You’ll see hops 3 and 4 are different in your second trace. Also so is your destination. Remember www.google.com isn’t a host but a DNS lookup that will result in many possible hosts.
And even if you trace to the same IP address to you could end up in radically different paths and even data-centers/hosts especially when dealing with a company like google who is excellent at service availability and probably algorithmically re-routing stuff.
Hope all this is helpful.
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug