North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec

  • From: Joe Maimon
  • Date: Sun May 06 21:09:15 2007




I did include icmp echo directly to each hop as a comparison.



Right, but from what you posted you didn't send 1500-byte packets. My reaction was the same as Lincoln's -- it smells like a Path MTU problem. To repeat -- ping and traceroute RTT from intermediate nodes is at best advisory, especially on timing.

I should add -- DSL lines often use PPPoE, which in turn cuts the
effective MTU available for user packets.  If the PMTUD ICMP packets
don't get through -- and they often don't, because of misconfigured
firewalls -- you're likely to see problems like this.


Of course, and thats why I have cut down ip mtu and tcp adjust mss and all the rest.


Not making much of a difference.

Furthermore, ipsec performance with normal sized icmp pings is what I was referring to, and those are nowwhere near full-sized.