[nsp] SAA really a true measure?

Paul Kohler pkohler at cisco.com
Fri Jun 13 15:34:44 EDT 2003


Absolutely, in the IOS versions contained in the Advisory you should not 
run a responder. Thanks Jeff for pointing that out. I apologize that I 
didn't state that in the prior email (it was an honest mistake).

The original question was "true measure"of delay while acknowledging that 
ICMP is lower priority on all network appliances and therefore includes a 
certain amount of processing time. Your alternatives with a Cisco router as 
a source are:

1 - (if your destination is not a Cisco router) SAA UDP Echo - will factor 
out majority of processing time on the source

2 - (if your destination is a Cisco router but is running an IOS in the 
Advisory) SAAUDP Echo while not configuring responder - will factor out 
majority of processing time on the source

3 - (if your destination is a Cisco router running IOS not included in the 
Advisory) SAA UDP Jitter and configure responder - will factor out majority 
of processing time on both source and router

All 3 of these options will give you more of a "true measure" of delay than 
ICMP.

Paul

At 12:20 PM 6/13/2003, jeff.marsh at shaw.ca wrote:
>Thanks Paul!  That document was really helpful.  Unfortunately though it 
>pretty much shows that SAA without the responder is probably only useful 
>to provide a relative baseline and running SAA responder seems a little 
>too risky under IOS versions where the exploit documented in:
>
>http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml#software
>
>hasn't been patched.
>
>\|/ JRM \|/
>
>----- Original Message -----
>From: Paul Kohler <pkohler at cisco.com>
>Date: Friday, June 13, 2003 12:38 pm
>Subject: Re: [nsp] SAA really a true measure?
>
> > inline
> >
> > At 10:08 AM 6/13/2003, jeff.marsh at shaw.ca wrote:
> > > >From the "Re: [nsp] intermitten ping lags on 7500/rsp4/256M"
> > discussion,
> > > Dmitri Kalintsev wrote:
> > >
> > > > ...but, at much closer look, quite useless. ;) Routers are there
> > > > to *route*
> > > > packets, not to reply to ICMP queries. That is why ICMP processing
> > > > is given
> > > > such a low priority (and not only by Cisco).
> > > >
> > > > If somebody needs to measure their network characteristics
> > *so* badly,
> > > > there's always Cisco SAA which seems to be part of almost
> > > > everything Cisco
> > > > has nowdays that runs IOS (no, I didn't look at fn, because I'm
> > > > stubborn and
> > > > lazy).
> > >
> > >But does SAA really provide a true measure - with what type of
> > priority do
> > >the routers respond to SAA queries? - obviously if SAA is used
> > with only
> > >ICMP (ie without using the SAA responder) the measurements are
> > going to be
> > >pretty much useless because of the low priority on ICMP processing...
> >
> > to factor our the majority of the processing time on your source
> > and
> > destination devices run SAA UDP Jitter or UDP Echo operations. As
> > mentioned
> > you need to enable "rtr responder" on the destination device. If
> > the
> > destination device is not a Cisco box then use UDP Echo and at
> > least you'll
> > have the majority of the source processing time factored out.
> > There's a
> > paper on this at
> > http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/sanpo_wp.htm
> >
> > Paul
> >
> >
> > >\|/ JRM \|/
> > >
> > >_______________________________________________
> > >cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > >http://puck.nether.net/mailman/listinfo/cisco-nsp
> > >archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >



More information about the cisco-nsp mailing list