[outages] Reading Traceroutes (was Re: Packet loss to 4.2.2.2)
Naveen Nathan
naveen at lastninja.net
Thu Sep 13 08:07:11 EDT 2012
> Just a reminder to all:
>
> intermediate hops on a traceroute may show high packet drops *without that
> router actually dropping any real traffic packets*. Many routers are
> required by their design to force ICMP traffic up into the CPU, where actual
> packets may remain down on the much more efficient cross-linecard-path, which
> means that if the router gets too busy doing "Real work", the ICMP will be
> the first thing to go.
>
> Evidence of this is usually a large degree of packet loss which starts and
> ends with one hop in your trace; if *everything past a certain point* seems
> to be dropping roughly the same percentage of traffic, *that* is probably
> the outbound link from the router.
Bingo. Traceroute is not a true indicator of packet loss; ping on the other hand would be so long as the endpoint or intermediate endpoints aren't interfering with the flow and don't icmp rate limit.
In any case, I would like to point an excellent resource for interpreting
traceroute results from NANOG47:
http://www.nanog.org/meetings/nanog47/presentations/Sunday/RAS_Traceroute_N47_Sun.pdf
- Naveen
More information about the Outages
mailing list