networking - Where is packet loss occuring? (Interpreting MTR)

06
2014-04
  • cat pants

    If MTR is showing something like:

    1. 192.168.0.1    0.0%
2. 1.2.3.4        50.0%
3.  etc

    That clearly shows that the packet loss is my ISP's fault, correct?

    But if I'm seeing:

    1. 192.168.0.1    50.0%
2. 1.2.3.4        0.0%
3.  etc

    That means it's the hop between my workstation and my router? Ie, it's my wireless card?

    • Answers
  • M.Bennett

    The packetloss at your router will probably be an overloaded router dropping packets where normally an error packet would be generated. Try increasing the interval...see if there are changes.

    Beyond that the packet loss figures don't really mean anything to your connection with the destination ip.

  • Nevin Williams

    The theoretical example where your first hop has 50% loss, but your second has none is quite unlikely, though covered above... Were your WiFi link lossy to the first hop, it would remain lossy to subsequent hops.

    As for assigning fault based on traceroutes: I've professionally done senior-level network operations for over a decade, with full access to switches and routers (error counts, traffic levels, cache flows -- all manners of stats and metrics -- giving me visibility well beyond what a simple traceroute could provide, yet determining where packet loss was occurring to a host on a remote network was still an inexact art, mostly because the return path from the other host was obscured: Unless I had a traceroute back to me from the remote host, I could only guess at how return traffic was getting back to my workstation. I shall suggest that beyond the first or second hop in your traceroutes, there's not much you can do (or make meaningful deductions) with ping and traceroute.


    • Related Question

    networking - Simulate packet losses over a network switch
  • Tsahi Levent-Levi

    We have a network switch here and we can easily ask it to limit the bandwidth it allows, which is nice. It would be great if we could also ask it to generate packet losses for us - doing this with WANem is possible, but adds latencies and we are dealing with real-time applications, so any latency that we add is bad for us. Anyone knows of a network switch or a router that allows this or can be hacked to accomodate for it?


    • Related Answers
  • Robert Leckie

    All switches that have rate-limiting either on port or vlan should allow you to "simulate" packet loss. If your application needs 1mb of traffic then set the limit to just below that and the switch should drop packets.

    Remember that all switches that have this functionality have to sample to be able to limit. For example: port 1 is set to 1mb limit. Port 1 sends 2mb traffic for a fraction of a second. Most of it will probably make it through. This is because until the switch can detect and measure how much traffic comes through then it doesn't know what to drop. Depending on your vendor this can be implemented in many ways, some buffer and then will drop packets from the buffer, and some will just allow the moment in and out and then limit.

    If you are looking for exactly how your application will respond I would suggest setting up a BSD box right in front of the computer you are testing the application on. BSD (just because I use them for my firewalls) has a command called ipfw that will allow you to directly control a connection. So lets assume the following is your current scenario:

    +--------------------+      +----------------+
| Application Server | ---> | Client Machine |
+--------------------+      +----------------+

    I understand that this would be an over-simplification but it illustrates the concept. What you can do is setup a nat in the middle and have it rate limit

    +--------------------+      +-----------------------+      +----------------+
| Application Server | ---> | Rate Limit Box        | ---> | Client Machine |
|           10.0.0.5 |      | 10.0.0.6  192.168.1.1 |      | 192.168.1.2    |
+--------------------+      +-----------------------+      +----------------+

    Once again I know this is an over-simplification. I added IP's so that I could show you what the commands would be in BSD on the Rate Limit Box. First set up BSD to act as a normal router, you could use pf sense etc. Then you could add the following commands at prompt.

    ipfw pipe 1 config bw 101Kbit
ipfw add 1 pipe 1 ip from 10.0.0.5 to 192.168.1.2
ipfw add 2 pipe 1 ip from 192.168.1.2 to 10.0.0.5

    This would simulate a 101kb connection to and from the client to server. You can then change the 101 value to anything to be able to see what happens at various limits. The real advantage that this has over a switch that supports the limiting features is that it is cheap (a simple computer with a couple of interfaces) and that you can use wireshark to capture the traffic if necessary to then see what exactly is being dropped and how much. This information could be very useful in designing a better application.

    imho