ICMP echo request/reply is handy for determining if a route exists at all ...
(reads article - I've got a five digit /. ID and that was after lurking for several years - respond first, ask questions/read article later)
Oh. You now fail to understand networks in Rust instead of C/Python/nicker elastic. sighs in policy based routing tables.
A modern mtr (traceroute is so 90's) should do things like run up and down the stack for each point along a route. It will still probably need to use the TTL field to find each point (IP) but then use ICMP/TCP/UDP/etc to measure that point in some way or perhaps interpolate it from points either side.
When I want to really get to grips with latency and stuff, I start off with a small dedicated box on a customer network and "smoke ping" with all points measurable on the path. I also have several running from our datacentre and a fair few RIPE Atlas probes too.
traceroute is handy but you must be able to decipher what it is telling you. Wearing a stethoscope does not make you a doctor.
>Many routers deprioritize or drop ICMP to save CPU.
Not exactly.
Most big routers have ASICs (custom silicon) that can handle the bulk of routing decisions, like an interface card will have a chip that can directly determine where a packet needs to go and forwards it there. These are extremely fast, but limited, and are called "fast path".
Aside: Too many ACLs is a common way that packets fall off the fast path, and is why routers on the public Internet will happily forward along bogon traffic that by it's very nature is just wasting bits on the pipes.
There are some things that the fast path cannot handle, and generating ICMP TTL exceeded messages is one of them. Those go over to the router CPU, which historically has been insanely underpowered. Back when I was doing more routing it was common to have host CPUs in the multi-GHz range with multiple cores, but routers of a similar class would have a 100MHz MIPS CPU.
That's why, as the article goes on to explain, "*"s in the traceroute may not indicate a problem. It's not necessarily a literal deprioritization of ICMP.
If you ever see packet loss in a trace at one step but the steps after it aren't showing it, you can ignore that packet loss, it's likely a CPU limitation on a busy router.
I worked on a board (a switch, not a router) with a chip that could saturate all 10 of its GigE ports all day long if you stayed in the fabric. But if you had to pass anything over to the built-in single-core 250 MHz CPU, you were in for a bad time. (Thankfully it also had pins for wiring up your own external CPU.)
Once upon a time (early 90s) I read a very funny story on traceroute featuring parrots, one named Polly, and shotguns. But I can’t find it. It might have been in a Usenet group. I would love to find it again.
tracepath on Linux does not need the CAP_NET_RAW capability (or full root capabilities) during network data processing because it relies on the Linux socket error queue behavior. I assume traceroute on OpenBSD opens all required sockets and immediately drops privileges.
Funny timing of this, just last night I experimented with AI building an "ip intelligence" tool that includes a fast traceroute function and a bunch of IP information (ASN, organization, geolocation, CIDR info, DNSBL, reverse IP... mtr is my go-to for network traces, but (given root permissions) the trace it'll run in less than a second.
(reads article - I've got a five digit /. ID and that was after lurking for several years - respond first, ask questions/read article later)
Oh. You now fail to understand networks in Rust instead of C/Python/nicker elastic. sighs in policy based routing tables.
A modern mtr (traceroute is so 90's) should do things like run up and down the stack for each point along a route. It will still probably need to use the TTL field to find each point (IP) but then use ICMP/TCP/UDP/etc to measure that point in some way or perhaps interpolate it from points either side.
When I want to really get to grips with latency and stuff, I start off with a small dedicated box on a customer network and "smoke ping" with all points measurable on the path. I also have several running from our datacentre and a fair few RIPE Atlas probes too.
traceroute is handy but you must be able to decipher what it is telling you. Wearing a stethoscope does not make you a doctor.
reply