neufuse Veteran Posted November 22, 2016 Veteran Share Posted November 22, 2016 While looking into a latency issue with our default gateway, I started up ping plotter and got what is attached... This is a pong straight to the default gateway, what do all the blank lines mean? I dont get them when doing a plot to anything else, only when I go to the default gateway Link to comment https://www.neowin.net/forum/topic/1314620-blank-lines-in-ping-plotter/ Share on other sites More sharing options...
+BudMan MVC Posted November 22, 2016 MVC Share Posted November 22, 2016 What software are you using? Did you RTFM for it?? Clearly you have a packet loss there with the red lines. The black is normally a representation of the variation in the response time... Like a smokeping graph.. Not exactly sure what you mean by blank?? What I don't get is why are you hiding your 10.10 address?? What is the point of that.. Its like telling you I live on the planet earth For an address.. So your pinging something inside your network at a 10 address and your getting that sort of packet loss? Is it wireless?? Or is that over the internet?? What exactly are you pinging?? Devices can not answer ping if they are busy doing other stuff. Firewall/router might not answer ping or answer very fast, which could look like a timeout/packet loss if they are busy routing or firewalling. Doing their job is more important than answering a ping. Like if you were in the middle of juggling some balls and your phone rang, -- what is more important So while sure ping is a easy simple test to test that connectivity exist, its not always a valid test of packet loss, etc. Might just be a busy device, etc.. Link to comment https://www.neowin.net/forum/topic/1314620-blank-lines-in-ping-plotter/#findComment-597678190 Share on other sites More sharing options...
neufuse Veteran Posted November 23, 2016 Author Veteran Share Posted November 23, 2016 3 hours ago, BudMan said: What software are you using? Did you RTFM for it?? Clearly you have a packet loss there with the red lines. The black is normally a representation of the variation in the response time... Like a smokeping graph.. Not exactly sure what you mean by blank?? What I don't get is why are you hiding your 10.10 address?? What is the point of that.. Its like telling you I live on the planet earth For an address.. So your pinging something inside your network at a 10 address and your getting that sort of packet loss? Is it wireless?? Or is that over the internet?? What exactly are you pinging?? Devices can not answer ping if they are busy doing other stuff. Firewall/router might not answer ping or answer very fast, which could look like a timeout/packet loss if they are busy routing or firewalling. Doing their job is more important than answering a ping. Like if you were in the middle of juggling some balls and your phone rang, -- what is more important So while sure ping is a easy simple test to test that connectivity exist, its not always a valid test of packet loss, etc. Might just be a busy device, etc.. sadly policy....... we have to mask any internal ip's by policy..... just a security requirement, I didn't write it, I don't want fired for not following it it's a workstation plugged right into the Cisco 3850 switch that is also the default gateway, I'm as I said before pinging the default gateway, which was set up on the switch then routed back to our main ASA box.. and it's ping plotter... and I couldn't find anything in their documentation about the blank lines... or nothing that explained what I saw besides it's an untraceable host in a hop... but it's saying I have 18 hops too the IP... 18 hops to the default gateway... it's a whole one hop away from me network typography wise... if I do a trace route to the same IP I get a varying number of hops each time I run it... one time it's 2 one time it's 24... each between are blank and timed out... I'm just trying to figure out why this is happening when it's literally the first hop in the network off the workstation, not really sure where to look or why this is happening Link to comment https://www.neowin.net/forum/topic/1314620-blank-lines-in-ping-plotter/#findComment-597678400 Share on other sites More sharing options...
+BudMan MVC Posted November 23, 2016 MVC Share Posted November 23, 2016 12 hours ago, neufuse said: if I do a trace route to the same IP I get a varying number of hops each time I run it... one time it's 2 one time it's 24 Huh??? Thought you said it was "your" default gateway.. Your default gateway is always going to be on the same network as you.. So if I am on a 10.10.10.0/24 network, lets say I am 10.10.10.100, my gateway is going to be 10.10.10.X That you would get more than 1 hop tells me there is something really really wrong!! > ipconfig Windows IP Configuration Ethernet adapter Local: Connection-specific DNS Suffix . : local.lan IPv4 Address. . . . . . . . . . . : 192.168.9.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.9.253 > tracert 192.168.9.253 Tracing route to pfsense.local.lan [192.168.9.253] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms pfsense.local.lan [192.168.9.253] Do you mean your pinging the IP address of your internet/border/edge router lan IP, and your connected to some downstream router? If this is more than 2 hops you got a really weird network setup!! And prob overcomplicated.. I could say like 3 would be the most 12 hours ago, neufuse said: it's a workstation plugged right into the Cisco 3850 switch that is also the default gateway So this 3850 is in layer 3 mode and routing?? And your pinging its SVI?? Or you pinging some IP upstream in your network?? So when your saying your pinging your default gateway.. That would be the 10.10.10.X address.. Or you pinging some other IP farther upstream in your network at that A.B.C.D address? If your pinging A.B.C.D and your getting different route paths.. You have something WRONG!! If you could give some detail of your network layout, we can figure out what is not correct.. Even if you take out the packetloss, pinging inside your network should really be less than 1ms even if a few hops internally.. Or you have some equipment that is really busy and prob undersized.. Or something odd going on.. As to 24 hops in your own network?? Make no sense at all without some sort of routing loop.. Even if you were working for the largest of largest of enterprises, Internet really should never be more than a few hops away.. And that would be if you were getting internet from some remote DC connection of yours, etc. So this is where your saying your getting blank lines.. Those are suppose to be the hops to what your pinging.. If your saying when you trace it is 2 hops 1 time and 24 hops the next, yeah you got a MAJOR PROBLEM and that is what is confusing ping plotter. Link to comment https://www.neowin.net/forum/topic/1314620-blank-lines-in-ping-plotter/#findComment-597678890 Share on other sites More sharing options...
neufuse Veteran Posted November 23, 2016 Author Veteran Share Posted November 23, 2016 3 minutes ago, BudMan said: Huh??? Thought you said it was "your" default gateway.. Your default gateway is always going to be on the same network as you.. So if I am on a 10.10.10.0/24 network, lets say I am 10.10.10.100, my gateway is going to be 10.10.10.X That you would get more than 1 hop tells me there is something really really wrong!! > ipconfig Windows IP Configuration Ethernet adapter Local: Connection-specific DNS Suffix . : local.lan IPv4 Address. . . . . . . . . . . : 192.168.9.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.9.253 > tracert 192.168.9.253 Tracing route to pfsense.local.lan [192.168.9.253] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms pfsense.local.lan [192.168.9.253] Do you mean your pinging the IP address of your internet/border/edge router lan IP, and your connected to some downstream router? If this is more than 2 hops you got a really weird network setup!! And prob overcomplicated.. I could say like 3 would be the most So this 3850 is in layer 3 mode and routing?? And your pinging its SVI?? Or you pinging some IP upstream in your network?? So when your saying your pinging your default gateway.. That would be the 10.10.10.X address.. Or you pinging some other IP farther upstream in your network at that A.B.C.D address? If your pinging A.B.C.D and your getting different route paths.. You have something WRONG!! If you could give some detail of your network layout, we can figure out what is not correct.. Even if you take out the packetloss, pinging inside your network should really be less than 1ms even if a few hops internally.. Or you have some equipment that is really busy and prob undersized.. Or something odd going on.. As to 24 hops in your own network?? Make no sense at all without some sort of routing loop.. Even if you were working for the largest of largest of enterprises, Internet really should never be more than a few hops away.. And that would be if you were getting internet from some remote DC connection of yours, etc. you heard me right... it's *my* default gateway... it's on the same subnet as me, the switch is in L3 routing mode, the switch is then pointing all traffic from that to our ASA box. Lets just say the gateway is for example 10.10.5.50, My address is 10.10.5.200.. I do a trace route to 10.10.5.50 and every time the number of hops between me and there is never 1... it's 5 or 15 or even 20 but there is never any IP or other detail related to those blank hops.. that's what started my original question, when I was seeing that it immediately stood out as a WTF is this moment. If I trace our ISP's gateway I get the same varying hop length blank hops then to our ISP gateway just fine. If I trace outside the network... same thing... If I trace any other IP in our network in the same subnet no blank hops, only when I go to this specific gateway do they show up. The CPU load on the switch is "low" and the throughput is below the switching capabilities of the switch (it's averaging about 10Gbps to 94Gbps depending on time of day) Ours claims it has 176Gbps switching capability so I hope it's not over worked. Although I don't know how much the throughput drops once you start adding L3 routing and rules into the mix Link to comment https://www.neowin.net/forum/topic/1314620-blank-lines-in-ping-plotter/#findComment-597678900 Share on other sites More sharing options...
+BudMan MVC Posted November 23, 2016 MVC Share Posted November 23, 2016 So what are you using for the engine in ping plotter for your pings.. I just installed it an looks like its using UDP.. Which if your router doesn't send back unreachable icmp packets could cause all kinds of weirdness. Love how its says icmp windows dll is default - BS, it was using UDP as default, and my gateway does not send back icmp non reachables.. So it was giving my 100% packet loss to my default gateway. Until I changed it to icmp.. I could have my pfsense send back the response.. I have this setup on the wan so I can traceroute to my public IP from the outside and get an answer.. But I switched it to use icmp and now for me is working as you would expect.. So your saying when you traceroute from your test machines OS, windows? tracert 10.10.5.50 your getting multiple hops... Or only in this tool its showing you crazy hops? Link to comment https://www.neowin.net/forum/topic/1314620-blank-lines-in-ping-plotter/#findComment-597678904 Share on other sites More sharing options...
Recommended Posts