[SLUG] IPSec tunnel latency

Jean-Francois Dive jef at linuxbe.org
Wed Jan 16 08:32:46 EST 2002


This is definitively qui strange. It is possible that the provider would
make some QOS on the path. Routing on a different path is possible but
very unlikely i think.  I would proceed this way:

- enable some debugs for this particular tunnel and see if there is not
some strange things happening that could explain this latency.
- Try to find a tool (or write one) which send packet with IP proto at 50,
and tcpdump them on the other side and see what is the latency.
- I hardly imagine that a modem could not work for those particula
- check the level of ICMP returning to the problematic side, maaybe is
there an MTU problem.
- Check if you dont have too much packet droped by IPSec (most likely,
rejected because out of window, this indicate that the packet going are
not following the path of the incoming one), which could explain a lot of
TCP retransmissions.
- Check the decrypted traffic for such retransmit of TCP segments.


On Wed, 16 Jan 2002, Howard Lowndes wrote:

> Further to this enquiry.  I have got the timing graphs posted at
> http://caterworld.com.au/traffic/packets if you want to see what I am on
> about.
> On Wed, 16 Jan 2002, Howard Lowndes wrote:
> > Would anyone care to make a stab in the dark on this one before I do a
> > 250km trip to replace the modem.
> --
> Howard.
> LANNet Computing Associates - Your Linux people
> Contact detail at http://www.lannetlinux.com
>  "We are either doing something, or we are not.
>  'Talking about' is a subset of 'not'."
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://lists.slug.org.au/listinfo/slug

More information about the linux mailing list