playing with tcptrace and xplot

Posted on September 29, 2008 by mike

# tcpdump -ni en0 port 80 -w output.trace # tcptrace -G output.trace # xplot *tput.xpl

From the online manpage:

Yellow: instantaneous packets
Red: Throughput for the last few packets
Blue: Throughput since the start of the stream/connection

Other useful graphs:

_owin.xpl – outstanding data/congestion
_rtt.xpl – round trip time/time
_ssize.xpl – segment size/time
_tput.xpl – throughput/time
_tsg.xpl – time sequence graph
_tline.xpl – Timeline graph – W Richard Stevens style

Just some notes here so I don’t forget the basics – manual over at here.

interesting posts from NANOG

Posted on September 26, 2008 by mike

Following reply by iljitsch van Beijnum about queueing delays in IP, looked to be a good little summary.

The answer is that delay is only one aspect of performance, another important one is packet loss. As link bandwidth increases, queuing delays decrease proportionally. So if you’re using your 10 Mbps link with average 500 byte packets at 98% capacity, you’ll generally have a 49-packet queue. (queue = utilization / (1 – utilization)) Our 500 byte packets are transmitted at 0.4 ms intervals, so that makes for a 19.6 ms queuing delay.

So now we increase our link speed to 100 Mbps, but for some strange reason this link is also used at 98%. So the average queue size is still 49 packets, but it now only takes 0.04 ms to transmit one packet, so the queuing delay is only 1.96 ms on average.

As you can see, as bandwidth increases, queuing delays become irrelevant. To achieve even 1 ms queuing delay (that’s only 120 miles extra fiber) at 10 Gbps you need an average queue size of 833 even with 1500-byte packets. For this, you need a link utilization of almost 99.9%.

However, due to IP’s bursty nature the queue size is quite variable. If there is enough buffer space to accommodate whatever queue size that may be required due to bursts, this means you get a lot of jitter. (And, at 10 Gbps, expensive routers, because this memory needs to be FAST.) On the other hand, if the buffer space fills up but packets keep coming in faster than they can be transmitted, packets will have to be dropped. As explained by others, this leads to undesired behavior such as TCP congestion synchronization when packets from different sessions are dropped and poor TCP performance when several packets from the same session are dropped. So it’s important to avoid these “tail drops”, hence the need for creative queuing techniques.

However, at high speeds you really don’t want to think about this too much. In most cases, your best bet is RED (random early detect/drop) which gradually drops more and more packets as the queue fills up (important: you need to have enough buffer space or you still get excessive tail drops!) so TCP sessions are throttled back gradually rather than traumatically. Also, the most aggressive TCP sessions are the most likely to see dropped packets. With weighted RED some traffic gets a free pass up to a point, so that’s nice if you need QoS “guarantees”. (W)RED is great because it’s not computationally expensive and only needs some enqueuing logic but no dequeuing logic.

argh, SNMP can really chafe!

Posted on September 26, 2008 by mike

Using version 1:

% snmpget -c COMMSTRING -M /usr/local/share/snmp/mibs -v 1 -m USAGE-MIB:PROXY-MIB:REDLINE-STATS-MIB:REDLINE-STATS-MIB:REDLINE-CONFIG-M IB hostname REDLINE-STATS-MIB::sessActive.0 Error in packet Reason: (noSuchName) There is no such variable name in this MIB. Failed object: REDLINE-STATS-MIB::sessActive.0
Using version 2 (2c):
% snmpget -c COMMSTRING -M /usr/local/share/snmp/mibs -v 2c -m USAGE-MIB:PROXY-MIB:REDLINE-STATS-MIB:REDLINE-STATS-MIB:REDLINE-CONFIG-M IB hostname REDLINE-STATS-MIB::sessActive.0 REDLINE-STATS-MIB::sessActive.0 = Counter64: 12247
Slightly annoying that – but makes certain sense

the war of the worlds reprise

Posted on September 14, 2008 by mike

well it looks like war of the worlds is going to be back on tour in the UK next year, so will definitely have to look at going to see a show when they’re in London.

What I didn’t know is that they used image metrics to model Richard Burton’s face during the dialogue, which I remembered reading about in the last few weeks. So will be interesting to see what they can do coming up

fare thee well drupal

Posted on September 8, 2008 by mike

So after nearly two and a half years I’ve finally said farewell to drupal and gone back to wordpress, why?

Well mostly because I was finding drupal a little too complicated for what I was really wanting – which was just a simple place to keep track of random things – will mean I’ll loose the ability of doing some things that I did like to throw together, but then again – I shouldn’t have so much time to do that now either!

Lets see how long this lasts!

solaris zone utilisation via SNMP

Posted on September 8, 2008 by mike

It’s been a bug-bear for a long time for me that the CPU metrics when querying a Solaris 10 host are global and not zone specific (which of course makes sense, just makes it harder to track zone utilisation).

So finally wrote a basic perl script that will provide that information via a SNMP mib, output looks like the following:

> snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255.7 UCD-SNMP-MIB::ucdavis.255.7.0 = STRING: "Zone name" UCD-SNMP-MIB::ucdavis.255.7.1 = STRING: "global" UCD-SNMP-MIB::ucdavis.255.7.2 = STRING: "gallery" UCD-SNMP-MIB::ucdavis.255.7.3 = STRING: "nakos" UCD-SNMP-MIB::ucdavis.255.7.4 = STRING: "mcdougallfamily" UCD-SNMP-MIB::ucdavis.255.7.5 = STRING: "shared" UCD-SNMP-MIB::ucdavis.255.7.6 = STRING: "packer" UCD-SNMP-MIB::ucdavis.255.7.7 = STRING: "si"
Script is available at here

Current bugs/issues
# snmpwalk will not step through all the sub-trees

asnaedae @ home

random musings from a twisted mind

Monthly Archives: September 2008