On Sun, May 06, 2007, Joe Maimon wrote:
When the cards consistently fall in certain patterns, you can actually read them quite easily.
Not if the cardplayer is lying..
The standard control plane arguments dont apply when the pattern holds all the way through to equipment under your {remote-}control.
In this specific instance, I find interesting the disparity of results between each hop ICMP echo and traceroute time exceeded processing, all the way up to the final hop.
I wouldnt care if the application protocols rode well, but they dont seem to.
Have you fired up ethereal/wireshark at either end and sniffed the packet flow to see exactly whats going on under these circumstances? Is there a difference between IPSEC and normal TCP traffic? Whats handling your IPSEC at either end? etc, etc. I've got plenty of graphs available which show modern Cisco equipment holding -horrible- ping variance compared to forwarding variance. Eg - Cat 4500 acting as LAN router and switch having ping RTT between <1ms and 15ms, but forwarding ping RTT (ie, to a PC at the other end doing 100% bugger all) is flat sub-1ms. (Makes for some -very- interesting VoIP statistics if you're not careful.) I say "You need more information before jumping to conclusions" and "the information you have, whilst probably quite valid when correlated with other information, isn't going to be very helpful by itself." Adrian