Home Traffic Analysis Traffic Monitoring Why constant packet losses in ISPs backbone?

I am currently seeing packet losses on my traceroute. However, you would get an answer Packet lost | ICMP picfrom your ISP tech support; "We don't see any issue on our backbone network at this time". It's a strange enough. Definitely, my output of traceroute shown packet losses and even my expensive monitoring system noticed it as well. They might have a real issue on their backbone, but most of time it is something else (???).
Here is a sample output of traceroute from Internet. Below yellow marker indicated packets dropping on Sprintlink.net. (ATTN:This is just for educational example, below output doesn't means Spintlink had an issue.)

PC node> traceroute

1 ee-0-5.1.net.net (x.x.x.x - hided IP) 0.612 ms 0.456 ms 0.351 ms
2 500.POS3-1.GW5.CHI2.ALTER.NET (x.x.x.x - hided IP) 1.340 ms 1.328 ms 1.275 ms
3 0.so-2-0-1.XT2.CHI2.ALTER.NET ( 1.231 ms 1.375 ms 1.189 ms
4 0.so-5-0-0.XL2.CHI13.ALTER.NET ( 2.457 ms 2.418 ms 2.387 ms
5 0.so-7-0-0.BR2.CHI13.ALTER.NET ( 2.413 ms 2.449 ms 2.438 ms
6 sl-st21-chi-3-0-0.sprintlink.net ( 2.291 ms 2.211 ms 2.433 ms
7 * * *
8 * * *
9 sl-stateil-189071-0.sprintlink.net ( 3.629 ms 3.804 ms 3.453 ms 10 ge-11-0-voyager2-sob2.chicago.lincon.net ( 3.439 ms 3.491 ms 3.354 ms
11 pos-6-0-sob2-sob1.chicago.lincon.net ( 8.100 ms 8.086 ms 9.308 ms
12 * * *
13 POS-4-0-satriani-peo-p1-petrucci-peo-p2.lincon.net ( 75.234 ms 21.367 ms 8.376 ms

Most of ISPs applied ICMP limitation policy on their backbone. Why they do that? Simple say security reason and actually there is no reason ISPs waste their bandwidth and resources which is busy to serve their customers. The ICMP limit policy is only affected packets destined to the core routers. Meaning when you ping the core IP directly or using traceroute which will send normally 3 packets from testing node to each hop. ICMP packets which are thru the core routers won't be affected at all. Because those traffic is a part of customer traffic.


ICMP limitation policy by ISP

When you are troubleshooting a packet losses issue, do not send ICMP packets to ISP's core routers. It gives you wrong and longer direction to resolve your issue. Some of ISP might not have the policy, but most tier 1 ISPs do. They still won't block the ICMP packets, but limited. Set a queue limit for ICMP packets is one of typical way. They set a 1Mega queue for ICMP traffic. So whenever ICMP packets are over 1Mega, ICMP packets will be discarded by the policy.

I remembered that one of client said his monitoring system reported packet losses within their Internet Service Provider's backbone network and sent me a copy of screen shot. It was one of popular monitoring software. Something called "Enhanced or intrusive monitoring" function which send multiple packets with different packet size. So when the software sends ICMP packet with 512KB packet size, it reported more trouble within ISP backbone. Because it fills up more quickly their limited ICMP queue.

Do not get me wrong, I do not against to the software company. Just want to give heads up proper way to use the software function.
I hope this is informative for you and thank you for viewing.



Last Updated (Tuesday, 19 May 2009 16:15)

Smart Link
Content View Hits : 2124883
Highly recommended firewall vendor?
Google Translation
English Arabic Chinese (Simplified) Czech Dutch French German Italian Korean Portuguese Russian Spanish Filipino Vietnamese Thai Turkish
BGP routing issue?
World Route Servers
Who's Online
We have 25 guests online