On 08/06/25 09:44, Jon Higgs wrote: > I've just checked my system again because I remember seeing something > similar, but never really bothered to get to the bottom of it. > > I have an USG-PRO-4 running OpenBSD 7.7 (octeon) as my firewall. I have > a stable ping time to the internet from its console: > > --- 8.8.8.8 ping statistics --- > 28 packets transmitted, 28 packets received, 0.0% packet loss > round-trip min/avg/max/std-dev = 1.277/1.407/2.327/0.227 ms > > But when I ping through that router, the ping times are unstable: > > PING 8.8.8.8 (8.8.8.8): 56 data bytes > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=119 time=3.467 ms > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=4.557 ms > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=3.062 ms > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=2.789 ms > 64 bytes from 8.8.8.8: icmp_seq=4 ttl=119 time=2.535 ms > 64 bytes from 8.8.8.8: icmp_seq=5 ttl=119 time=15.862 ms > 64 bytes from 8.8.8.8: icmp_seq=6 ttl=119 time=2.412 ms > 64 bytes from 8.8.8.8: icmp_seq=7 ttl=119 time=4.835 ms > 64 bytes from 8.8.8.8: icmp_seq=8 ttl=119 time=3.064 ms > 64 bytes from 8.8.8.8: icmp_seq=9 ttl=119 time=6.468 ms > 64 bytes from 8.8.8.8: icmp_seq=10 ttl=119 time=2.968 ms > 64 bytes from 8.8.8.8: icmp_seq=11 ttl=119 time=2.670 ms > 64 bytes from 8.8.8.8: icmp_seq=12 ttl=119 time=3.017 ms > 64 bytes from 8.8.8.8: icmp_seq=13 ttl=119 time=3.374 ms > 64 bytes from 8.8.8.8: icmp_seq=14 ttl=119 time=3.082 ms > 64 bytes from 8.8.8.8: icmp_seq=15 ttl=119 time=8.898 ms > 64 bytes from 8.8.8.8: icmp_seq=16 ttl=119 time=3.568 ms > 64 bytes from 8.8.8.8: icmp_seq=17 ttl=119 time=2.793 ms > 64 bytes from 8.8.8.8: icmp_seq=18 ttl=119 time=14.768 ms > 64 bytes from 8.8.8.8: icmp_seq=19 ttl=119 time=10.134 ms > 64 bytes from 8.8.8.8: icmp_seq=20 ttl=119 time=2.249 ms > 64 bytes from 8.8.8.8: icmp_seq=21 ttl=119 time=2.403 ms > ^C > --- 8.8.8.8 ping statistics --- > 22 packets transmitted, 22 packets received, 0.0% packet loss > round-trip min/avg/max/stddev = 2.249/4.953/15.862/3.849 ms > > That ping was conducted from a Mac connected to the network over > Ethernet. The situation is similar regardless which host or operating > system I ping from. > > The ping times between nodes on the same network segment is fast so the > latency isn't introduced by my switch. > > Cheers, > > Jon >
I had a thought that perhaps the latency was coming from NAT. I ran another test between two VLANs connected together by the same router. This route doesn't have NAT. It's an improvement but I still don't think it's working as well as it should: PING moth.i.altos (172.16.0.130): 56 data bytes 64 bytes from 172.16.0.130: icmp_seq=0 ttl=255 time=2.131 ms 64 bytes from 172.16.0.130: icmp_seq=1 ttl=255 time=2.518 ms 64 bytes from 172.16.0.130: icmp_seq=2 ttl=255 time=1.338 ms 64 bytes from 172.16.0.130: icmp_seq=3 ttl=255 time=1.673 ms 64 bytes from 172.16.0.130: icmp_seq=4 ttl=255 time=1.255 ms 64 bytes from 172.16.0.130: icmp_seq=5 ttl=255 time=1.221 ms 64 bytes from 172.16.0.130: icmp_seq=6 ttl=255 time=1.372 ms 64 bytes from 172.16.0.130: icmp_seq=7 ttl=255 time=1.306 ms 64 bytes from 172.16.0.130: icmp_seq=8 ttl=255 time=1.304 ms 64 bytes from 172.16.0.130: icmp_seq=9 ttl=255 time=1.318 ms 64 bytes from 172.16.0.130: icmp_seq=10 ttl=255 time=2.724 ms 64 bytes from 172.16.0.130: icmp_seq=11 ttl=255 time=7.588 ms 64 bytes from 172.16.0.130: icmp_seq=12 ttl=255 time=2.636 ms 64 bytes from 172.16.0.130: icmp_seq=13 ttl=255 time=1.286 ms 64 bytes from 172.16.0.130: icmp_seq=14 ttl=255 time=1.404 ms 64 bytes from 172.16.0.130: icmp_seq=15 ttl=255 time=1.187 ms 64 bytes from 172.16.0.130: icmp_seq=16 ttl=255 time=1.446 ms 64 bytes from 172.16.0.130: icmp_seq=17 ttl=255 time=3.033 ms 64 bytes from 172.16.0.130: icmp_seq=18 ttl=255 time=1.308 ms 64 bytes from 172.16.0.130: icmp_seq=19 ttl=255 time=1.230 ms 64 bytes from 172.16.0.130: icmp_seq=20 ttl=255 time=4.077 ms 64 bytes from 172.16.0.130: icmp_seq=21 ttl=255 time=1.279 ms 64 bytes from 172.16.0.130: icmp_seq=22 ttl=255 time=1.369 ms 64 bytes from 172.16.0.130: icmp_seq=23 ttl=255 time=1.099 ms 64 bytes from 172.16.0.130: icmp_seq=24 ttl=255 time=0.968 ms 64 bytes from 172.16.0.130: icmp_seq=25 ttl=255 time=1.030 ms 64 bytes from 172.16.0.130: icmp_seq=26 ttl=255 time=1.322 ms 64 bytes from 172.16.0.130: icmp_seq=27 ttl=255 time=8.230 ms 64 bytes from 172.16.0.130: icmp_seq=28 ttl=255 time=6.645 ms 64 bytes from 172.16.0.130: icmp_seq=29 ttl=255 time=1.207 ms 64 bytes from 172.16.0.130: icmp_seq=30 ttl=255 time=1.269 ms 64 bytes from 172.16.0.130: icmp_seq=31 ttl=255 time=6.929 ms 64 bytes from 172.16.0.130: icmp_seq=32 ttl=255 time=5.247 ms 64 bytes from 172.16.0.130: icmp_seq=33 ttl=255 time=1.580 ms 64 bytes from 172.16.0.130: icmp_seq=34 ttl=255 time=6.042 ms 64 bytes from 172.16.0.130: icmp_seq=35 ttl=255 time=2.017 ms 64 bytes from 172.16.0.130: icmp_seq=36 ttl=255 time=10.905 ms 64 bytes from 172.16.0.130: icmp_seq=37 ttl=255 time=4.784 ms 64 bytes from 172.16.0.130: icmp_seq=38 ttl=255 time=1.876 ms 64 bytes from 172.16.0.130: icmp_seq=39 ttl=255 time=6.749 ms 64 bytes from 172.16.0.130: icmp_seq=40 ttl=255 time=1.379 ms 64 bytes from 172.16.0.130: icmp_seq=41 ttl=255 time=1.389 ms 64 bytes from 172.16.0.130: icmp_seq=42 ttl=255 time=1.672 ms ^C --- moth.i.altos ping statistics --- 43 packets transmitted, 43 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.968/2.752/10.905/2.399 ms I double-checked by connecting directly to that VLAN so that my pings weren't routed through the route. The ping times improved but there were still a few spikes. --- moth.i.altos ping statistics --- 34 packets transmitted, 34 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.593/1.027/1.564/0.152 ms The target (moth) is running OpenBSD 7.7 on a Xeon E3-1271 v3. -- Jon
