On Aug 27, 2013, at 6:24 AM, Saku Ytti <s...@ytti.fi> wrote: > On (2013-08-27 10:45 +0200), Emile Aben wrote: > >>> 224 vantage points, 10 failed. >> >> 48 byte ping: 42 out of 3406 vantage points fail (1.0%) >> 1473 byte ping: 180 out of 3540 vantage points fail (5.1%) > > Nice, it's starting to almost sound like data rather than anecdote, both > tests implicate 4<5% having fragmentation issues. > > Much larger number than I intuitively had in mind.
I'm pretty sure the failure rate is higher, and here's why.
The #1 cause of fragments being dropped is firewalls. Too many admins
configuring a firewall do not understand fragments or how to properly put them
in the rules.
Where do firewalls exist? Typically protecting things with public IP space,
that is (some) corporate networks and banks of content servers in data centers.
This also includes on-box firewalls for Internet servers, ipfw or iptables on
the server is just as likely to be part of the problem.
Now, where are RIPE probes? Most RIPE probes are probably either with somewhat
clueful ISP operators, or at Internet Clueful engineer's personal connectivity
(home, or perhaps a box in a colo). RIPE probes have already significantly
self-selected for people who like non-broken connectivity. What's more, the
ping test was probably to some "known good" host(s), rather than a broad
selection of Internet hosts, so effectively it was only testing the probe end,
not both ends.
Basically, I see RIPE probes as an almost best-case scenario for this sort of
broken behavior.
I bet the ISC Netalyzer folks have somewhat better data, perhaps skewed a bit
towards broken connections as people run Netalyzer when their connection is
broken! I suspect reality is somewhere between those two book ends.
--
Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
signature.asc
Description: Message signed with OpenPGP using GPGMail
