[Swan-dev] Ping loss
Andrew Cagney
andrew.cagney at gmail.com
Sat Mar 27 19:30:32 UTC 2021
On Sat, 27 Mar 2021 at 14:36, Paul Wouters <paul at nohats.ca> wrote:
>
> Begin forwarded message:
>
> > New commits:
> > commit d49d315ec8b71377a1fc9de9f0277d1396fec5c7
> > Author: Andrew Cagney <cagney at gnu.org>
> > Date: Sat Mar 27 12:52:52 2021 -0400
> >
> > testing: sprinkle ping-once
> >
> > things are getting interesting for instance, replacing:
> > ping -c 2 ...
> > 50% packet loss, but sometimes 100%
> > with:
> > ping-once --forget
> > wait-for traffic status
> > ping-once --up
>
> Remember an on-demand tunnel eats the first icmp packet, maybe two on
occasion if things are slow. That is why I usually now do a single ping
they triggers the tunnel and a second -c4 ping to show no packet loss.
Right, ping + sleep + ping-c4 is an improvement. However, there's still no
guarantee that the sleep is long enough, and ping-c4 can miss the last
response. Hence, this change:
- send a single packet, barely wait for a response:
# one packet, which gets eaten by XFRM, so east does not initiate
road #
../../pluto/bin/ping-once.sh --forget -I 192.1.3.209 192.1.2.23
fired and forgotten
road #
- now wait for the negotiation to complete - notice how, at this point,
in/out bytes are, as expected, zero:
# wait on OE IKE negotiation
road #
../../pluto/bin/wait-for.sh --match private-or-clear -- ipsec whack
--trafficstatus
006 #2: "private-or-clear#192.1.2.0/24"[1] 10.0.10.1/32=== ...192.1.2.23,
type=ESP, add_time=1234567890, inBytes=0, outBytes=0, id='C=CA, ST=Ontario,
L=Toronto, O=Libreswan, OU=Test Department, CN=e
ast.testing.libreswan.org, E=user-east at testing.libreswan.org', lease=
10.0.10.1/32
road #
- next send out a packet that should travel through the tunnel; since a
response is expected, wait a long time for the response (at least when
compared to default ping):
# should show established tunnel and no bare shunts
road #
../../pluto/bin/ping-once.sh --up -I 192.1.3.209 192.1.2.23
up
- finally confirm the packet was tunneled:
road #
ipsec whack --trafficstatus
006 #2: "private-or-clear#192.1.2.0/24"[1] 10.0.10.1/32=== ...192.1.2.23,
type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='C=CA,
ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN
=east.testing.libreswan.org, E=user-east at testing.libreswan.org', lease=
10.0.10.1/32
road #
ipsec whack --shuntstatus
000 Bare Shunt list:
000
(I am so tempted to sanitize outBytes=84 to outBytes=1-ping)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210327/ae14c121/attachment.html>
More information about the Swan-dev
mailing list