I have a customer with a WAN link 280 miles apart. Us (the Vendor) have an IP address on each side both on the same subnet on an isolated VLAN. Pings from site A to site B are around 8ms consistently with no drops. Pings from site B to site A vary from 8ms to 750ms. When I run a 64 byte 1 packet ping every 5 seconds I see the 10 latest ping reply times of : 9ms, 9ms, 32ms, 14ms, 264ms, 13ms, 36ms, 19ms, 17ms, 254ms. My natural reaction is to take a network trace. The issue is on the remote side (site B) there's only our equipment on the IP network. We don't have a tcptrace capability. I would also like to ping between other IP addresses at site A or site B, but the customer doesn't have any other IP addresses on this VLAN. If I don't have any other way to solve this I'm thinking I need to get the customer to assign an IP address to the VLAN on each side. I'm looking for suggestions on what could be causing a longer ping time in one direction. I've doubled checked the speed/duplex settings on the interfaces and switch ports. We're not getting any dropped packets or other errors on the switch ports. I've checked the subnet masks. It's possible we have a duplicate IP address or bad arp entry. But it happens when I ping two different IP address on site A (from site B). asked 07 Sep '12, 07:49  gipper |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Why do you think the issue is on the remote side (site B)? If you ping from site A to site B and response times are consistently around 8ms, then it tells me that the host at site B replying to those ping packets is able to service those packets in a timely & consistent manner. To me, the problem appears to be with the host at site A. Perhaps it's overloaded? If you capture as close to the site A host as you can, you will eliminate the network latency and essentially capture the tier processing time of that host. I would recommend capturing on both sides to have the best picture though.
Did'nt you mention the IP address of Site A and B are in the same subnet? If yes, the trace will not reveal anything, right?
BTW: what is the base technology for the WAN link? What does your infrastructure look like from site A to site B?
Gipper, When you say "I see the 10 latest ping reply times of : 9ms, 9ms, 32ms, 14ms, 264ms, 13ms, 36ms, 19ms, 17ms, 254ms."
do you mean that this only happens on the last ten packets? Or is the delay random? At a first glance, I would say that you have heavier/burstier utilization from B to A. Can you check the interface stats from B to A direction?
Also, try this. Ping site A's WAN interface and see if the time fluctuates. So if you have
RTR A---SERIAL0/1/0 (192.168.1.1) ------wan-----(192.168.1.2) serial0/1/0 - RTR B
jump on router A and ping 192.168.1.1