Re: ping_test
- From: Glen Turner <gdt gdt id au>
- To: Hylke Postma <hylke postma home nl>
- Cc: networkmanager-list gnome org
- Subject: Re: ping_test
- Date: Fri, 16 May 2014 11:32:55 +0930 (CST)
I would argue against this as a general feature and plead for very careful
consideration of any default values offered to the user.
ICMP Echo across a ISP network no longer reflects the behaviour of
forwarded packets.
Firstly, on each processor us ISPs rate limit responds to ping. So if you
don't get a response you don't know if it is the rate-limiting or a
failure.
Secondly, to prevent ping flooding ICMP Echo (and some other misused
protocols) often get their own QoS class with limited bacndwidth. That
class can experience congestion not seen by non-diagnostic traffic.
Thirdly, if the ping target filters ICMP Echo -- viewing your
non-diagnostic use as misuse -- then you will declare the link down. Based
on the unfortunate experience with NTP I can tell you that some embedded
systems will hardcode the target IP address and the bandwidth implications
of pings from millions of embedded systems will cause the target to drop
pings, even if that drops people's connections.
If you are going to offer a default address then that address should refer
to your own global anycast network of ping responders. Furthermore you
should be prepared to cope with the high administration cost of dealing
with misuse of that service (for example, you'd need to use enough
prefixes via enough ASs to prevent a simple BGP hiajack from taking all
the systems offline). That's fine for Microsoft, less so for Linux
distributors. You should certainly not use the addresses of the root
nameservers or of other network infrastructure.
What I would suggest instead is a kernel patch to monitor TCP connection
dropouts from TCP connection timeouts, user abandonments and ICMP
unreachables. If you get an episode where all connections routing out the
same interface experience connection loss then punt that into userspace.
NetworkManager could then use that signalling to attempt to reestablish
the interface's link (after logging the interface stats and link stats to
allow for post-episode investigation).
You'd want to show some care automatically restarting links, as some
technologies have a small charge for a new link connection and this can
rapidly add up. I think there's a good argument for an exponential backoff
and that if a link is substantially dodgy then NM simply abandons attempts
at link restart and leaves it to the network administration to actually
fix the issue.
I hope this mail suggests that NetworkManager is part of a network
ecosystem and for this particular feature fitting into the ecosystem well
is vital and needs close consideration.
-glen
--
Glen Turner <http://www.gdt.id.au/~gdt/>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
