Understanding How to Read Pings and MTR

I would really appreciate if one of you could look at the information below and explain what’s going on. @WSS already tried to explain this once…I’m ashamed of being dumb…but dumb nevertheless.

The ping resulted in a 70% packet loss…that seems fucked up. But an MTR from the same location:

64 bytes from 107.161.114.34 (107.161.114.34): icmp_seq=1 ttl=58 time=19.5 ms
64 bytes from 107.161.114.34 (107.161.114.34): icmp_seq=2 ttl=58 time=19.6 ms
64 bytes from 107.161.114.34 (107.161.114.34): icmp_seq=6 ttl=58 time=19.6 ms

10 packets transmitted, 3 received, 70% packet loss, time 1803ms
rtt min/avg/max/mdev = 19.599/19.636/19.695/0.042 ms

MTR from the same location.

                                                     Loss% Drop   Rcv   Snt  Last  Best   Avg  Wrst StDev Gmean Jttr Javg Jmax Jint
  1.|-- ???                                            100.0   10     0    10   0.0   0.0   0.0   0.0   0.0   0.0  0.0  0.0  0.0  0.0
  2.|-- 209.222.28.1                                    0.0%    0    10    10  13.8  11.7  16.2  27.4   5.2  15.6  7.9  6.3 13.7 48.1
  3.|-- ???                                            100.0   10     0    10   0.0   0.0   0.0   0.0   0.0   0.0  0.0  0.0  0.0  0.0
  4.|-- ae10-162.cr1-chi1.ip4.gtt.net (173.205.42.133)  0.0%    0    10    10   3.1   1.3   5.2  26.4   8.1   2.6  1.6  5.4 25.0 36.6
  5.|-- xe-0-0-2.cr1-cha2.ip4.gtt.net (89.149.129.205)  0.0%    0    10    10  25.0  19.5  21.5  26.4   3.0  21.3  0.9  0.9  6.9  8.0
  6.|-- ip4.gtt.net (69.174.9.154)                      0.0%    0    10    10  20.2  19.6  23.7  29.4   3.4  23.5  0.4  2.8  6.9 20.6
  7.|-- 107.161.114.34                                 90.0%    9     1    10  19.8  19.8  19.8  19.8   0.0  19.8  0.0  0.0  0.0  0.0

What assessment besides “this is fucked” would you reach? Why?


I would also appreciate if @Wolveix could setup a category for FAQs as I can’t be the only one interested in knowing this.

//Edit: This helped: Diagnosing Network Issues with MTR | Linode But would still like your input.

1 Like

So you can ignore points 1 and 3. The only packet loss that matters is the one that carries forward. If 0% follows it, the previous one doesn’t matter. The only one that is relevant here is the 90% packet loss on point 7, I assume your end point. This either means packet loss in the datacenter or on the server itself.

Edit: Passing this on to the team as well, to review from our side.

4 Likes

The question becomes, how to make sure it’s not the fault of the server?

To follow up what @Jarland said, icmp is considered low priority and some switches/routers will ignore or delay the reply, if they are busy.

3 Likes

A ticket is a good option, just to get it all documented. Though initial thoughts from this side are that it may well be the server.

start with an mtr from the server to your location

Suppose if I were entertaining the idea of it being server side, I might ask if there are any firewall configurations that might rate limit ICMP requests. Who knows what CSF does these days, it’s always been the #1 culprit behind everything on systems that run it in my experience lol. Any chance something like that has been set up?

Ok, so I’m starting over.
An MTR from a VPS in Italy to a dedi in the US.

1.|-- host2-48-211-80.serverded  0.0%    10   15.3   8.5   2.0  15.3   5.3
  2.|-- it1-core-a.aruba.it        0.0%    10    1.1   1.3   0.8   2.3   0.3
  3.|-- it101-edge-a.aruba.it      0.0%    10   12.7  11.7  11.5  12.7   0.3
  4.|-- xe-11-1-0-141.bar2.Milan1  0.0%    10   11.2  11.2  11.0  12.0   0.0
  5.|-- ae-1-11.bear2.Washington1 90.0%    10  104.2 104.2 104.2 104.2   0.0
  6.|-- 4.14.99.142                0.0%    10  105.1 104.8 104.6 105.1   0.0
  7.|-- lw-dc3-core2-eth2-19.rtr.  0.0%    10  128.5 128.4 128.3 128.5   0.0
  8.|-- lw-dc3-dist15-po6.rtr.liq  0.0%    10  127.8 127.8 127.7 128.2   0.0
  9.|-- host2.ex.com  40.0%    10  126.8 126.7 126.7 126.8   0.0

Then an MTR from the dedi in the US to the VPS above in Italy.

1. 72.52.168.100                 0.0%    10    0.8   0.6   0.6   0.8   0.1
  2. lw-dc3-core2-nexus-po15.rtr.  0.0%    10    1.2   1.2   1.0   1.3   0.1
  3. lw-tlx-border1-asr-te0-0-0-1  0.0%    10   23.4  23.4  23.3  23.5   0.1
  4. lag-101.bear2.Washington111. 70.0%    10   24.1  24.1  24.1  24.1   0.0
  5. ae-2-7.bear1.Milan2.Level3.n 10.0%    10  119.3 119.3 119.3 119.4   0.0
  6. ae-2-7.bear1.Milan2.Level3.n  0.0%    10  119.4 119.3 119.2 119.4   0.0
  7. ns1.novanetworks.it           0.0%    10  120.2 120.1 119.9 120.2   0.1
  8. it1-core-b.aruba.it           0.0%    10  127.8 127.9 127.1 129.8   0.9
  9. it1-is7-b.aruba.it            0.0%    10  128.2 129.4 128.2 136.7   2.6
 10. host16-48-211-80.serverdedic 10.0%    10  127.7 127.7 127.6 127.8   0.1

It’s a cPanel server that I’m pretty sure it’s running on a default cPanel install…
From

ICMP is deprioritized, and often dropped on shared hosting. If the speed sucks, drop WordPress (use a static page). Then, open a ticket.

Hmm. What we’re looking at on this side is the gateway, and seeing no packet loss to it. That doesn’t rule out something outside of the OS, it just helps to rule out a wider network issue. Could still be worth a ticket. Among the wildest theories in my head, a bad cable is an example of one that you couldn’t solve.

Static page already.
Server Load 0.22998 (8 CPUs)

I’l get to a ticket. Hopefully is not something I could have avoided… not the nicest wish I guess …
:stuck_out_tongue:

1 Like

Is the cPanel server busy? much traffic going on or high load?

as ICMP is considered a low priority, it might just be that it is delayed 'til the extent that it’s actually dropped.

Stats.

I’d go with Jarlands suggestion, open a ticket, ask if others have reported packet loss inside their network and ask for a network cable exchange.

It could also be that the server and the switch has problems auto-negotiating the speed and flow of the port.

1 Like

Try disabling your firewall on the box and see if that helps…

Do UDP and TCP mtrs for comparison. ICMP might be deprioritized as mentioned.

mtr --tcp --port 80 your.host
mtr --udp your.host

I heard of a “server security” software that caused basically 90% ICMP packetloss for normal ping interval because of really stupid settings regarding ICMP, you might be experiencing that.

//EDIT: It was apparently CSF. Are you using it by any chance?