Unexpected times on "Connection Times" graph
list Shawn Heisey
Here is a "connection times" graph from Xymon: https://www.dropbox.com/s/voyqnzfnsqaact9/xymonresponsegraph.png?dl=0 This shows "conn" times in the 40 millisecond rang, and "ssh" times in the 200 microsecond range. What is the source of the "conn" graph? I would have guessed ICMP, but it doesn't make any sense for a ping to take longer than an ssh connection, especially not that much longer. This is what I get if I ping that machine from the xymon server ... it doesn't take anywhere even CLOSE to 40 milliseconds: [root at mcp xymon]# ping palazzo PING palazzo.REDACTED.com (10.100.2.17) 56(84) bytes of data. 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=1 ttl=62 time=0.572 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=2 ttl=62 time=0.582 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=3 ttl=62 time=0.573 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=4 ttl=62 time=0.611 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=5 ttl=62 time=0.890 ms ^C --- palazzo.REDACTED.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 0.572/0.645/0.890/0.126 ms Can anyone shed light on this? My server config includes the following line: FPING="xymonping" My xymon server is version 4.3.14. Thanks, Shawn
list Jeremy Laidman
I've noticed the same thing on many of my servers. Without really thinking about it, I just assumed that the xymonnet TCP connection measurements were taking into account (removing) network latency time, and only giving the latency within the server being tested. Thinking about it now, I'm not sure how xymonnet would do this. Yes, I believe xymonping uses ICMP. You can run xymonping directly like: sudo -u xymon /usr/lib/xymon/server/bin/xymonping 10.100.2.17 and see how it compares with the graph, or "ping" or "time telnet 10.100.2.17 22 </dev/null". J
▸
On 25 August 2015 at 08:02, Shawn Heisey <user-5d0d01dba542@xymon.invalid> wrote:
Here is a "connection times" graph from Xymon: https://www.dropbox.com/s/voyqnzfnsqaact9/xymonresponsegraph.png?dl=0 This shows "conn" times in the 40 millisecond rang, and "ssh" times in the 200 microsecond range. What is the source of the "conn" graph? I would have guessed ICMP, but it doesn't make any sense for a ping to take longer than an ssh connection, especially not that much longer. This is what I get if I ping that machine from the xymon server ... it doesn't take anywhere even CLOSE to 40 milliseconds: [root at mcp xymon]# ping palazzo PING palazzo.REDACTED.com (10.100.2.17) 56(84) bytes of data. 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=1 ttl=62 time=0.572 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=2 ttl=62 time=0.582 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=3 ttl=62 time=0.573 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=4 ttl=62 time=0.611 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=5 ttl=62 time=0.890 ms ^C --- palazzo.REDACTED.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 0.572/0.645/0.890/0.126 ms Can anyone shed light on this? My server config includes the following line: FPING="xymonping" My xymon server is version 4.3.14. Thanks, Shawn
list Ralph Mitchell
An ICMP ping is a low-level, very small packet exchange: xymon: Hey, server1 server1: what?? xymon: <wanders off> On the other hand, ssh should be setting up and tearing down an encrypted connection, even though it doesn't actually login. I assume there would be multiple packets bouncing back and forth, agreeing on an encryption protocol and swapping keys, or whatever. I'm not very surprised that it takes longer than a ping to complete the connection. Ralph Mitchell On Mon, Aug 24, 2015 at 11:04 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid>
▸
wrote:
I've noticed the same thing on many of my servers. Without really thinking about it, I just assumed that the xymonnet TCP connection measurements were taking into account (removing) network latency time, and only giving the latency within the server being tested. Thinking about it now, I'm not sure how xymonnet would do this. Yes, I believe xymonping uses ICMP. You can run xymonping directly like: sudo -u xymon /usr/lib/xymon/server/bin/xymonping 10.100.2.17 and see how it compares with the graph, or "ping" or "time telnet 10.100.2.17 22 </dev/null". J On 25 August 2015 at 08:02, Shawn Heisey <user-5d0d01dba542@xymon.invalid> wrote:Here is a "connection times" graph from Xymon: https://www.dropbox.com/s/voyqnzfnsqaact9/xymonresponsegraph.png?dl=0 This shows "conn" times in the 40 millisecond rang, and "ssh" times in the 200 microsecond range. What is the source of the "conn" graph? I would have guessed ICMP, but it doesn't make any sense for a ping to take longer than an ssh connection, especially not that much longer. This is what I get if I ping that machine from the xymon server ... it doesn't take anywhere even CLOSE to 40 milliseconds: [root at mcp xymon]# ping palazzo PING palazzo.REDACTED.com (10.100.2.17) 56(84) bytes of data. 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=1 ttl=62 time=0.572 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=2 ttl=62 time=0.582 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=3 ttl=62 time=0.573 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=4 ttl=62 time=0.611 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=5 ttl=62 time=0.890 ms ^C --- palazzo.REDACTED.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 0.572/0.645/0.890/0.126 ms Can anyone shed light on this? My server config includes the following line: FPING="xymonping" My xymon server is version 4.3.14. Thanks, Shawn
list Jeremy Laidman
▸
On 25 August 2015 at 13:54, Ralph Mitchell <user-00a5e44c48c0@xymon.invalid> wrote:
I'm not very surprised that it takes longer than a ping to complete the connection.
Like me, you probably mis-read the original email. The ssh time is LONGER
than the ping time. In the graph provided, the ssh time is on the order of
MICROseconds, the ping time is MILLIseconds.
list Ralph Mitchell
Yeah... OK, never mind :-) On Mon, Aug 24, 2015 at 11:58 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid>
▸
wrote:
On 25 August 2015 at 13:54, Ralph Mitchell <user-00a5e44c48c0@xymon.invalid> wrote:I'm not very surprised that it takes longer than a ping to complete the connection.Like me, you probably mis-read the original email. The ssh time is LONGER than the ping time. In the graph provided, the ssh time is on the order of MICROseconds, the ping time is MILLIseconds.
list Galen Johnson
Actually, you may notice that the ping time is the "total" time of the pings. The avg time is probably what Xymon should be keying on. I'm not where I can check but I think Xymon does a count of 8 or 10 pings so the value you see is likely the sum of all those...in your posting: --- palazzo.REDACTED.com <http://palazzo.redacted.com/>; ping statistics ---
▸
5 packets transmitted, 5 received, 0% packet loss, time *4003ms*
rtt min/avg/max/mdev = 0.572/*0.645*/0.890/0.126 ms
the highlighted value is more in line with what you are seeing when you run
it by hand.
▸
On Mon, Aug 24, 2015 at 6:02 PM, Shawn Heisey <user-5d0d01dba542@xymon.invalid> wrote:
Here is a "connection times" graph from Xymon: https://www.dropbox.com/s/voyqnzfnsqaact9/xymonresponsegraph.png?dl=0 This shows "conn" times in the 40 millisecond rang, and "ssh" times in the 200 microsecond range. What is the source of the "conn" graph? I would have guessed ICMP, but it doesn't make any sense for a ping to take longer than an ssh connection, especially not that much longer. This is what I get if I ping that machine from the xymon server ... it doesn't take anywhere even CLOSE to 40 milliseconds: [root at mcp xymon]# ping palazzo PING palazzo.REDACTED.com (10.100.2.17) 56(84) bytes of data. 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=1 ttl=62 time=0.572 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=2 ttl=62 time=0.582 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=3 ttl=62 time=0.573 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=4 ttl=62 time=0.611 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=5 ttl=62 time=0.890 ms ^C --- palazzo.REDACTED.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 0.572/0.645/0.890/0.126 ms Can anyone shed light on this? My server config includes the following line: FPING="xymonping" My xymon server is version 4.3.14. Thanks, Shawn
list Japheth Cleaver
I have to admit it's been quite a while since using xymonping directly. Can you validate the "FPING=" line in xymonserver.cfg with any options being given to it? Normally, xymon runs an fping-like process with the '-Ae' options, which request elapsed (round-trip) packet time. I don't believe we'd be summing that. Even when extra pings are found for a given IP address (circa line 1400 of xymonnet.c) they're stored in a separate location and don't appear to be summed. Regards, -jc
▸
On Tue, August 25, 2015 5:12 am, Galen Johnson wrote:Actually, you may notice that the ping time is the "total" time of the pings. The avg time is probably what Xymon should be keying on. I'm not where I can check but I think Xymon does a count of 8 or 10 pings so the value you see is likely the sum of all those...in your posting: --- palazzo.REDACTED.com <http://palazzo.redacted.com/>; ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time *4003ms* rtt min/avg/max/mdev = 0.572/*0.645*/0.890/0.126 ms the highlighted value is more in line with what you are seeing when you run it by hand. On Mon, Aug 24, 2015 at 6:02 PM, Shawn Heisey <user-5d0d01dba542@xymon.invalid> wrote:Here is a "connection times" graph from Xymon: https://www.dropbox.com/s/voyqnzfnsqaact9/xymonresponsegraph.png?dl=0 This shows "conn" times in the 40 millisecond rang, and "ssh" times in the 200 microsecond range. What is the source of the "conn" graph? I would have guessed ICMP, but it doesn't make any sense for a ping to take longer than an ssh connection, especially not that much longer. This is what I get if I ping that machine from the xymon server ... it doesn't take anywhere even CLOSE to 40 milliseconds: [root at mcp xymon]# ping palazzo PING palazzo.REDACTED.com (10.100.2.17) 56(84) bytes of data. 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=1 ttl=62 time=0.572 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=2 ttl=62 time=0.582 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=3 ttl=62 time=0.573 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=4 ttl=62 time=0.611 ms 64 bytes from palazzo.REDACTED.com (10.100.2.17): icmp_seq=5 ttl=62 time=0.890 ms ^C --- palazzo.REDACTED.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 0.572/0.645/0.890/0.126 ms Can anyone shed light on this? My server config includes the following line: FPING="xymonping" My xymon server is version 4.3.14. Thanks, Shawn