Measuring network latency with the Symantec Network Security 7100 Series appliance installed

Article:TECH112692  |  Created: 2005-01-02  |  Updated: 2006-01-22  |  Article URL http://www.symantec.com/docs/TECH112692
Article Type
Technical Solution


Issue



This document describes how to estimate the latency on your network that is caused by running the Symantec Network Security 7100 Series appliance in inline mode.


Solution



Latency is a delay in communication between two points on a network; the source and the destination.

All in-line network devices increase network latency. To determine the latency that the Symantec Network Security 7100 Series appliance adds to a network, calculate the difference between the latency that is measured with the appliance in place, and the latency that is measured without the appliance in place.

Symantec recommends that you measure latency with a tool such as hping2 rather than ping. The hping2 tool uses the TCP protocol, which is more reliable than the ICMP protocol. The ping command uses the ICMP protocol.

When you configure the appliance to run in inline mode, measure latency when the network and appliance are under a normal traffic load. Because the amount of latency depends on current network traffic, measuring latency when the network does not have any traffic or has high traffic may provide misleading results.

Latency measurements on networks that have low bandwidth
When network capacity (bandwidth) is very low, such as under 1 kilobyte per second (Kbps), latency figures may appear to be high. This effect is caused by the method that the appliance uses to buffer packets.


Using the hping2 tool
The hping2 tool provides a more accurate estimate of latency than the ping command because it uses the TCP protocol by default. On most networks, most network traffic uses the TCP protocol.

The hping2 tool displays the round-trip time (RTT) between a source and a destination. To estimate the latency, divide the RTT figure by two. The following example uses the hping2 tool to send a 500 byte TCP packet.

To use the hping2 command to estimate latency
  1. Without the appliance installed inline, open a command prompt and type:
    hping2 -s 500
  2. Make a note of the average RTT.
  3. With the appliance installed inline, open a command prompt and type:
    hping2 -s 500
  4. Make a note of the average RTT.
  5. Subtract the average RTT that is from step 2 from the average RTT that is from step 4.
  6. Divide the number that is from step 5 by two.

The figure that you calculate in step 6 is an estimate of the latency that the appliance adds to the network.

For instance, if the RTT figure from step 2 is forty-five milliseconds (ms) and the RTT figure from step 4 is fifty-one ms, then the added latency is three ms.



Technical Information
Hping2 and ping

The ping command, which is present on most operating systems, provides a quick and easy method to estimate latency. For estimating the latency that is added by the appliance, Symantec recommends that you use a tool that uses the TCP protocol, such as hping2, rather than the ping command.

The TCP protocol provides a more reliable estimate than the ICMP protocol. In addition, most network traffic uses the TCP protocol. Commonly-used application layer protocols such as HTTP, FTP, Telnet, POP3, and SMTP all use the TCP protocol. Because some of these application layer protocols, such as HTTP, provide metrics such as "page response time" that are affected by latency, the hping2 tool provides a more relevant latency estimate than the ping command provides.

The ping command displays the round-trip time (RTT) between a source and a destination. When using the ping command to estimate latency, divide the RTT figure by two.



Legacy ID



2005030211480853


Article URL http://www.symantec.com/docs/TECH112692


Terms of use for this information are found in Legal Notices