Tip

What Ping doesn't tell you

Ping is the classic tool based on network behaviorism. It distinguishes certain states of network functionality that are the cornerstones of everyday network troubleshooting -- in particular, it resolves the

    Requires Free Membership to View

binary states of connectivity (i.e. connected or not). But that's only the simplest example of a wide range of behavioral analyses that can tell you what your network is doing.

Network behaviorism assumes that the network is a black box about which you have no a priori knowledge. By stimulating the network appropriately and analyzing the responses, the interior states of the black box can be determined through judicious application of analytical models of network behavior. This allows a network engineer, or a user, to generate a view of a particular network path without special access to the component devices (i.e. interfaces, switches and routers).

Packets provide the means to stimulating the network. Conventions of network behavior and knowledge of network standards provide the analytical model. Subsequently, specific stimuli can distinguish internal states, such as connectivity, by associating the possible network response with known states.

In the case of Ping, this only makes a simple thing sound complicated. Send an ICMP Echo packet to an IP address, get an ICMP Echo Reply packet back, and you have determined that there is connectivity on the network path. Simple, and yet, powerful because it points toward even more interesting possibilities.

Of course, the network is never ideal and its responses to stimuli can vary over time. Typically Ping repeats this process more than once and then evaluates the statistical limits of the responses. In this way, it roughly estimates the statistical variance of the Round Trip Time (RTT) of the responses, including loss (when RTT is infinite). From this additional information, slightly more insight can be gained into the network path -- but not much.

Traceroute is another tool that follows this approach. Using known behavior with respect to mid-path Layer 3 devices and the Time To Live field in the IP header, Traceroute eponymously determines the sequence of devices at Layer 3 between its host and some target host. To do this, it transmits not one but a series of packets with specific TTL settings, incrementing from 1 to 255, until it reaches the intended target. It can then identify the IP address for each Layer 3 interface that responds with the ICMP TTL Expiry message.

Traceroute thus offers a functionality that resolves the states of the IP route between two hosts. Clearly those states are much more numerous and complex than the simple binary states of connectivity. And it requires a commensurate increase in the sampling of the network path to construct this view.

Of course there are many more tools available of various sorts showing different aspects of the network path -- even Ping and Traceroute have been augmented with other functionalities. Some of them rely on very sophisticated mathematical network models involving queuing theory, non-random loss analysis, and defect correlation.

So what's the point? It's a bit like the old fable of the blind men and the elephant -- each described the elephant uniquely ("it's like a snake!" "no, it's like a wall!" "no, it's like a tree trunk!") because each was accessing it in a different way. And none of them had a clear, actionable picture of what they were dealing with.

And so the network is all those things and more, changing constantly, affecting application performance and resisting diagnosis. However, network behaviorism can be applied in a more comprehensive fashion -- instead of offering piecemeal analyses of simple states of the network, a sophisticated sampling and analysis process can reveal all the structure of the end-to-end path consistently and in detail.

Many of the latest network technologies described in the "New network science" column take full advantage of this approach. In fact, the detailed views provided by these systems seem more akin to the full realization of modern sonar -- in metaphor, precisely generated sound waves are deformed and reflected by all the subtle variations of temperature, surface, and salinity to accurately map the shape of the ocean floor, the flow of currents and the presence of marine life. Not the simple ping of World War II submarine detection.

Even better, these systems can selectively analyze the response of the network to specific applications such as backup and recovery, voice-over-IP, video, transactional systems like collaborative environments and others. Packet size, load, protocol, and variability of the transfer rate can cause the network to change its characteristics.

So if you find Ping and Traceroute the least bit useful (and you certainly do – thanks Mike Muuss and Van Jacobson), consider that you are using only a small fraction of the potential available to you. Ping doesn't tell the whole story any more than a single-pixel image shows you the whole picture.

References:
History of Ping
Blind Men and the Elephant
Human Ping


Chief Scientist for Apparent Networks, Loki Jorgenson, PhD, has been active in computation, physics and mathematics, scientific visualization, and simulation for over 18 years. Trained in computational physics at Queen's and McGill universities, he has published in areas as diverse as philosophy, graphics, educational technologies, statistical mechanics, logic and number theory. Also, he acts as Adjunct Professor of Mathematics at Simon Fraser University where he co-founded the Center for Experimental and Constructive Mathematics (CECM). He has headed research in numerous academic projects from high-performance computing to digital publishing, working closely with private sector partners and government. At Apparent Networks Inc., Jorgenson leads network research in high performance, wireless, VoIP and other application performance, typically through practical collaboration with academic organizations and other thought leaders such as BCnet, Texas A&M, CANARIE, and Internet2. www.apparentnetworks.com

This was first published in July 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.