Traceroute being slow

gsrdgrdghd

I have an issue with traceroutes being very slow. Here are some examples:

 time traceroute google.com
traceroute to google.com (173.194.35.35), 30 hops max, 60 byte packets
 1  194.14.179.252 (194.14.179.252)  0.082 ms  0.025 ms  0.022 ms
 2  gw-cdlan-2.prometeus.cdlan.net (217.171.46.253)  0.347 ms  0.409 ms  0.454 ms
 3  ibgp-gw-core-a.cdlan.net (217.171.32.129)  0.712 ms  0.783 ms  0.850 ms
 4  google.mix-it.net (217.29.66.96)  0.243 ms  0.278 ms  0.226 ms
 5  209.85.249.54 (209.85.249.54)  0.352 ms  0.280 ms  0.258 ms
 6  209.85.241.67 (209.85.241.67)  0.598 ms  1.229 ms  1.261 ms
 7  mil01s17-in-f3.1e100.net (173.194.35.35)  0.389 ms  0.385 ms  0.498 ms

real    0m15.567s

 time traceroute -n google.com
traceroute to google.com (173.194.35.35), 30 hops max, 60 byte packets
 1  194.14.179.252  0.041 ms  0.018 ms  0.015 ms
 2  217.171.46.253  0.405 ms  0.454 ms  0.514 ms
 3  217.171.32.129  0.365 ms  0.450 ms  0.684 ms
 4  217.29.66.96  0.237 ms  0.238 ms  0.252 ms
 5  209.85.249.54  0.302 ms  0.366 ms  0.273 ms
 6  209.85.241.67  0.868 ms  0.966 ms  1.063 ms
 7  173.194.35.35  0.297 ms  0.269 ms  0.307 ms

real    0m0.005s

time traceroute6 google.com
traceroute to google.com (2a00:1450:4002:802::1000) from xxx, 30 hops max, 16 byte packets
 1  2a00:dcc0:eda:89::252 (2a00:dcc0:eda:89::252)  0.22 ms  0.367 ms  0.137 ms
 2  gw6.prometeus.net (2a00:dcc0:eda:2::1)  0.467 ms  0.431 ms  0.411 ms
 3  2001:b60:0:c100::1 (2001:b60:0:c100::1)  0.938 ms  0.953 ms  0.851 ms
 4  google-v6.mix-it.net (2001:7f8:b:100:1d1:a5d1:5169:96)  5.072 ms  29.613 ms  29.646 ms
 5  2001:4860::1:0:458d (2001:4860::1:0:458d)  2.155 ms  2.106 ms  1.992 ms
 6  2001:4860:0:1::4c7 (2001:4860:0:1::4c7)  1.196 ms  1.35 ms  1.146 ms
 7  2a00:1450:8000:17::8 (2a00:1450:8000:17::8)  0.94 ms  1.064 ms  1 ms

real    0m0.912s

(I've also tested this with other domains)

As you can see the bottleneck seems to be the reverse DNS lookups of IPv4 addresses. Does anyone know how to fix this?

rm_

1) Who uses traceroute anymore, install 'mtr'.
2) to /etc/resolv.conf:

nameserver 8.8.8.8
nameserver 8.8.4.4

gsrdgrdghd

@rm_ said: Who uses traceroute anymore, install 'mtr'.

The strange thing: When mtr runs in report-mode (mtr --report --report-cycles=3 google.com) it's also incredible slow but when i just run mtr google.com it's muuuuch faster

@rm_ said: to /etc/resolv.conf:

I already tried both the providers resolvers and Google's

gubbyte

@rm_ said: Who uses traceroute anymore

me

gsrdgrdghd

For further investigation i've tcpdump'd my DNS traffic while doing a traceroute and loaded it into Wireshark:

As you can see there is a ~5sec delay always after a "No Such Domain" (=a hop without reverse DNS is it). This correlates with the traceroute always pausing for ~5 seconds right before display a hop without reverse DNS entry.

Now the question is: How can this be fixed?

pubcrawler

@gsrdgrdghd,

Well, hard to say where the delay is. If it is in traceroute itself or the remote DNS server (Google). mtr seems to perform much better and most folks today use it exclusively. I use both and often traceroute since often default installed in distros I use.

I had a similar issue. My solution was to install dnsmasq (which I use often). Then run queries through it and turn on caching of negative records and bump the cache of records total to a big number 15k.

I also trimmed the /etc/resolv.conf entries down to a single entry for now. In my case I used 4.2.2.4 (Level 3).

For the most part, not seeing these delays. My delays often were on internal and first 6 hops which are outside my facility in upstream providers network and thus no reverse DNS.

gsrdgrdghd

@pubcrawler said: or the remote DNS server (Google).

If you look at the screenshot i think the remote DNS server can be ruled out. Every DNS request gets answered within <100ms. The problem is that my server simply doesn't send DNS queries for 5 seconds after a No such Domain.

I'll look into setting up dnsmasq, thanks for the suggestion.

rds100

traceroute -w 0.5 google.com

Does this help?

gsrdgrdghd

@rds100 said: Does this help?

Sadly, no.

ShardHostSarah

Try the following

netstat -a

then try

netstat -an

Is there a difference in speed?

gsrdgrdghd

Yes very much. -a is slower. Between these lines there is a huge delay:

tcp        0      0 localhost.localdo:mysql *:*                     LISTEN     
tcp        0      0 it1.xxx:https     131.234.77.x:51207     ESTABLISHED

ShardHostSarah

Who's managing the reverse entries? Either way get them checked. Ensure the IPs have been delegated to the correct servers. This generally occurs when the IPs have been delegated to the wrong server then that server is taken offline.

gsrdgrdghd

The problem orrcurs with all IPs that don't have a reverse DNS entry set so it can't be caused by one misconfigured DNS server. Also the answers for the DNS queries actually arrive without any delay so the problem doesn't seem to involve anything network-related.

rds100

Yes, seems for some reason your resolver lib is ignoring the servfail messages and waiting more for an answer.
What's in your /etc/resolv.conf ? Perhaps it is asking other name servers too.

edit: i saw you wrote that you have only one entry in resolv.conf
Maybe install another traceroute alternative? Which traceroute version is this?

Here is mine:

root@it1:~# traceroute --version

Modern traceroute for Linux, version 2.0.15, Jul 18 2010

Copyright (c) 2008  Dmitry Butskoy,   License: GPL v2 or any later

And the traceroute:

root@it1:~# time traceroute www.google.com

traceroute to www.google.com (173.194.44.49), 30 hops max, 60 byte packets

 1  37-247-49.hosted.by.prometeus.net (37.247.49.1)  0.884 ms  0.782 ms  0.686 ms

 2  gw-cdlan-2.prometeus.cdlan.net (217.171.46.253)  0.439 ms  0.417 ms  0.488 ms

 3  ibgp-gw-core-a.cdlan.net (217.171.32.129)  0.547 ms  0.519 ms  0.498 ms

 4  google.mix-it.net (217.29.66.96)  11.059 ms  11.372 ms  0.416 ms

 5  209.85.249.54 (209.85.249.54)  0.896 ms  0.811 ms  0.694 ms

 6  216.239.48.146 (216.239.48.146)  14.013 ms  14.070 ms  13.949 ms

 7  209.85.240.99 (209.85.240.99)  10.958 ms  10.965 ms  11.028 ms

 8  muc03s08-in-f17.1e100.net (173.194.44.49)  10.409 ms  10.440 ms  10.452 ms

real    0m0.291s

user    0m0.016s

sys 0m0.000s

gsrdgrdghd

nameserver 8.8.8.8
nameserver 8.8.4.4

#nameserver 194.14.179.254
#nameserver 195.88.4.248

Btw logging into SSH also takes some time if no reverse DNS entry is set for the IP i'm connecting from.

rds100

@gsrdgrdghd try leaving only the first entry (nameserver 8.8.8.8) and then try the traceroute again.

gsrdgrdghd

@rds100 said: @gsrdgrdghd try leaving only the first entry (nameserver 8.8.8.8) and then try the traceroute again.

Doesn't help. Is there any easy way to get a call trace for the DNS lookups? That might help determining in which library/process the call hangs.

rds100

Unfortunately now. System calls can be seen with strace, but not library calls. It probably could be stepped with gdb, but i doubt there is symbol / debug information included and it would be much work for nothing.
What's your traceroute version? Is it the same as mine?

gsrdgrdghd

Modern traceroute for Linux, version 2.0.19, Dec 10 2012

It's the default one that comes with Debian Sid.

marrco

@gsrdgrdghd said: default one that comes with Debian Sid

done the same test from a Prometus VPS:

~# time traceroute google.com

traceroute to google.com (74.125.225.224), 30 hops max, 60 byte packets
1  37-247-48.hosted.by.prometeus.net (37.247.48.1)  0.622 ms  0.541 ms  0.574 ms
 2  gw-cdlan-2.prometeus.cdlan.net (217.171.46.253)  0.764 ms  0.586 ms  0.450 ms
 3  ibgp-gw-core-a.cdlan.net (217.171.32.129)  0.938 ms  0.623 ms  0.495 ms
 4  google.mix-it.net (217.29.66.96)  0.368 ms  0.486 ms  0.700 ms
 5  216.239.47.128 (216.239.47.128)  0.515 ms  0.362 ms  0.589 ms
 6  72.14.232.78 (72.14.232.78)  9.893 ms 72.14.232.76 (72.14.232.76)  10.235 ms  10.536 ms
 7  209.85.241.226 (209.85.241.226)  16.827 ms 209.85.241.228 (209.85.241.228)  64.021 ms 209.85.241.226 (209.85.241.226)  17.329 ms
 8  209.85.243.32 (209.85.243.32)  22.476 ms 209.85.240.29 (209.85.240.29)  21.522 ms  21.521 ms
 9  72.14.235.91 (72.14.235.91)  97.811 ms 72.14.235.89 (72.14.235.89)  96.697 ms 72.14.235.91 (72.14.235.91)  97.717 ms
10  72.14.235.10 (72.14.235.10)  106.179 ms 72.14.235.12 (72.14.235.12)  105.407 ms 72.14.235.10 (72.14.235.10)  106.281 ms
11  72.14.239.64 (72.14.239.64)  112.884 ms  112.981 ms 216.239.48.4 (216.239.48.4)  111.986 ms
12  209.85.240.82 (209.85.240.82)  135.232 ms  134.862 ms 72.14.237.223 (72.14.237.223)  138.132 ms
13  72.14.237.218 (72.14.237.218)  134.698 ms  134.280 ms  130.145 ms
14  209.85.240.77 (209.85.240.77)  135.155 ms  135.160 ms  130.403 ms
15  dfw06s26-in-f0.1e100.net (74.125.225.224)  129.406 ms  129.413 ms  134.122 ms

real    0m0.964s
user    0m0.004s
sys     0m0.020s

no problem using debian squeeze with

~# cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4

gsrdgrdghd

@marrco weird that you get routed to the US when tracing google.com, it resolved to an Italian IP for me.

Anyway i guess i don't have much choice but to reinstall my OS.

George_Fusioned

@gsrdgrdghd said: Btw logging into SSH also takes some time if no reverse DNS entry is set for the IP i'm connecting from.

For this try adding the following to your /etc/ssh/sshd_config

UseDNS no

and restart sshd.

gsrdgrdghd

Thanks, but i ended up reinstalling my VPS. Everything works fine now

rds100

@gsrdgrdghd reinstalled with the same OS, or different?

gsrdgrdghd

@rds100 said: @gsrdgrdghd reinstalled with the same OS, or different?

Ubuntu x64 instead of Debian x32

pubcrawler

Well, Debian does the same thing @gsrdgrdghd.

I haven't fully isolate the traceroute and tracepath issue.

mtr seems to always work just dandy. That's what I am sticking to.

rds100

Mine seems to work fine on debian squeeze. Don't know if they broke something in later versions.

klikli

On my Debian wheezy x32 it runs fine.