Forum Discussion

Jon_Strabala_46's avatar
Jon_Strabala_46
Icon for Nimbostratus rankNimbostratus
Jul 17, 2012

How accurate is IP::hops and how is it calculated

Hi,

 

 

How accurate is IP::hops I might base a production iRULE that is revenue generating on this information and need to know if it is 100%, 95%, 90% (or other) accurate etc.

 

 

Would it be accurate and valid always on the very first HTTP_REQUEST for a given connection, or would I be better off waiting for the 10th HTTP_REQUEST before relying on it. In other words does it imporve with time.

 

 

 

I assume it is a per connection (IP:port to IP:port statistic) right ?

 

 

 

Alternatively if I knew how IP::hops is calculated I could get a good feeling for whether I should use it.

 

 

 

For example I know "traceroute" uses a "novel" of sending packets with different TTL to determine the HOP distance (see below):

 

 

 

Traceroute sets the TTL field in the first three packets to a value of 1

 

so that they are discarded by the first router on the path. When the ICMP

 

TIME_EXCEEDED messages are returned by that router, traceroute records

 

the source IP address of these ICMP messages. This is the IP address of

 

the first hop on the route to the destination. Next, three packets are sent with

 

their TTL field set to 2. repeat ... repeat until packets reach their destination.

 

 

 

 

Does a call to [IP::hops] trigger such an algorithm (traceroute above) each time?

 

 

 

Does every new connection get a calculated [IP:hops] or is it based on IP (this would be bad for a DHCP or NAT system when IPs get reused or recycled)?

 

 

 

 

 

Thanks in Advance

 

 

 

Jon Strabala

 

 

 

 

 

2 Replies

  • I can't say anything about how it is implemented, but in a simple test I just ran traceroute reported 7 actual hops while [IP::hops] reported only 6. The documentation does mention that it is an estimate, but who knows how it is performed.

     

    This command is used to give you the estimated number of hops between the peer in question, and the client machine making the request.
  • this is what i found.

    1. IP::ttl

    This gives us the ip_ttl on an inbound IPv4 or IPv6 packet from the peer.

    2. IP::hops

    What this does is find the nearest next-highest power of 2 in the range [64, 128, 255], and subtracts IP::ttl from it. This has the effect of enabling us to passively estimate the number of hops between us and the peer. In all cases, we use option base 0, meaning that a hop of 0 means that the client is on the local network.

    so, i understand it is calculated by using TTL in packet.

    [root@ve10:Active] config  b rule myrule list
    rule myrule {
       when CLIENT_DATA {
            log local0. "client [IP::remote_addr]:[UDP::remote_port] | ttl [IP::ttl] | hops [IP::hops]"
    }
    }
    
    /var/log/ltm
    Jul 19 04:33:13 local/tmm info tmm[5111]: Rule myrule : client 172.28.19.251:55555 | ttl 100 | hops 28
    Jul 19 04:33:14 local/tmm info tmm[5111]: Rule myrule : client 172.28.19.251:55555 | ttl 100 | hops 28
    Jul 19 04:33:15 local/tmm info tmm[5111]: Rule myrule : client 172.28.19.251:55555 | ttl 100 | hops 28
    Jul 19 04:33:16 local/tmm info tmm[5111]: Rule myrule : client 172.28.19.251:55555 | ttl 100 | hops 28
    Jul 19 04:33:21 local/tmm info tmm[5111]: Rule myrule : client 172.28.19.251:55555 | ttl 101 | hops 27
    Jul 19 04:33:22 local/tmm info tmm[5111]: Rule myrule : client 172.28.19.251:55555 | ttl 101 | hops 27
    Jul 19 04:33:23 local/tmm info tmm[5111]: Rule myrule : client 172.28.19.251:55555 | ttl 101 | hops 27
    Jul 19 04:33:26 local/tmm info tmm[5111]: Rule myrule : client 172.28.19.251:55555 | ttl 102 | hops 26
    Jul 19 04:33:27 local/tmm info tmm[5111]: Rule myrule : client 172.28.19.251:55555 | ttl 102 | hops 26
    Jul 19 04:33:28 local/tmm info tmm[5111]: Rule myrule : client 172.28.19.251:55555 | ttl 102 | hops 26