Why Do Some Routers Drop Packets or Have High Latencies?

Jean-François Lévesque
Jean-François Lévesque Last updated on Aug. 18, 2020

Why Do Some Routers Drop Packets or Have High Latencies?

We have written a series of articles about traceroutes, the most popular tool that network engineers use to troubleshoot network performance.

Why Do Some Routers Drop Packets or Have High Latencies?
Why Do Some Routers Drop Packets or Have High Latencies?

This article explains the different reasons why a single router can drop traceroute packets or have higher latencies and why it’s normal. First, let’s take a look at this example:

+---+-------------------+-------+-----+------+------+------+------+
| # | Hostname          | Loss% | Snt | Last |  Avg | Best | Wrst |
+---+-------------------+-------+-----+------+------+------+------+
| 1 | 192.168.1.1       |  90.0 |  10 |  1.0 |  1.6 |  0.5 |  3.9 |
| 2 | router1.ispA.com  |   0.0 |  10 |  5.0 |  5.6 |  4.5 |  7.9 |
| 3 | router2.ispB.com  |   0.0 |  10 | 10.0 | 10.6 |  9.5 | 15.9 |
| 4 | router3.ispC.com  |  50.0 |  10 | 62.0 | 62.6 | 31.5 | 72.9 |
| 5 | ???               | 100.0 |  10 |    - |    - |    - |    - |
| 6 | router5.ispC.com  |  20.0 |  10 | 14.0 | 14.6 | 13.5 | 21.9 |
| 7 | router6.ispC.com  |   0.0 |  10 | 15.0 | 15.6 | 14.5 | 29.9 |
| 8 | website.com       |   0.0 |  10 | 16.0 | 16.6 | 15.5 | 39.9 |
+---+-------------------+-------+-----+------+------+------+------+
Figure A

In this example, hops #1, #4, #5 and #6 are dropping packets. As explained in the previous article How To Identify Network Issues with Traceroutes?, the general rule of thumb when looking at packet loss is that if the packet loss doesn’t continue with the following hops, then it’s not a network issue.

So in this example, everything runs smoothly between the source and the destination. Let’s see why some hops have packet loss and why hop #4 has higher latencies.

ICMP TTL Exceeded Rate Limiting
ICMP TTL Exceeded Rate Limiting

A traceroute will report packet loss if:

  • The packet from the source never reached the router, so a response cannot be sent;
  • The packet from the source is received by the router but the response is lost on the reverse path;
  • The packet from the source is received by the router but it decided not to respond with an “ICMP TTL Exceeded” message.

Obviously, reasons A and B correspond to standard packet loss between the source and the router either in the forward path (source to router) or on the reverse path (router to source).

Reason C is special because of something called Rate Limiting. Some routers, but not all of them, have interval rules to limit the number of ICMP TTL Exceeded messages that are sent by the router. Usually, the rule is there to protect the router CPU (Central Processing Units). Sometimes it is configurable, while other times it is not. In some cases, routers never respond with the ICMP messages, as we see in Figure A with hop #5.

A lot of small offices and home routers/firewalls are configured with a rate-limit of 1pps (packet per second) and there is nothing you can do to change that.

How to detect rate limiting?
How to detect rate limiting?

One way to detect if the drops are related to rate limiting is by changing the rate of the traceroute packets sent by the source.

If by sending at 1pps (1 packet per second) you don’t see drops, but when you increase the rate to 5pps (5 packets per second or 1 packet every 0.2 second), you see drops on some hops, this usually indicates that there is a rate limiting rule. For example, an 80% packet loss rate at 5pps can suggest a 1pps rate limiting configuration.

Impact of the Router CPU
Impact of the Router CPU

ISP routers are complex systems with a lot of components such as CPUs, NPUs (Network Processing Units), ASICs (Application Specific Integrated Circuits) and FPGAs (Field Programmable Gate Arrays). The main purpose of a router is to route packets and to maintain routing protocols to make sure the routing table is always up to date.

Responding to traceroute packets with ICMP TTL Exceeded messages is not their top priority. This is why some responses may be dropped if the CPU is doing something else, or it can be delayed if some other important processes are using the CPU when a response needs to be sent.

In that case, an increase of the latency is possible, as shown on hop #4 of Figure A. Since the latency increase is not propagated at every hop after hop #4, there is no network issue.

Impact of firewalls on traceroutes
Impact of firewalls on traceroutes

For some reasons, some networks are configured to block ICMP traffic. This is not something we recommend, but when it happens, the ICMP TTL Exceeded messages are dropped by a firewall and the traceroute will not work at all.

And just a quick note to all network administrators, if you block all ICMP traffic, never do that with IPv6. IPv6 uses ICMP to replace ARP and if you block ICMP, you will also block ICMPv6 NDP (Neighbor Discovery Protocol), which will completely block IPv6 connectivity.

Next Traceroute Articles
Next Traceroute Articles

This is the end of this first article on traceroutes. The next articles will cover how to analyze traceroutes and which information is the most important.

We hope you enjoyed this article in the traceroute series.

Related Blog Categories:
Traceroutes