Wednesday, August 5, 2020

Having trouble understand a traffic graph

This is the graph

I have an office with an ASA 5505 connected a Charter cable modem. Latency to anything on the internet appears to be cycling between a 30ms and up to 500ms latency about every 30 seconds.

I've verified this is actually occuring by pinging from an internal server to the first Charter hop. The graphs are from a Vultr server in nearby Atlanta. I have 4 other latency graphs running from this same server to offices in the same town using Charter, and they look fine.

The middle graph is to the outside ASA interface, and the bottom is over a VPN to an internal server - that's to take "ASA control plane too busy" out of the mix, although the CPU looks fine. The Vultr host is a new thing - I was running the same server from my office before and seeing the same curves.

I thought about a saw-tooth from policing, so I've set up traffic shaping on the ASA at 10Mb which is what the line tested at. The traffic graphs don't appear to show any correlation to the problem though.

The bizarre thing is that stopping my collectd daemon doing the measurement seems to reset the base level of latency. On the ASA log I see it building and tearing down a new ICMP session, so I don't think anything is sticky there.

The only thing that I can come up with is that I'm actually seeing a much faster oscillation, and the peaks I'm seeing are an interference pattern between my sampling rate and the actual frequency. So in that case restarting the monitoring server could pull the sampling cycle in or out of phase with the underlying phenomenon. That seems like a zebra explanation though.



No comments:

Post a Comment