Reply To: 10% packet loss using NAT/LoadBalancer

Forums Network Management ZeroShell 10% packet loss using NAT/LoadBalancer Reply To: 10% packet loss using NAT/LoadBalancer


Using traceroute on a box on a LAN behind the ZeroShell router/firewall, I see a very consistent pattern where the 7th request is not responded to and then every 6th request thereafter. End result is that 1/6 are being dropped (16.6%). If you only use a count of 10 as if you have a 10% loss rate.

But the packets are not actually being “lost”. The way these trace tools work is by sending UDP packets with a small time to live (TTL). The IP specifications say that the TTL value is to be decremented by one on each hop and if the TTL goes to zero the packet is to be discarded and a ICMP “Time to live exceeded” message is to be sent back to the originator. What is happening is one of the two:
1. The TTL was ignored and the packet forwarded on.
2. The TTL was processed but the ICMP message was not generated or was sent to the wrong destination.

But as I mentioned in my earlier reply, this odd behavior when generating ICMP Time-to-Live Exceeded messages does not seem to affect traffic through the ZeroShell router. It is something that does need to be looked into but it is not what is causing your performance issues. If it were then all the machines past the ZeroShell router would also exhibit at least a 10% packet loss too as far as any measurement you could make from inside your LAN. That, by your own postings, is not happening.

I am a little confused about your setup where you have

Here is my setup :
My PC is
My ZS box is
My Internet gateways are, and

All of your machines are on the same subnet? That does not make sense to me….