Timing packets on a traffic server

Question

I have a proxy traffic server which is an extra hop on a network and is handling large quantity's of traffic.

I would like to calculate the cost in seconds of how long it takes for the proxy server to handle the incoming request, process them and forward it on.

I had been playing to write a python script to perform a tcpdump and some how time packets entering into the server until they had left.

I would probably have to perform tcpdump for a certain period of time and then analysis it to calculate times?

Is this a good way of achieving what I want or would there be a more elegant solution?

Answer 1

I always found it easier to utilize a switch's 'port mirror' to copy all data in and out of the proxy's switchport to a separate port that connects to a dedicated capture box, which does the tcpdump work for you.

If your switch(es) have this capability, it reduces the load on the busy proxy. If they don't, then yes, tcpdump full packets to a file: "tcpdump -i interface -s 0 -w /path/to/file".

You can then (on a different machine) throw together some code to examine and report on anything you want, or even open it in wireshark for detailed analysis.

Answer 2

You have a few options:

1. You can enable the slow-log feature of Traffic Server, which will give you detailed timing information on where time is spent. There are new features being added here for 6.x, such as new custom logging tags.
2. You can use TCP dump (as indicated in your post). The friendly people over at Circonus made this neat thing called lat sub, https://github.com/circonus-labs/latsub. It might not directly apply to you (unless you are a lucky Circonus user), but you can probably use their tcpdump filters.
3. Do UA sampling, and test with and without the proxy, and compare results.