🗜️Installing & Using tracepath on an SD-WAN Edge for MTU Testing🔩
How to Install & Use tracepath for MTU Testing on SD-WAN Edge Networks
When troubleshooting network issues on an SD-WAN edge, determining the MTU (Maximum Transmission Unit) size along a path is critical for ensuring optimal data flow. Tools like tracepath
are invaluable for this task, as they allow network engineers to trace the path and determine the MTU on each hop, pinpointing potential issues. This article explains how to install and use tracepath
for SD-WAN edge environments, including some advanced techniques to select an interface and test a tunnel-free path.
1. Installing Tracepath on an SD-WAN Edge (Linux Environment)
To install tracepath
on an SD-WAN edge running a Linux-based OS (common for many SD-WAN solutions):
sudo apt update
sudo apt install iputils-tracepath
This installs the tracepath
tool, which is part of the iputils
package in most Linux distributions.
2. Running Tracepath to Check MTU Over a Tunnel
By default, running tracepath
will check the MTU along the tunnel path. The command:
tracepath <destination>
will trace the route to a specified destination and identify the largest possible packet size that can traverse the path without fragmentation.
However, when running tracepath
on an SD-WAN edge, this will typically show the MTU within the tunnel, and not the MTU of the underlying physical network path.
3. Advanced Usage: Selecting an Interface for Tracepath
In an SD-WAN deployment, selecting a specific interface to bypass the tunnel for MTU testing is a bit more complex. The SD-WAN tunnel typically abstracts multiple paths, and tracepath
alone cannot select which interface to test unless specific routing rules are set up.
The solution is to create a split tunnel using a classification that bypasses the SD-WAN tunnel and sends traffic directly over the physical link. To achieve this, follow these steps:
Step 1: Define a split-tunneling rule in your SD-WAN solution. This rule should classify specific traffic (e.g., ICMP or certain IP addresses) to bypass the encrypted tunnel and route directly through the underlying physical interface.
Step 2: Once the classification is in place, you can connect a testing device, such as a laptop or a Virtual Network Function (VNF) instance, to the SD-WAN edge. This device will allow you to run
tracepath
and test the MTU on the split tunnel.
For example, once the bypass is set up, on your testing device:
tracepath <destination>
will show the MTU values along the direct path, not the encapsulated SD-WAN tunnel, allowing you to identify the true bottlenecks and configuration issues.
4. MTU Testing from Windows Devices
If you're testing MTU issues from a Windows device connected to the SD-WAN edge, tracepath
is not natively available. However, you can:
Option 1: Download a third-party MTU path discovery tool (such as MTU-Path), which will give you similar functionality to
tracepath
.Option 2: Perform a manual test using a combination of
ping
andtracert
. This method, while less automated, can still help determine MTU issues. Here's how:Ping with varying packet sizes: Start by sending ICMP ping packets with different sizes to determine the maximum packet that can traverse without fragmentation. For example:
ping -f -l <packet size> <destination>
Increase or decrease the packet size to find the maximum MTU.
Tracert: Use
tracert
to determine the path, similar totracepath
. Whiletracert
doesn't measure MTU, it complements theping
tests for route discovery.
5. Why Split Tunneling for MTU Testing is Important
When working with SD-WAN, many issues related to performance arise from misconfigured or misaligned MTU values. Split tunneling allows you to break free from the abstracted tunnel view, giving you insight into how your edge devices are handling traffic at the raw network level. The following benefits highlight why it’s crucial:
Avoid Tunnel Fragmentation: Incorrect MTU settings in an SD-WAN tunnel can lead to packet fragmentation, which can slow down or break connections, particularly for applications like VoIP or video conferencing. Testing the physical interface helps ensure smooth, uninterrupted traffic flow.
Optimal Path Selection: By verifying the MTU along a direct physical path, you can confirm that the SD-WAN solution is selecting the most efficient route for critical traffic, avoiding unnecessary fragmentation or latency.
Wrap
tracepath
is an essential tool in the SD-WAN engineer’s arsenal, particularly when diagnosing issues related to MTU. While tracepath
alone is limited to testing the SD-WAN tunnel, combining it with split tunneling rules and testing from a connected device allows engineers to verify the true network path MTU. On Windows, alternative methods such as MTU-Path or manual ping and tracert combinations can achieve similar results.
For businesses using SD-WAN in mission-critical environments, especially when implementing services like VoIP, keeping a close eye on MTU values can dramatically improve performance and reduce troubleshooting time.