🗜️Installing & Using tracepath on an SD-WAN Edge for MTU Testing🔩

🗜️Installing & Using tracepath on an SD-WAN Edge for MTU Testing🔩

How to Install & Use tracepath for MTU Testing on SD-WAN Edge Networks

When troubleshooting network issues on an SD-WAN edge, determining the MTU (Maximum Transmission Unit) size along a path is critical for ensuring optimal data flow. Tools like tracepath are invaluable for this task, as they allow network engineers to trace the path and determine the MTU on each hop, pinpointing potential issues. This article explains how to install and use tracepath for SD-WAN edge environments, including some advanced techniques to select an interface and test a tunnel-free path.

1. Installing Tracepath on an SD-WAN Edge (Linux Environment)

To install tracepath on an SD-WAN edge running a Linux-based OS (common for many SD-WAN solutions):

sudo apt update
sudo apt install iputils-tracepath

This installs the tracepath tool, which is part of the iputils package in most Linux distributions.

2. Running Tracepath to Check MTU Over a Tunnel

By default, running tracepath will check the MTU along the tunnel path. The command:

tracepath <destination>

will trace the route to a specified destination and identify the largest possible packet size that can traverse the path without fragmentation.

However, when running tracepath on an SD-WAN edge, this will typically show the MTU within the tunnel, and not the MTU of the underlying physical network path.

3. Advanced Usage: Selecting an Interface for Tracepath

In an SD-WAN deployment, selecting a specific interface to bypass the tunnel for MTU testing is a bit more complex. The SD-WAN tunnel typically abstracts multiple paths, and tracepath alone cannot select which interface to test unless specific routing rules are set up.

The solution is to create a split tunnel using a classification that bypasses the SD-WAN tunnel and sends traffic directly over the physical link. To achieve this, follow these steps:

  • Step 1: Define a split-tunneling rule in your SD-WAN solution. This rule should classify specific traffic (e.g., ICMP or certain IP addresses) to bypass the encrypted tunnel and route directly through the underlying physical interface.

  • Step 2: Once the classification is in place, you can connect a testing device, such as a laptop or a Virtual Network Function (VNF) instance, to the SD-WAN edge. This device will allow you to run tracepath and test the MTU on the split tunnel.

For example, once the bypass is set up, on your testing device:

tracepath <destination>

will show the MTU values along the direct path, not the encapsulated SD-WAN tunnel, allowing you to identify the true bottlenecks and configuration issues.

4. MTU Testing from Windows Devices

If you're testing MTU issues from a Windows device connected to the SD-WAN edge, tracepath is not natively available. However, you can:

  • Option 1: Download a third-party MTU path discovery tool (such as MTU-Path), which will give you similar functionality to tracepath.

  • Option 2: Perform a manual test using a combination of ping and tracert. This method, while less automated, can still help determine MTU issues. Here's how:

    • Ping with varying packet sizes: Start by sending ICMP ping packets with different sizes to determine the maximum packet that can traverse without fragmentation. For example:

        ping -f -l <packet size> <destination>
      

      Increase or decrease the packet size to find the maximum MTU.

    • Tracert: Use tracert to determine the path, similar to tracepath. While tracert doesn't measure MTU, it complements the ping tests for route discovery.

5. Why Split Tunneling for MTU Testing is Important

When working with SD-WAN, many issues related to performance arise from misconfigured or misaligned MTU values. Split tunneling allows you to break free from the abstracted tunnel view, giving you insight into how your edge devices are handling traffic at the raw network level. The following benefits highlight why it’s crucial:

  • Avoid Tunnel Fragmentation: Incorrect MTU settings in an SD-WAN tunnel can lead to packet fragmentation, which can slow down or break connections, particularly for applications like VoIP or video conferencing. Testing the physical interface helps ensure smooth, uninterrupted traffic flow.

  • Optimal Path Selection: By verifying the MTU along a direct physical path, you can confirm that the SD-WAN solution is selecting the most efficient route for critical traffic, avoiding unnecessary fragmentation or latency.

Wrap

tracepath is an essential tool in the SD-WAN engineer’s arsenal, particularly when diagnosing issues related to MTU. While tracepath alone is limited to testing the SD-WAN tunnel, combining it with split tunneling rules and testing from a connected device allows engineers to verify the true network path MTU. On Windows, alternative methods such as MTU-Path or manual ping and tracert combinations can achieve similar results.

For businesses using SD-WAN in mission-critical environments, especially when implementing services like VoIP, keeping a close eye on MTU values can dramatically improve performance and reduce troubleshooting time.