Debugging a slow ping on xubuntu 11.10

For some reason, the ping utility was extremely slow on my home computer. Example:

bredsaal@semtex:~$ time ping -c1 bredsaal.dk
PING bredsaal.dk (199.127.225.200) 56(84) bytes of data.
64 bytes from 199.127.225.200: icmp_req=1 ttl=52 time=206 ms

--- bredsaal.dk ping statistics ---  
1 packets transmitted, 1 received, 0% packet loss, time 0ms  
rtt min/avg/max/mdev = 206.637/206.637/206.637/0.000 ms

real 0m5.316s  
user 0m0.000s  
sys 0m0.000s

The round trip time for the ICMP packet is 206 milliseconds and yet, it takes over 5.3 seconds for the ping utility to complete.

Now, why would that be? Well, to find out, I tried to time the ping utility pinging the IP address of bredsaal.dk - it completed in 271 milliseconds. Obviously, this would indicate a problem with DNS, since it takes over 19.6 times as long to ping the domain name, compared to the IP address.

So, I timed the host utility, resolving bredsaal.dk:

bredsaal@semtex:~$ time host bredsaal.dk
bredsaal.dk has address 199.127.225.200
bredsaal.dk has IPv6 address 2001:470:33:2::1a4
bredsaal.dk mail is handled by 10 mail01.mxhotel.dk.

real 0m0.167s  
user 0m0.004s  
sys 0m0.004s

Okay, 167 milliseconds. Obviously, it's not a problem with DNS then... Now I was baffled, I mean, ping takes 19.6 times as long to complete when pinging the domainname compared to the IP address, yet the host utility completed quickly. I tried pinging google.com as a hostname and as an IP address. Both was complete before 170 milliseconds had passed.  I tried some other domain name/IP address combinations, all returned within 100milliseconds of each other.

So I turned to the strace utility, which is a debugging tool for Linux. It monitors the system calls used by a program and all the signals the program receives. Now, if you have never seen the output from strace before, it can be a bit daunting at first. Even for a relatively simple program like ping, the output was 207 lines long.

Anyhow, I ran this code sudo strace -ttt -o /tmp/ping_strace ping -c1 bredsaal.dk and found these lines where around 5 seconds elapses:

1329086321.138837 connect(4, {sa_family=AF_FILE, path="/var/run/avahi-daemon/socket"}, 110) = 0
1329086321.139002 fcntl(4, F_GETFL) = 0x2 (flags O_RDWR)
1329086321.139051 fstat(4, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
1329086321.139127 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdf2a05f000
1329086321.139181 lseek(4, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
1329086321.139285 write(4, "RESOLVE-ADDRESS 199.127.225.200\n", 32) = 32
1329086321.139516 read(4, "-15 Timeout reached\n", 4096) = 20
1329086326.141608 close(4) = 0`

Basically, what these lines means is, that AFTER the pinging has completed, the ping utility will try to lookup the IP address of bredsaal.dk through avahi. Avahi allows computers to identify themselves on the network (among other things), so that other computers can find them easily. Avahi is okay, but it apparently cannot look up the IP address 199.127.225.200. :-(

I tried disabling avahi, and sure enough, I could ping bredsaal.dk faster than ever (TM). Obviously, this wasn't really a fix.

So what? Well, I looked in ping's manual page and found this:

-n Numeric output only. No attempt will be made to lookup symbolic names for host addresses.

So, I tried with that flag and avahi on:

bredsaal@semtex:~$ time ping -n -c1 bredsaal.dk
PING bredsaal.dk (199.127.225.200) 56(84) bytes of data.
64 bytes from 199.127.225.200: icmp_req=1 ttl=52 time=274 ms

--- bredsaal.dk ping statistics ---  
1 packets transmitted, 1 received, 0% packet loss, time 0ms  
rtt min/avg/max/mdev = 274.510/274.510/274.510/0.000 ms

real 0m0.385s  
user 0m0.000s  
sys 0m0.000s

Excelent! I can ping stuff without waiting forever. So, to make ping work fast all the time, I did this:

echo "alias ping='ping -n'" >> ~/.bashrc

Now, obviously this isn't a real fix either, but it works better for me than disabling avahi. If you have any insight as to why avahi fails to do a reverse lookup on 199.127.225.200, please enlighten me. :-)


Written by Jannich Brendle man 13 februar 2012 In How to

tags: buggy softwaredebuggingsolutionsubuntu

Related posts

social