Measure network jitter and packet retransmits/drops

Tydorius · May 13, 2021, 6:50pm

I am working on an Elastic Stack that will be used to measure network activity in a testbed for various pieces of equipment.

My current hurdle is around measuring jitter and packet retransmits and drops.

Has anyone used one of the existing beats, with or without aggregation or other processing methods, to successfully measure these items?

Even if it's something like a script that dumps data into a log file that's then pushed by filebeat into the stack, that would be a phenomenally helpful thing to see how it's done.

Thank you for your time.

Tydorius · May 14, 2021, 1:39pm

I've managed to pull some latency data by using Heartbeat and http.rtt.response_header.us, so now I am attempting to put together a script to calculate jitter.

In case anyone is really good at scripting/TSVB but don't know what Jitter is, here is an example:

Jitter is the average difference in latency for a series of packets.

Packet Response Times
150
120
100
60
140

Changes in Response Time (All results kept positive)
150 - 120 = 30
120 - 100 = 20
100 - 60 = 40
140 - 60 = 80

Total Changes in Response Time: 170

Jitter, divide by the number of intervals (i.e. packets - 1)
Divide by Packets - 1 (i.e. Interval Counts)
170 / 4 = 42.5ms Jitter

So I need to write something that takes http.rtt.response_header.us, and compares it to its immediate predecessor to get my interval, and then run through the math. That will solve my Jitter issue. I'm still working on packet retransmissions and drops.

stephenb · May 14, 2021, 1:57pm

Packet Drops and Errors are natively part of metricbeat system network metricset see here and here

Don't think beats capture retrys

Tydorius · May 14, 2021, 3:07pm

Thank you! I thought I had gone through looking for those keywords on all of the metrics lists but I missed them.

So now I just need to work out jitter and retransmit.

stephenb · May 14, 2021, 3:38pm

Also in TSVB there is a serial difference function that you could make positive only but that will just be a graph not persisted in the the data, you can do math there as well I suspect divide by the number of sample etc... I will think about it a bit...

Perhaps I can try that with some heartbeat data I have...

stephenb · May 14, 2021, 9:21pm

Hi @Tydorius
Take A look at this.

Visualize -> TSVB

Panel Options

Data Settings

Data Options

Jitter Graph

Tydorius · May 17, 2021, 4:09pm

This looks promising! I'm going to mirror this in my environment and get back with you!

Thank you for your help, I'll mark as solution as soon as I confirm! I think retransmit is beyond what I'm able to look at for the moment, so I'll edit my initial post to note that for anyone that runs across this in the future.

Tydorius · May 17, 2021, 5:07pm

Resolved - Note to anyone that finds this thread, everything was resolved except retransmission. So if you're looking for details on retransmission packets you'll need to continue working.

Thank you again, @stephenb

stephenb · May 17, 2021, 5:08pm

Awesome!

system · June 14, 2021, 7:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.