MTR:

MTR (like iPerf) is an open-source and free diagnostic tool widely available on multiple platforms.
MTR is a diagnostic tool that combines the functions of ping and traceroute. It visualizes packet travel across a network and identifies latency or packet loss issues at each hop. This makes it a useful tool for identifying performance degradation or bottlenecks that affect traffic passing through FortiGates.

Packet loss or high latency is only considered a real issue if it begins at a certain hop and continues through all subsequent hops, including the final IP destination.

To Use MTR:

Latency and packet loss between a FortiGate and its destination may negatively impact throughput. MTR can help to:

• Detect packet loss at specific hops.
• Measure latency and jitter.
• Reveal routing anomalies.
• Indicate MTU mismatches or fragmentation issues.

Below follow two examples:

Bad WinMTR result to google.com; high latency, packet loss, and jitter (latency variation).

As shown in the example above, it is possible to observe an increase in packet loss. In conclusion, there is an issue causing performance problems.

Good WinMTR result to google.com; low latency, no packet loss, no jitter (no latency variation).

Installing and Running MTR:

Windows (WinMTR):

1. Download from https://winmtr.net
2. Extract and run WinMTR.exe or WinMTR64.exe
3. Enter the destination IP or hostname.
4. Select 'Start' and allow it to run for 100+ packets.
5. Export the report as text or HTML.

LinuxInstall using a package manager:

• Debian/Ubuntu: sudo apt install mtr 
• RHEL/CentOS: sudo yum install mtr

Analyzing the Output:

Each hop in the path is displayed with statistics:

• Loss%: Percentage of packet loss.
• Avg/Best/Worst: Latency metrics.
• StDev: Jitter.

Points of interest:

• Consistent packet loss on a specific hop.
• Sudden increases in latency.
• Patterns that indicate MTU or fragmentation issues.

Recommendations:

• MTR can be used to complement FortiGate diagnostic tools and performance checks by identifying the specific hop or segment where network degradation occurs.
• If issues are detected in early hops, internal network components or the upstream ISP should be investigated.
• When escalation is necessary, MTR reports can be shared with service providers to request a better or more direct path to the destination.
• These methods aim to clarify the root cause of performance issues, which are frequently linked to latency, congestion, suboptimal routing, or packet loss along the path between FortiGate and the destination.

Conclusion:

MTR offers a practical and efficient way to measure path quality between a FortiGate and its destination. When used in conjunction with FortiGate’s diagnostic features, MTR enhances visibility into latency, loss, and performance bottlenecks across the network path.

Related articles:

Technical Tip: Low throughput troubleshooting
Technical Tip: How to verify bandwidth passing through a firewall policy
Technical Tip: How to test 10Gbps link speed performance on a FortiGate