check_ping vs. check_icmp?

[Andreas Ericsson]

Sean Dilda wrote:
> Andreas Ericsson wrote:
> 
>>
>> check_icmp can also be used in check_host mode (create a symlink 
>> check_host -> check_icmp and execute check_host) which runs extremely 
>> quickly to determine if a host is up whenever a service check fails. 
>> Ordinary check_ping would take 5 seconds to determine that the host is 
>> up in an ordinary setup, while check_host usually does the same trick 
>> in just about the same amount of time as it takes for a packet to make 
>> a round trip to the destination target (usually between 1 and 10 
>> milliseconds on a local network).
>>
>>
> 
> That sounds useful.  However, how does it do that without getting a lot 
> of false positives?

The keyword here is *usually*. In pseudo-code, it goes like this;

while(sent < packets_to_send) {
	send_packet(sent++);
	wait_for_packet();
	if(response_is_proper_ICMP_ECHOREPLY) {
		print_timing_info();
		exit();
	}
}

In check_host mode, it'll wait by default 0.2 seconds for each packet 
before sending a new one until it reaches the maximum completion time, 
which is calculated by multiplying the number of IP-addresses to ping 
(if you're using a resolvable hostname with check_host it'll try to ping 
all the addresses. If any is up it'll return OK), the number of packets 
to sent and the critical threshold. When all packets are sent and none 
still has come in, it'll wait the remainder of the max_completion_time 
or until it gets the signal-based ALARM (by default ten seconds).

You'll only get the extremely fast response time when the host is up and 
responding to ping properly, which is usually the case. Nagios runs a 
hostcheck immediately whenever a service reports non-ok, so this is 
really a major benefit.

If you're interested in even more details, download the latest 
plugin-release at oss.op5.se/nagios and run:
check_host -vvvv www.microsoft.com
check_host -vvvv www.google.com
check_host -vvvv www.microsoft.com www.google.com

www.microsoft.com doesn't allow pings, while www.google.com does


>  If the network is just a little loaded, it sounds 
> like it'll report a host as down when its not.
> 

It won't. Trust me on this.

> For what its worth, its not too difficult to get check_ping to only take 
> 1 second to timeout.  However, that's still longer than 1 to 10 
> milliseconds.
> 

If you're referring to the -t flag to check_ping, you'll then force it 
to kill the ping program as it doesn't pass any -i flag to it. This 
means the ping binary will only send one packet per second and thus 
can't possibly complete in less than (number_of_packets) seconds unless 
you change the code and re-compile. Unfortunately, this is beyond most 
users and in general more hassle than it's worth since check_icmp does 
it a whole lot faster anyways.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null