Skip to main content
Redhat Developers  Logo
  • Products

    Platforms

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat AI
      Red Hat AI
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • View All Red Hat Products

    Featured

    • Red Hat build of OpenJDK
    • Red Hat Developer Hub
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenShift Dev Spaces
    • Red Hat OpenShift Local
    • Red Hat Developer Sandbox

      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Secure Development & Architectures

      • Security
      • Secure coding
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • Product Documentation
    • API Catalog
    • Legacy Documentation
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Network observability using TCP handshake round-trip time

February 27, 2024
Dushyant Behl Julien Pinsonneau Mohamed Mahmoud
Related products:
Red Hat OpenShiftRed Hat OpenShift Container Platform

Share:

    In Red Hat OpenShift Container Platform (RHOCP), ensuring efficient packet delivery is paramount for maintaining seamless communication between applications. However, challenges like network congestion, misconfigured systems, or hardware limitations can lead to slow connections, impacting overall performance. Round-trip time (RTT), typically measured in milliseconds, plays a crucial role in monitoring network health and diagnosing issues.

    Implementing smooth round-trip time (SRTT) with eBPF

    The RTT is the time it takes for a packet to travel from the sender to the receiver and back. In a network, RTT can vary due to factors like network congestion, varying route lengths, and other dynamic conditions. SRTT is introduced to provide a more consistent and less jittery representation of the RTT.

    In Transmission Control Protocol (TCP), RTT is a crucial metric.

    Our implementation leverages eBPF to register to fentry eBPF hook for tcp_rcv_established(). We extract the SRTT (smooth round-trip time) value from TCP sockets, correlating it to existing flows and enriching them with RTT values in nanoseconds.

    When a new NetObserv flow is created and the RTT feature is enabled, an initial RTT of 10usec is assigned. This initial value for RTT may be considered quite low.

    Upon triggering the eBPF socket, the flow RTT value is updated to reflect the maximum RTT value for that specific flow. See Figure 1.

    For more detailed explanation of smoothed RTT estimation, refer to Karn's algorithm paper.

    tcp RTT calculation
    TCP RTT calculation
    Figure 1: TCP RTT calculation.

    Why use fentry eBPF hook?

    The eBPF fentry programs have lower overhead as they trigger the hook before calling the kernel function of interest.

    In our implementation:

    1. Register and link fentry hook for kernel's tcp_rcv_established()
      SEC("fentry/tcp_rcv_established")
      int BPF_PROG(tcp_rcv_fentry, struct sock *sk, struct sk_buff *skb) {
          if (sk == NULL || skb == NULL) {
              return 0;
          }
          return calculate_flow_rtt_tcp(sk, skb);
      }
    2. Reconstruct the NetObserv flow key, including incoming interface Layer2, Layer3, and Layer4 info.

    3. Match existing flows in the PerCPU hashmap flow table and enrich them with SRTT info from TCP sockets. If multiple SRTT values exist for the same flow, we take the maximum value.

    Currently, our approach calculates RTT only for the TCP packets so flows, which are non-TCP, do not show RTT information.

    Potential use cases

    Flow RTT captured from eBPF flow_monitor hookpoints can serve various purposes.

    • Network monitoring: Gain insights into TCP handshakes, helping network administrators identify unusual patterns, potential bottlenecks, or performance issues.

    • Troubleshooting: Debug TCP-related issues by tracking latency and identifying misconfigurations.

    How to enable RTT

    To enable this feature, we need to create a FlowCollector object with the following fields enabled in eBPF config section as below.

    apiVersion: flows.netobserv.io/v1beta2
    kind: FlowCollector
    metadata:
      name: cluster
    spec:
      agent:
        type: eBPF
        ebpf:
          features:
            - FlowRTT

    A quick tour of the UI

    Once the FlowRTT feature is enabled, the RHOCP console plug-in automatically adapts to provide additional filter and show information across Netflow Traffic page views.

    Open your RHOCP console and move to Administrator view -> Observe -> Network Traffic page as usual.

    A new filter, Flow RTT is available in the common section. The FlowRTT filter will allow you to capture any flow that has an RTT more than a specific time in nanoseconds.

    For production users, filtering on the TCP protocol, Ingress direction, and looking for FlowRTT values greater than 10,000,000 nanoseconds (10ms) can help identify TCP flows with high latency. This filtering approach allows users to focus on specific network flows that may be experiencing significant delays. By setting a threshold of 10ms, you can efficiently isolate and address potential latency issues in your TCP traffic.

    Overview

    New graphs are introduced in the Advanced options -> Manage panels popup (Figure 2).

    advanced options
    advanced options
    Figure 2: Advanced options.
    • Top X average TCP handshake round-trip time with overall (donut or lines)
    • Bottom X minimum TCP handshake round-trip time with overall (donut or lines)
    • Top X maximum TCP handshake round-trip time with overall (donut or lines)
    • Top X 90th percentile TCP handshake round-trip time with overall (donut or lines)
    • Top X 99th percentile TCP handshake round-trip time with overall (donut or lines)

    These two graphs (see Figure 3) can help you to identify the slowest TCP flows and their trends over time. Use the filters to drill down into specific pods, namespaces, or nodes.

    RTT graphs
    RTT graphs
    Figure 3: RTT graphs.

    Traffic flows

    The table view (Figure 4) shows the Flow RTT in both column and side panel.

    RTT Table
    RTT Table
    Figure 4: RTT table.

    Topology

    Last but not least, the topology view displays min / max / avg / p90 / p99 RTT latency on edges. Clicking on a node or an edge will allow you to see per direction metrics and the related graph. See Figure 5.

    RTT topology
    RTT topology
    Figure 5: RTT topology.

    Future improvements

    Here is a non-exhaustive list of future improvements coming for a full featured round-trip time analysis:

    • Latest RTT in Topology view
    • Prometheus metrics and alerting

    Feedback

    We hope you liked this article!

    NetObserv is an open source project available on GitHub. Feel free to share your ideas, use cases, or ask the community for help.

    Related Posts

    • Network observability with eBPF on single node OpenShift

    • Secure your Kubernetes deployments with eBPF

    • Why you should use io_uring for network I/O

    • Network debugging with eBPF (RHEL 8)

    • How debugging Go programs with Delve and eBPF is faster

    • eBPF application development: Beyond the basics

    Recent Posts

    • Integrate incident detection with OpenShift Lightspeed via MCP

    • One model is not enough, too many models is hard: Technical deep dive

    • What's new in Ansible Automation Platform 2.6

    • Quantum computing 101 for developers

    • LLM Compressor 0.8.0: Extended support for Qwen3 and more

    What’s up next?

    Share Image

    This cheat sheet gets you started using Ansible to automate tasks on Cisco Meraki, an enterprise-cloud managed networking solution for managing access points, security appliances, L2 and L3 switches, and more.

    Get the cheat sheet
    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Platforms

    • Red Hat AI
    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    • See all products

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue