Thursday, August 3, 2017

Performing iPerf, jPerf and WAN Killer for Network Bandwidth Measurement

iPerf is a very popular network bandwidth and link quality measuring tool. I've personally used it numerous times whenever I provision or troubleshoot a new network link. It also provides a more accurate bandwidth test result compared to Speedtest. Below is my iPerf lab which resembles a client/server network topology.


The iPerf Server resides on the Internet cloud and has a public IP address of 200.1.1.10/24.



The iPerf Client used a private IP address of 192.168.1.10/24. It's more convenient if you put the iPerf.exe file on the main C folder (on a Windows machine). You can change the directory by typing cd.. in MS DOS command prompt.


iPerf uses TCP port 5001 by default. Just type iperf -s on the iPerf Server to listen for client connections on TCP port 5001. Type iperf -c <SERVER IP ADDRESS> on the iPerf Client. Below is an iPerf test using the default settings.



Type iperf --help to list all iperf command arguments. There's a free iPerf tutorial which explains the usage of these commands.


You can print or display various formats in iPerf. In this example, type iperf -c <SERVER IP ADDRESS> -f <BANDWIDTH FORMAT> -r -t <SECONDS> on the iPerf Client. In the example, it displayed the bandwidth result in kilobits (k), took bi-directional bandwidth measurements (-r) and change the time duration of the test in seconds (-t).



Type -u to measure bandwidth, jitter and packet loss using UDP port (port 5001 by default). In this example, type iperf -c <SERVER IP ADDRESS> -u -b <BANDWIDTH> on the iPerf Client.



You can also define other port number using the -p <PORT-NUMBER> argument. In this example, type iperf -c 200.1.1.10 -p 12345 on the iPerf Client.



jPerf is the graphical user interface (GUI) version of iPerf which is based on Java. It also measures the network bandwidth using TCP 5001 by default.



UDP can also test the network jitter and packet loss of the link. This is applicable for testing high latency link such as VSAT since it doesn't wait for acknowledgement packets (ACK) which is common in a TCP 3-way handshake.



Another network bandwidth testing tool is the WAN Killer. It is one of the many tools included in Soalrwinds network engineer's toolset. Just type the target hostname or IP address > select the Protocol to use (UDP by default) > select the bandwidth to use.




TCP ports seem to be blocked so it's better to use UDP instead when using this tool.


I just used a single Layer 3 switch (Cisco 3560) for my iPerf lab with the iPerf Server on VLAN 10 and iPerf Client on VLAN 20.


SW1#show run
Building configuration...

Current configuration : 3507 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
username admin privilege 15 password 0 cisco
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!        
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
 description ### iPERF CLIENT - 192.168.1.10 ###
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/24
 description ### iPERF SERVER - 200.1.1.10 ###
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 ip address 200.1.1.1 255.255.255.0
!
interface Vlan20
 ip address 192.168.1.1 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
 password cisco
 logging synchronous
 login
line vty 0 4
 password cisco
 logging synchronous
 login
line vty 5 15
 login
!
end      


SW1#show interface f0/23
FastEthernet0/23 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0016.c756.6199 (bia 0016.c756.6199)
  Description: ### iPERF CLIENT - 192.168.1.10 ###
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 15/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 6212000 bits/sec, 1233 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     3786091 packets input, 4432413741 bytes, 0 no buffer
     Received 3366 broadcasts (466 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 466 multicast, 0 pause input
     0 input packets with dribble condition detected
     815837 packets output, 600932680 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

SW1#show interface f0/24
FastEthernet0/24 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0016.c756.619a (bia 0016.c756.619a)
  Description: ### iPERF SERVER - 200.1.1.10 ###
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 16/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 6387000 bits/sec, 1278 packets/sec
     814208 packets input, 601004633 bytes, 0 no buffer
     Received 2174 broadcasts (1368 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 1368 multicast, 0 pause input
     0 input packets with dribble condition detected
     3821386 packets output, 4451877850 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out


Another way to "kill" the WAN circuit bandwidth is to perform an extended ping using the largest datagram size. You can check the interface bandwidth using the show interface command or monitor using an MRTG tool. Use the ping timeout (set it to 1 second) if there's ICMP/ping blocking on the remote network.


SW1#ping 192.168.1.10 size ?                         
  <36-18024>  Datagram size

SW1#ping 192.168.1.10 size 18024 ?
  data      specify data pattern
  df-bit    enable do not fragment bit in IP header
  repeat    specify repeat count
  source    specify source address or name
  timeout   specify timeout interval
  validate  validate reply data
  <cr>

SW1#ping 192.168.1.10 size 18024 repeat ?
  <1-2147483647>  Repeat count

SW1#ping 192.168.1.10 size 18024 repeat 1000

Type escape sequence to abort.
Sending 1000, 18024-byte ICMP Echos to 192.168.1.10, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 8/15/42 ms


SW1#show interface f0/23                             
FastEthernet0/23 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0016.c756.6199 (bia 0016.c756.6199)
  Description: ### iPERF CLIENT - 192.168.1.10 ###
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 2/255, rxload 26/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 10520000 bits/sec, 2184 packets/sec
  5 minute output rate 842000 bits/sec, 74 packets/sec
     6346662 packets input, 5934775644 bytes, 0 no buffer
     Received 3906 broadcasts (472 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 472 multicast, 0 pause input
     0 input packets with dribble condition detected
     842067 packets output, 636962504 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

SW1#show interface f0/24                   
FastEthernet0/24 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0016.c756.619a (bia 0016.c756.619a)
  Description: ### iPERF SERVER - 200.1.1.10 ###
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 24/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 9683000 bits/sec, 2108 packets/sec
     814569 packets input, 601046522 bytes, 0 no buffer
     Received 2357 broadcasts (1433 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 1433 multicast, 0 pause input
     0 input packets with dribble condition detected
     6333672 packets output, 5905968354 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

Saturday, July 1, 2017

Free Cisco Nexus 7010 Simulator

I was searching for a Nexus OVA so I can do some virtual labs and practice device "hardening" on the Nexus switch platform. I already got the Nexus 9000v NX-OS downloaded (a 700 MB file) but I later found out there's a free simulation software called the Nexus 7010 Simulator. It's primarily used to study and practice NX-OS CLI for the CCNA Data Center certification exam. The simulator file is only 20 MB and the setup is quick and easy.

Just follow the setup wizard for the installation.



Type your email address and click Register.
 


Click Start (the green power icon on the far right).
 

Type y and type the "admin" password. The simulator won’t allow to use a weak password. Type a minimum of 8 character (alphanumeric) password.





Below are the available options when you click on Settings (the red lower left button).
 


I always like the “Matrix” feel and look. Click again on Settings to make the selections disappear.


You can also reset the switch config and do a reload by clicking on Setting > Reset Simulator > Delete switch configuration and restart > Yes.



The Nexus 7010 simulation tool has a limited set of CLI commands. I've ended up using Nexus Titanium instead on my other post.