By Manny Fernandez

April 20, 2019

iperf for Network Geeks

Throughout my career (over 27 years as of the writing of this post), I have needed to identify where problems exist.  For the most part, I have lived by the mantra of ‘When in doubt, sniff it out’ which I have used tcpdump, Wireshark (formally, Ethereal), Sniffer Pro, and other similar applications.  The other one that I have used for quite some time is ‘iperf‘.  Iperf is a command line tool that runs in memory that allows you to test throughput on a WAN circuit or LAN connection.

In 2012, I had the pleasure of working the Presidential debate between President Obama and Mitt Romney.  I am not a Republican or a Democrat, but I did have fun taking pictures with uber Left folks and send them to my Republican friends, and taking pictures with the uber Right folks and sending them to my Democrat friends.  Aside from all that political trolling I did, we managed to deploy a bunch of switches, phones, NAC, and other security solutions.  One of the challenges was when the press started to show up and connect their devices to the network and test broadcasting and connecting to their respective back-ends.  At the debate we had (2) 1Gbps circuits provided by AT&T.  They were gracious enough to provide me a Linux box on their backbone and gave me root access to it.  I installed iperf on the server.  I was then able to test and essentially crush my circuits ensuring I was getting the bandwidth.  OBVIOUSLY, had it not been the Presidential Debate, they would have told me to go pound sand.

There are a few main versions of iperf.  Essentially it is v1, v2, and v3.  Each have subversions and they operate somewhat the same.  Most importantly from a firewall perspective is the default ports they use.  v1 and v2 use 5001 while v3 uses 5201.

The main differences between 2 and 3, aside from a complete re-write is that v3 support IPv6.

Lets get started.  I have two virtual machines running CentOS 7x.  They had iperf v2 installed and later, I installed iperf3.

2019-04-20_16-02-06

Here is my CentOS box.  You can validate the version of iperf you are running by typing:

iperf -v
or
iperf3 -v

This will display the version.  Note: that version 1 and version 2 both use the same name for the iperf executable which is simply ‘iperf’ however iperf v3, uses the ‘iperf3’ as the name.  Obviously, you can rename as needed but wanted you to be aware.

Server Mode

This is very simple.  To run in ‘server’ mode, all you need to do is give the ‘iperf’ command followed by a ‘-s’.  Optionally on v2, you can add an additional ‘-u’ to denote UDP instead of the default of TCP.  In v3, you can run the ‘-s’ and the ‘client side’ is the one that dictates if it will be UDP or TCP.

2019-04-20_16-47-43

Here we can see the v2 in server mode.

2019-04-20_16-48-36

Above, we can see the server mode with the UDP option.

Client Mode

To run the client mode, you add the ‘-c‘ switch to the ‘iperf’ command along with the IP or hostname of the server.  NOTE:  Be careful that the host does not resolve to an IPv6 address if you are running v1 or v2 of iperf as it will choke on you.  Additionally, you can add the ‘-u‘ to make the connection UDP.  The other option on v1 and v2 is the ‘-d‘.  The ‘-d’ will test both ways (upload and download).

2019-04-20_15-32-29

2019-04-20_15-34-25

As you can see in the output, running in UDP mode takes certain liberties and uses defaults.  Those defaults are 1Mbps.  You can see the difference between the two outputs.

2019-04-20_15-37-51.png Above, you can see the output of the ‘-d’ which tests upload and download.  Notice the ports.

Installing iperf3

After testing the iperf v2, I wanted to install v3.

2019-04-20_15-40-30

You can see that we installed v3.1.7 on this CentOS box.

2019-04-20_15-45-26.png

The iperf3 output is a little different because it displays the per second output.  You can get sort of the same output in v2 by using the ‘-i 1’ for ever one second.

If you want to find the documentation and all the commands/syntax, check out the man page or go to their site

Use Case

I use iperf everyday.  I use it to prove that our firewall is not causing the problems being seen by a customer or to test connectivity though switches, access points, etc.

Another option is to create a cron job and script it out to get you information throughout the day.  Although there are other solutions capable of this.

iperf is available on almost every platform you can think of that is readily being used today.

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • Overview FortiOS 8.0 introduces custom tags as a first-class... Full Story

  • These are two distinct mechanisms on FortiOS, and conflating... Full Story

  • Replacement messages are the pages and text blocks that... Full Story