IPREF

Contents
What is IPERF?......................................................................................................................................... 1
How to use IPerf: ..................................................................................................................................... 2
How configure a Port-forwarding on the ASA .......................................................................................... 4
JPERF....................................................................................................................................................... 5

What is IPERF?
IPerf is a tool for network performance measurement, allowing the tuning of various parameters and
UDP characteristics. IPref reports bandwidth, delay jitter, datagram loss.

For our purpose the main idea of use IPerf is to determine if the VPN is causing or not a delay on the
communication.

Most likely the VPN is not the issue, IPref help us to prove this or in case we found a huge difference on
the speeds with and without the VPN allow us to focus on the ASA.

Let’s use as example the following diagram:

How to use IPerf:

1. Go to the official IPerf site and download the tool

https://iperf.fr/

And download the latest version of the tool.

2. You need to download and run the tool on the Server and Client simultaneously.

3. Once you have the .zip file on your computer, extract all the information in a new folder.
 4. Drive until the folder location through the windows command prompt, you can use DIR and CD
commands for this purpose.

5. At this point we can start to execute the IPerf commands.

If we want to start the server, we just need to place the command iperf.exe – s

On the client in order to run the TCP ping we use the command iperf –c <Server-ip-address>

And we got something like below:

Client connecting to 10.0.0.15, TCP port 5001

CP window size: 63.0 KByte (default)
-----------------------------------------------------------
3] local 10.10.0.3 port 1769 connected with 10.0.0.15 port 5001
ID] Interval Transfer Bandwidth
3] 0.0-11.2 sec 2.12 MBytes 1.60 Mbits/sec
Alright at this point we have an idea of the bandwidth while we pass traffic across the VPN, is
recommended to run the command at least 3 times to have a better idea of the real bandwidth.

Next step is to test the connection and get the bandwidth by passing the VPN; this can be achieved with
port forwarding on the ASA. By default IPerf use the port 5001, but you can change this with the
command iperf –s –p <port_number>

How configure a Port-forwarding on the ASA.

Note: This port-forwarding needs to be configured on the ASA that is in front of your IPerf server

For 8.2 code and lower check the following link:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-
firewalls/113024-asa-82-port-forward-00.html#forwarding

8.4 And later.

1. Create an object for the server and apply a Nat for the port-forwarding.

Object network Internal_Web_Server

Host 10.0.0.15

NAT (inside, outside) static interface service tcp 5001 5001

2. If the customer has access-group on the interfaces we need to allow the TCP traffic.

Example:

Show run access-group

access-group inbound in interface outside
access-group outbound in interface inside

Access-list inbound permit tcp any object Internal_Web_Server eq 5001

Reference link:

http://www.petenetlive.com/KB/Article/0000077.htm
We can test that our port forwarding is working using a packet-tracer, example:

Packet-tracer input inside TCP 10.0.0.15 5001 10.10.0.3 5001

Now that we have this we can compare the output with the traffic through the VPN and without the
VPN.

Examples:

Over VPN

Client connecting to 10.0.0.15, TCP port 5001

CP window size: 63.0 Kbyte (default)
-----------------------------------------------------------
3] Local 10.10.0.3 port 1769 connected with 10.0.0.15 port 5001
ID] Interval Transfer Bandwidth
3] 0.0-11.2 sec 2.12 MBytes 1.60 Mbits/sec

Without VPN

------------------------------------------------------------
Client connecting to 10.0.0.15, TCP port 5001
TCP window size: 63.0 KByte (default)
------------------------------------------------------------
3] Local 10.10.0.3 port 2445 connected with 10.0.0.15 port 5001
ID] Interval Transfer Bandwidth
3] 0.0-11.9 sec 1.62 MBytes 1.53 Mbits/sec

As we see, even bypassing the VPN we got similar outputs on the bandwidth. Which indicate the issue
can be either the ISP or internal network problems.

JPERF
There is also a Graphical tool of the IPref called jperf.

Based on my experience, I would recommend IPref as per is more stable and the outputs are easy to
understand.

However here are some screenshots of the tool.

You can download from the link:

https://code.google.com/p/iperf/

Jperf as server
Jpref as client

Any question let me know,

Feel free to reach me for any question.

Randy Varela

Cisco TAC Support Engineer, VPN Team

Email: [email protected]