IPERF Guide
IPERF Guide
Contents
What is IPERF?......................................................................................................................................... 1
How to use IPerf: ..................................................................................................................................... 2
How configure a Port-forwarding on the ASA .......................................................................................... 4
JPERF....................................................................................................................................................... 5
What is IPERF?
IPerf is a tool for network performance measurement, allowing the tuning of various parameters and
UDP characteristics. IPref reports bandwidth, delay jitter, datagram loss.
For our purpose the main idea of use IPerf is to determine if the VPN is causing or not a delay on the
communication.
Most likely the VPN is not the issue, IPref help us to prove this or in case we found a huge difference on
the speeds with and without the VPN allow us to focus on the ASA.
https://iperf.fr/
2. You need to download and run the tool on the Server and Client simultaneously.
3. Once you have the .zip file on your computer, extract all the information in a new folder.
4. Drive until the folder location through the windows command prompt, you can use DIR and CD
commands for this purpose.
If we want to start the server, we just need to place the command iperf.exe – s
On the client in order to run the TCP ping we use the command iperf –c <Server-ip-address>
Next step is to test the connection and get the bandwidth by passing the VPN; this can be achieved with
port forwarding on the ASA. By default IPerf use the port 5001, but you can change this with the
command iperf –s –p <port_number>
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-
firewalls/113024-asa-82-port-forward-00.html#forwarding
1. Create an object for the server and apply a Nat for the port-forwarding.
Host 10.0.0.15
2. If the customer has access-group on the interfaces we need to allow the TCP traffic.
Example:
Reference link:
http://www.petenetlive.com/KB/Article/0000077.htm
We can test that our port forwarding is working using a packet-tracer, example:
Now that we have this we can compare the output with the traffic through the VPN and without the
VPN.
Examples:
Over VPN
Without VPN
------------------------------------------------------------
Client connecting to 10.0.0.15, TCP port 5001
TCP window size: 63.0 KByte (default)
------------------------------------------------------------
3] Local 10.10.0.3 port 2445 connected with 10.0.0.15 port 5001
ID] Interval Transfer Bandwidth
3] 0.0-11.9 sec 1.62 MBytes 1.53 Mbits/sec
As we see, even bypassing the VPN we got similar outputs on the bandwidth. Which indicate the issue
can be either the ISP or internal network problems.
JPERF
There is also a Graphical tool of the IPref called jperf.
Based on my experience, I would recommend IPref as per is more stable and the outputs are easy to
understand.
https://code.google.com/p/iperf/
Jperf as server
Jpref as client
Randy Varela
Email: [email protected]