Using iperf to measure the bandwidth and quality of network

According to iperf project site. This writeup is taken from iPerf Tutorial by OpenManiak. For a more detailed and in-depth writeup, do real up the iPerf Tutorial 

Iperf was developed by NLANR/DAST as a modern alternative for measuring maximum TCP and UDP bandwidth performance. Iperf allows the tuning of various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, datagram loss.

Iperf can generate traffic using TCP and UDP Traaffic to perform the following kinds of test

  • Latency (response time or RTT): can be measured with the Ping utility.
  • Jitter: can be measured with an Iperf UDP test.
  • Datagram loss: can again, be measured with an Iperf UDP test.
  • Bandwidth tests are done using the Iperf TCP tests

Iperf uses the unique characteristics of TCP and UDP to provide statistics about network links. (TCP checks that the packets are correct sent to the receiver. UDP is sent without any checks.

Iperf can be easily installed on the linux box. After downloading the package,  you can do a

# tar -zxvf iperf-2.0.5.tar.gz
# cd iperf-2.0.5
# ./configure
# make
# make install
# cd src

IPerf follows a client-server model. The Server or the Client can be linux or windows. Since this blog is linux, our server and client will be both linux.

Do note that the ipef client connects to the iperf server through port 5001. The bandwidth is from the client to the server.

1. Single Data Uni-Direction with Data Formatting

On the Client, we can use the following format

  1. -f argument display the results in the desired format
  2. The following parameter for formatting ( bits(b), bytes(B), kilobits(k), kilobytes(K), megabits(m), megabytes(M), gigabits(g) or gigabytes(G).
# iperf -c -f G

On the Server, we just use

# iperf -s

2. Bi-directional bandwidth measurement (-r parameter )

By default, the connection from client connection to the server is measured. But with the “-r” argument inclusion, the iperf server will re-connects back to the client thus allowing the bi-drectional measurement.

On the Client Side

# iperf -c -r -f G

On the Server Side

# iperf -s

3. Simultaneous bi-directional bandwidth measurement: (-d argument)

# iperf -c -d -f G

On the Server Side

# iperf -s

4. Interval Settings ( -t timing, -i interval)

On the Client Side, 

# iperf -c -t 20 -i 1

On the Server Side

# iperf - s

5. UDP Settings (-u) and Bandwidth Settings (-b)

The UDP tests with the -u argument will give invaluable information about the jitter and the packet loss. If there is no -u parameter, iperf will default to TCP

On the Client Side

# iperf -c -u -b 10m

On the Server side, (-i interval)

# iperf -c -u -i 2

6. Parallel tests (-P argument, number of parallel):

On Client side

# iperf -c -P 4

On Server  side,

# iperf -s

Recommended /etc/sshd_config parameters for OpenSSH

There are a few settings at /etc/ssh/sshd_config we can set to improve security, performance and user experience. Many of this information comes from SSH The Secure Shell, 2nd Edition from O’Reilly

1. Using SSH-2 Protocol and disable SSH-1 protocol altogether

Protocol 2

2. Ensure that the HostKey and PidFile are located on a machine’s local disk and not over the NFS mount. The default setting should be in the machine local file like those below

HostKey /etc/ssh/ssh_host_key
PidFile /var/run/

3. File and directory permissions

The StrictModes value requires users to protect their SSH-related files and directories or else they will not authenticate.The default values is yes

StrictModes yes

4. Enable KeepAlive messages

Keepalive messages are enabled so that the connections to clients that have crashed or unreachable will terminate rather than be an orphaned process which require manual intervention by sysadmin to eliminate it.

Port 22 
TcpKeepAlive yes

5. Disable Reverse DNS lookup

UseDNS no

6. Select a shorter grace login time

The default grace login is 2 minute which you might want to change. The value here is 30 seconds

LoginGraceTime 30

7. Authentication

The default setting are fine unless you wish to use Public-Key Authentication and wish to disabled Kerberos, Interactive and GSSAPIAuthentication

PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
RSAAuthentication yes
RhostsRSAAuthentication no
HostbasedAuthentication no
KerberosAuthentication no
ChallengeResponseAuthentication yes
GSSAPIAuthentication no
IgnoreRhosts yes

8. Access Control

If you wish to allow only selected users or groups to use ssh, you would like to use

AllowGroups users
AllowUsers me_only
DenyGroups black_list
DenyUsers hacker_id

For more information, see How do I permit specific users SSH access?
9. Securing TCP port forwarding and X forwarding

AllowTcpForwarding yes
X11Forwarding yes

Copper Twisted-Pair versus Optical Fibre at 10Gb/s

This write up entry is taken from this wonderful article from Corning titled “The Real Facts About Copper Twisted-Pair at 10 Gb/s and Beyond” (pdf)

    1. The IEEE 802.3an 10GBASE-T Standard was  approved in July 2006. This standard provides guidance for data transmission of 10 Gb/s in which multi-gigabit rates are sent over 4-pair copper cable within a 500 MHz bandwidth.
    2. CAT 6A is intended to support 10G Operation up to 100m.
    3. For 10GB require 500 Mhz frequency range requires power consumption (10-15KW) of the 10G interfaces due to increased insertion loss, as well as needing to overcome internal and external cross talk issues.
    4. 10G optical PHY latency has 1000 times better latency performance than 10G copper. 10G optical has typical PHY latency measurable in the nanosecond range, whereas 10G copper has PHY latency in microseconds.
      • What is Latency?  Extensive data encoding and signal processing is required to achieve an aceptable bit error rate (BER). Electronic digital signal processing (DSP) technique are required to corrct internal noise impairments, which contributes significantly to an inherent time delay while recovering the transmitted data packets.
    5. According to Sun Microsystems IEEE 302.3an Task Force, states that “PHY latency should not exceed one microsecond … it may start affecting Ethernet over TCP/IP application performance in the foreseeable future.”
    6. CAT 6A cable has a larger diameter, designed to alleviate internal and external cross talk noise issues. The 0.35 in maximum cable diameter is 40 percent larger than CAT 6 (0.25 in).This contributes to significant pathway and space problems when routing in wire baskets, trays, conduits, patch panels and racks. A typical plenum CAT 6A UTP cable weighs 46 lbs per 1000 ft of cable.
    7. 10G optical electronics provide clear advantages over copper twisted-pair.
      • 10G X2 transceivers support up to 16 ports per line card. Maximum power dissipation is 4 W per port.
      • 10G XFP optical transceivers support up to 24-36 ports per line card. Maximum power dissipation is 2.5 W per port.
      • Emerging 10G SFP+ optical transceivers will support up to 48 ports per line card. Maximum power dissipation will be 1 watt per port. The SFP+ transceiver will offer significantly lower cost compared to the X2 and XFP transceivers.
    8. High Port Density for Fibre provides a higher 10G port density per electornic line card and patch panel as compared to copper. One 48-port line card equals 6 9-port copper line cards
    9. Fibre provide less congestion in pathways and spaces. The high-fiber density, combined with the small diameter of optical cable, maximizes the raised floor pathway and space utilization for routing and cooling