Measure Network Performance: iperf and ntop
iperf and ntop can give you handy, readable information on where the traffic is flowing on your network.
Last week we learned how to use iperf to measure network throughput, jitter, and datagram loss. Today we're going to learn more excellent ways to measure network performance using iperf and ntop, but first I have a couple of corrections to make.
OpenWRT, Little Blue Boxes, and Heavy Loads
In Tips and Tricks for Linux Admins: The State of the Tiny I said that those little Linksys boxes don't handle high loads well, especially peer protocols like Bittorrent. A reader kindly noted that this is not necessarily a hardware problem:
"The stock Linksys firmware and many derivatives, does not properly configure the firewall and the kernel for P2P traffic, specifically the connection tracking in iptables. It is not the fault of the router, but a configuration in the software... the WRTSL54GS has a 266Mhz processor, and a separate Ethernet interface channel for the WAN port, and it is my belief that this platform can handle P2P traffic without a problem, given the appropriate configuration."
Which is but one of many reasons why so many users are blowing away the stock firmware on these devices, and replacing it with OpenWRT, DD-WRT, and so forth. This same excellent reader also notes that
"...the Linksys devices actually come with a 5-port switch, and use VLAN tagging to assign 4 ports to the LAN VLAN (plus the wireless), and one port to the WAN VLAN. You can change the VLAN assignment easily with OpenWrt."
One more bit of clarification- in Part 1, I neglected to mention that I was running all those nifty iperf commands from my main workstation via ssh. I'm so used to running everything remotely from my main workstation I forget that not everyone does this. Thank you to "??puzzled reader??" for asking about this.
iperf Over the Internet
You can run iperf over the Internet as well as over your LAN. It's invaluable for seeing what's happening over a WAN link, whether it's a nice expensive dedicated link, or an OpenVPN tunnel over the Internet, or what-have-you. The best way is to have iperf on your border router. iperf is included with Pyramid Linux, and if your Linux-based router doesn't have it just copy the iperf binary to it. It doesn't need any special libraries, so any Linux system should already have what it needs.
I must divert briefly to a fascinating tangent. Running ldd /usr/bin/iperf on a system where it is already installed
shows which libraries it depends on. The very first one listed is this:
linux-gate.so.1 => (0xffffe000)
If you search for this you won't find it, because it does not exist. Read What is linux-gate.so.1? to learn a bit of fascinating kernel lore.
Now, getting back to running iperf over the Internet. Just use it in the usual way, except you'll be using Internet
admin@router1:~$ iperf -s user@remotepc:~$ iperf -c router1.yourdomain.com
IP addresses work too. You'll want to make sure that ports TCP/UDP 5001 are open in your firewall, or whatever ports you tell iperf to use. Don't forget to consult /etc/services for available ports, and to keep track of any custom ports you're using.