Use fallocate and SCP to quickly test Cisco network throughput

Monday, 16 Apr 2018

A rubber band, a paper clip and a drinking straw...

In a pinch where you can't use iPerf to test network throughput - either because you can't access/RDP onto a Windows/Linux host, or maybe can't download iPerf from the big bad Interwebs?  I've been here before, and armed with the following tools (like a Network MacGyver), you can use Secure Copy (the FTP of the SSH world) and a bit of Linux standard binary to do much the same job:

  • Cisco (or Juniper) Switch or Router
    • RW/Admin/Priv 15 access to write a bit of config
  • Linux Box (for fallocate binary)
  • Network connectivity between said Linux Box and Cisco Router/Switch

Method

On the Linux Box

  1. Login to your Linux Box
  2. Issue the following command to create a 1 GB test file called "1gb-test.bin":
    1. fallocate -l 1G 1gb-test.bin
  3. Check your file is 1 GB in size:
    1. ls -l 1gb-test.bin

On the Cisco Switch/Router

  1. Login to your Cisco Router or Switch
  2. Enable SCP File Copy:
    1. # Cisco ASA Firewalls
      conf t
      scp copy enable
      end
      
      # Cisco Switches/Routers
      conf t
      ip scp server enable
      end
  3. (If ASA Firewall) Check your Management Firewall Rules allow SCP (TCP/22) transfer to the Cisco Switch/Router
  4. Get the Disk identifier for your SD Card/NVRAM (usually it's "disk0:" or "bootflash:") and check you have enough free space (1 GB in this example, or 1,073,741,824 bytes) for the file transfer:
    1. dir

Back on the Linux Box

  1. Copy your 1 GB test file "1gb-test.bin" from the Linux Box onto the Cisco Switch/Router/Firewall (in this example, my Router is running Disk0: as the NVRAM/Flash Volume):
    1. scp -v 1gb-test.bin <USERNAME>@<CISCO_IP_ADDRESS>:disk0:1gb-test.bin
  2. Watch the SCP File Transfer statistics, and/or...

Back on the Cisco Switch/Router

  1. Check the tx/rx rate on the interface you are expecting traffic to come in on:
    1. sh int | i Interface|Desc|rate|tx|rx
  2. (ProTip) If you've not change the stock setting, it's only sampled every 5 minutes; change that to 30 seconds (or similarly more-frequent) with:
    1. conf t
      interface <X>/<Y>
       load-interval 30
      end

Results

That's it; if you're using the correct interface you are bothered about, you are now doing a TCP/22 (SSH/SCP) transfer of a 1 GB test file from a Linux Box to your Cisco Router/Firewall/Switch. Bear in mind that it might not be the throughput rate you are expecting (or what the LAN/WAN Link can actually perform at), due to a few limiting factors:

  • NVRAM/Flash Medium transfer speed (microSD Cards in ASR's are faster than, say, CompactFlash in older ISR's)
  • CoPP (Control Plane Policing)
    • Technically, SCP is Control Plane operation to the Router/Switch rather than Data Plane through the Router/Switch, so your SCP copy might be being rate-limited by this

Don't forget to delete your test file when you're done, and note if the file copy doesn't complete, the file isn't pre-allocated on IOS - so a subsequent "dir" will show no data written to disk.

I've personally found this useful for minimal "stress-testing", or to try and invoke some legitimate LAN/WAN traffic to show up on a NetFlow Collector or SNMP Polling NMS (maybe something like LibreNMS).

 

 

Just tweak the setting on the doofer...

Saturday, 14 Apr 2018

Welcome

Welcome to notworkd.io - the newest (probably irrelevant) Networking, Cloud, SDN, Technology blog by a bloke employed to make all this stuff work, but who normally finds himself as more of a Notwork Engineer than a Network Engineer.

My hope in making this blog is to help out anyone in the same boat as me, who finds themselves working for a larger company (where various Technologies and Vendors are thrust upon us, rather than bring coded in-house or self-chosen) - and to act as a a bit of a FAQ/How To, for the various stuff I'll be talking about. Ditto, I'd like to get a bit more involved in "the Community", rather than just being a ardent lurker; so doing this gives me a nice platform to contribute something back (quite what the worth of that will be, I'm not yet sure).

Things I reckon I'll talk about

A short list of things I hope I'll be talking about in coming posts and months:

  • Enterprise Networking
  • Service Provider Networking
  • Struggling to get to grips with Cloud stuff (I thought vPC was a Cisco thing, not an AWS thing...)
  • Juniper Firewalls and Routers
  • Cisco Routers, Switches, Firewalls, Wireless LAN Controllers, ISE Nodes, NAC, other gubbins
  • A dislike for the speed I can't do Visio diagrams at
  • Learning about SysAdmin and SysOps Linux black magic (SSH Tunneling - We proxied your TCP through an SSH Tunnel, so you can Proxy while you Proxy your Proxy, Bro)
  • Documenting those pesky Gotchas with pretty much every Vendor's newest "Never Breaks this, honest 'Guv" feature

Fancy getting in touch

Give me a Tweet @notworkd, or drop a comment on here.

Let's get the party started

Hmm, as soon as I find the "Play" button on this bad boy, I reckon we're in business with this Cloud jazz. Must be around here somewhere...

 undefined

Home