Tags Archives: monitoring

Network Speed Testing Using iperf3

iperf is a command line utility which provides info about bandwidth, network delays and datagram loss. It can test both TCP and UDP throughput speeds.

 

To perform an iperf test you establish both a server machine as one end-point, which discards the test traffic, and a client machine, which generates test traffic.

 

 

iperf must be installed on both machines. For Debian/Ubuntu:

 

(in this case we are installing version iperf3)

 

apt update

 

apt install iperf3 -y

 

Re Firewalling

 

You must open TCP port 5001 on the server machine.

 

Using Ubuntu/Debian Linux you can do:

 

ufw allow from 10.147.18.0/24 to 10.147.18.0/24 port 5001 proto tcp

 

On CentOS/RHEL/Fedora:

 

firewall-cmd –zone=public –add-port=5001/tcp –permanent

 

 

For the purpose of the test I simply briefly disabled fwall on gemini.

 

I found I only needed to temporarily disable ufw on gemini not on the client.

 

Or you can do:

 

root@gemini:/home/kevin# ufw allow 5201
Rule added
Rule added (v6)
root@gemini:/home/kevin#

 

 

You can also change the port by passing the -p option (e.g. in this case to open and use TCP port 2456):

 

iperf3 -s -p 2456

 

 

Then start an iperf server on the server machine using iperf3 server mode:

iperf3 -s

 

so we do:

 

root@gemini:/home/kevin# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------

 

 

Next, start an iperf server on the client machine in iperf3 client mode:

 

iperf3 -c {ip-address-of-server}
iperf3 -c {ip-address-of-server} -p {tcp-port}

 

in our case, we want to test our VPN, so we enter the geminivpn IP, not the gemini external internet IP!

 

so we do:

 

iperf3 -c 10.147.18.185

 

the result:

 

root@gemini:/home/kevin# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 10.147.18.65, port 49458
[ 5] local 10.147.18.185 port 5201 connected to 10.147.18.65 port 49460
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 953 KBytes 7.80 Mbits/sec 
[ 5] 1.00-2.00 sec 1.18 MBytes 9.87 Mbits/sec 
[ 5] 2.00-3.00 sec 971 KBytes 7.96 Mbits/sec 
[ 5] 3.00-4.00 sec 1.13 MBytes 9.48 Mbits/sec 
[ 5] 4.00-5.00 sec 1.15 MBytes 9.61 Mbits/sec 
[ 5] 5.00-6.00 sec 1014 KBytes 8.31 Mbits/sec 
[ 5] 6.00-7.00 sec 1.10 MBytes 9.25 Mbits/sec 
[ 5] 7.00-8.00 sec 1.14 MBytes 9.59 Mbits/sec 
[ 5] 8.00-9.00 sec 1.14 MBytes 9.54 Mbits/sec 
[ 5] 9.00-10.00 sec 1.06 MBytes 8.88 Mbits/sec 
[ 5] 10.00-10.03 sec 32.2 KBytes 8.91 Mbits/sec 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.03 sec 10.8 MBytes 9.03 Mbits/sec receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------





root@len:/home/kevin# iperf3 -c 10.147.18.185
Connecting to host 10.147.18.185, port 5201
[ 5] local 10.147.18.65 port 49460 connected to 10.147.18.185 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 1.23 MBytes 10.3 Mbits/sec 1 88.6 KBytes 
[ 5] 1.00-2.00 sec 1.15 MBytes 9.61 Mbits/sec 5 77.8 KBytes 
[ 5] 2.00-3.00 sec 1.08 MBytes 9.10 Mbits/sec 7 51.0 KBytes 
[ 5] 3.00-4.00 sec 1.08 MBytes 9.10 Mbits/sec 0 77.8 KBytes 
[ 5] 4.00-5.00 sec 1.08 MBytes 9.10 Mbits/sec 0 96.6 KBytes 
[ 5] 5.00-6.00 sec 1.08 MBytes 9.10 Mbits/sec 4 48.3 KBytes 
[ 5] 6.00-7.00 sec 1.08 MBytes 9.10 Mbits/sec 0 75.1 KBytes 
[ 5] 7.00-8.00 sec 1.08 MBytes 9.10 Mbits/sec 0 93.9 KBytes 
[ 5] 8.00-9.00 sec 1.08 MBytes 9.10 Mbits/sec 1 83.2 KBytes 
[ 5] 9.00-10.00 sec 1.08 MBytes 9.10 Mbits/sec 5 34.9 KBytes 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 11.1 MBytes 9.27 Mbits/sec 23 sender
[ 5] 0.00-10.03 sec 10.8 MBytes 9.03 Mbits/sec receiver

iperf Done.
root@len:/home/kevin#





root@intel:~# iperf3 -c 10.147.18.185
Connecting to host 10.147.18.185, port 5201
[ 5] local 10.147.18.84 port 46324 connected to 10.147.18.185 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 1.45 MBytes 12.1 Mbits/sec 10 48.3 KBytes 
[ 5] 1.00-2.00 sec 926 KBytes 7.58 Mbits/sec 3 51.0 KBytes 
[ 5] 2.00-3.00 sec 1.08 MBytes 9.10 Mbits/sec 0 77.8 KBytes 
[ 5] 3.00-4.00 sec 1.08 MBytes 9.10 Mbits/sec 13 32.2 KBytes 
[ 5] 4.00-5.00 sec 926 KBytes 7.58 Mbits/sec 1 53.7 KBytes 
[ 5] 5.00-6.00 sec 1.27 MBytes 10.6 Mbits/sec 1 56.4 KBytes 
[ 5] 6.00-7.00 sec 1.15 MBytes 9.61 Mbits/sec 1 53.7 KBytes 
[ 5] 7.00-8.00 sec 1.08 MBytes 9.10 Mbits/sec 1 64.4 KBytes 
[ 5] 8.00-9.00 sec 1.08 MBytes 9.10 Mbits/sec 1 64.4 KBytes 
[ 5] 9.00-10.00 sec 1.08 MBytes 9.10 Mbits/sec 2 45.6 KBytes 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 11.1 MBytes 9.30 Mbits/sec 33 sender
[ 5] 0.00-10.03 sec 10.8 MBytes 9.03 Mbits/sec receiver

iperf Done.
root@intel:~#


root@asus:/home/kevin# iperf3 -c 10.147.18.185
Connecting to host 10.147.18.185, port 5201
[ 5] local 10.147.18.14 port 43012 connected to 10.147.18.185 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 1.31 MBytes 10.9 Mbits/sec 1 93.9 KBytes

[ 5] 1.00-2.00 sec 1.08 MBytes 9.10 Mbits/sec 0 113 KBytes 
[ 5] 2.00-3.00 sec 1.21 MBytes 10.1 Mbits/sec 2 93.9 KBytes 
[ 5] 3.00-4.00 sec 741 KBytes 6.07 Mbits/sec 11 26.8 KBytes 
[ 5] 4.00-5.00 sec 802 KBytes 6.57 Mbits/sec 1 51.0 KBytes 
[ 5] 5.00-6.00 sec 1.08 MBytes 9.10 Mbits/sec 0 75.1 KBytes 
[ 5] 6.00-7.00 sec 1.02 MBytes 8.60 Mbits/sec 1 72.5 KBytes 
[ 5] 7.00-8.00 sec 1.02 MBytes 8.59 Mbits/sec 1 64.4 KBytes 
[ 5] 8.00-9.00 sec 1.08 MBytes 9.11 Mbits/sec 0 85.9 KBytes 
[ 5] 9.00-10.00 sec 1.08 MBytes 9.10 Mbits/sec 1 77.8 KBytes 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 10.4 MBytes 8.73 Mbits/sec 18 sender
[ 5] 0.00-10.07 sec 10.2 MBytes 8.51 Mbits/sec receiver

iperf Done.
root@asus:/home/kevin#

 

I then closed down the zerotier VPN on len and did a test from len via the external internet to gemini, ie not using the VPN:

 

root@len:/home/kevin# systemctl stop zerotier-one

(obviously at that point the vpn connection lost as I was connected via an ssh session).

 

root@gemini:/home/kevin# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 5.146.192.17, port 59644
[ 5] local 45.76.140.242 port 5201 connected to 5.146.192.17 port 59646
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 974 KBytes 7.97 Mbits/sec 
[ 5] 1.00-2.00 sec 1.14 MBytes 9.55 Mbits/sec 
[ 5] 2.00-3.00 sec 1.16 MBytes 9.73 Mbits/sec 
[ 5] 3.00-4.00 sec 1.15 MBytes 9.61 Mbits/sec 
[ 5] 4.00-5.00 sec 1.12 MBytes 9.43 Mbits/sec 
[ 5] 5.00-6.00 sec 1.16 MBytes 9.73 Mbits/sec 
[ 5] 6.00-7.00 sec 1.11 MBytes 9.27 Mbits/sec 
[ 5] 7.00-8.00 sec 1.16 MBytes 9.70 Mbits/sec 
[ 5] 8.00-9.00 sec 1.08 MBytes 9.07 Mbits/sec 
[ 5] 9.00-10.00 sec 1.14 MBytes 9.57 Mbits/sec 
[ 5] 10.00-10.03 sec 28.9 KBytes 9.35 Mbits/sec 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.03 sec 11.2 MBytes 9.36 Mbits/sec receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------

 

 

There was no difference in speed. No difference in speed either if len is disconnected from vpn, the other clients show same speeds.


root@gemini:/home/kevin# ufw allow 5201
Rule added
Rule added (v6)
root@gemini:/home/kevin# 
root@gemini:/home/kevin# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 10.147.18.84, port 46580
[ 5] local 10.147.18.185 port 5201 connected to 10.147.18.84 port 46582
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 1.07 MBytes 8.97 Mbits/sec 
[ 5] 1.00-2.00 sec 1.00 MBytes 8.40 Mbits/sec 
[ 5] 2.00-3.00 sec 1.01 MBytes 8.46 Mbits/sec 
[ 5] 3.00-4.00 sec 1.13 MBytes 9.48 Mbits/sec 
[ 5] 4.00-5.00 sec 1.14 MBytes 9.56 Mbits/sec 
[ 5] 5.00-6.00 sec 1.07 MBytes 8.99 Mbits/sec 
[ 5] 6.00-7.00 sec 993 KBytes 8.13 Mbits/sec 
[ 5] 7.00-8.00 sec 1.13 MBytes 9.45 Mbits/sec 
[ 5] 8.00-9.00 sec 1.13 MBytes 9.52 Mbits/sec 
[ 5] 9.00-10.00 sec 1.12 MBytes 9.43 Mbits/sec 
[ 5] 10.00-10.05 sec 53.7 KBytes 9.37 Mbits/sec 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.05 sec 10.8 MBytes 9.04 Mbits/sec receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
^X^Z
[1]+ Stopped iperf3 -s
root@gemini:/home/kevin# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@gemini:/home/kevin#




root@intel:~# iperf3 -c 10.147.18.185
Connecting to host 10.147.18.185, port 5201
[ 5] local 10.147.18.84 port 46582 connected to 10.147.18.185 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 1.46 MBytes 12.3 Mbits/sec 1 85.9 KBytes 
[ 5] 1.00-2.00 sec 926 KBytes 7.58 Mbits/sec 11 26.8 KBytes 
[ 5] 2.00-3.00 sec 1.08 MBytes 9.10 Mbits/sec 0 59.0 KBytes 
[ 5] 3.00-4.00 sec 1.08 MBytes 9.10 Mbits/sec 1 59.0 KBytes 
[ 5] 4.00-5.00 sec 1.08 MBytes 9.10 Mbits/sec 0 83.2 KBytes 
[ 5] 5.00-6.00 sec 1.08 MBytes 9.10 Mbits/sec 11 32.2 KBytes 
[ 5] 6.00-7.00 sec 1.08 MBytes 9.10 Mbits/sec 1 56.4 KBytes 
[ 5] 7.00-8.00 sec 1.08 MBytes 9.10 Mbits/sec 0 80.5 KBytes 
[ 5] 8.00-9.00 sec 1.15 MBytes 9.61 Mbits/sec 1 75.1 KBytes 
[ 5] 9.00-10.00 sec 1.08 MBytes 9.10 Mbits/sec 5 53.7 KBytes 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 11.1 MBytes 9.32 Mbits/sec 31 sender
[ 5] 0.00-10.05 sec 10.8 MBytes 9.04 Mbits/sec receiver

iperf Done.
root@intel:~# 
root@gemini:/home/kevin# ufw deny 5201
Rule updated
Rule updated (v6)
root@gemini:/home/kevin#

 

I then also did a speed test using two laptops, rather than the server. speed test with iperf3 from asus to intel is much faster:

 

 

root@asus:/home/kevin/LOCAL# iperf3 -c intelvpn 
Connecting to host intelvpn, port 5201
[ 5] local 10.147.18.14 port 50668 connected to 10.147.18.84 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 4.00 MBytes 33.6 Mbits/sec 1 252 KBytes 
[ 5] 1.00-2.00 sec 4.82 MBytes 40.5 Mbits/sec 2 271 KBytes 
[ 5] 2.00-3.00 sec 4.64 MBytes 38.9 Mbits/sec 0 295 KBytes 
[ 5] 3.00-4.00 sec 5.49 MBytes 46.0 Mbits/sec 1 317 KBytes 
[ 5] 4.00-5.00 sec 5.85 MBytes 49.0 Mbits/sec 0 344 KBytes 
[ 5] 5.00-6.00 sec 6.21 MBytes 52.1 Mbits/sec 9 263 KBytes 
[ 5] 6.00-7.00 sec 4.28 MBytes 35.9 Mbits/sec 1 293 KBytes 
[ 5] 7.00-8.00 sec 5.42 MBytes 45.5 Mbits/sec 1 317 KBytes 
[ 5] 8.00-9.00 sec 7.11 MBytes 59.7 Mbits/sec 3 338 KBytes 
[ 5] 9.00-10.00 sec 6.81 MBytes 57.1 Mbits/sec 9 255 KBytes 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 54.6 MBytes 45.8 Mbits/sec 27 sender
[ 5] 0.00-10.04 sec 53.8 MBytes 44.9 Mbits/sec receiver

iperf Done.
root@asus:/home/kevin/LOCAL#




root@intel:/home/kevin# ufw allow 5201
Rule added
Rule added (v6)
root@intel:/home/kevin# iperf3 -s 
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 10.147.18.14, port 50666
[ 5] local 10.147.18.84 port 5201 connected to 10.147.18.14 port 50668
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 3.60 MBytes 30.2 Mbits/sec 
[ 5] 1.00-2.00 sec 4.62 MBytes 38.7 Mbits/sec 
[ 5] 2.00-3.00 sec 4.53 MBytes 38.0 Mbits/sec 
[ 5] 3.00-4.00 sec 5.47 MBytes 45.9 Mbits/sec 
[ 5] 4.00-5.00 sec 6.03 MBytes 50.6 Mbits/sec 
[ 5] 5.00-6.00 sec 5.80 MBytes 48.7 Mbits/sec 
[ 5] 6.00-7.00 sec 4.20 MBytes 35.3 Mbits/sec 
[ 5] 7.00-8.00 sec 5.86 MBytes 49.2 Mbits/sec 
[ 5] 8.00-9.00 sec 6.74 MBytes 56.5 Mbits/sec 
[ 5] 9.00-10.00 sec 6.71 MBytes 56.3 Mbits/sec 
[ 5] 10.00-10.04 sec 215 KBytes 48.3 Mbits/sec 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.04 sec 53.8 MBytes 44.9 Mbits/sec receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------








a bit slower with the len to intel:


root@len:/home/kevin# iperf3 -c intelvpn
Connecting to host intelvpn, port 5201
[ 5] local 10.147.18.65 port 55332 connected to 10.147.18.84 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 4.24 MBytes 35.6 Mbits/sec 1 204 KBytes 
[ 5] 1.00-2.00 sec 3.98 MBytes 33.4 Mbits/sec 2 225 KBytes 
[ 5] 2.00-3.00 sec 3.92 MBytes 32.9 Mbits/sec 1 247 KBytes 
[ 5] 3.00-4.00 sec 4.10 MBytes 34.4 Mbits/sec 7 188 KBytes 
[ 5] 4.00-5.00 sec 4.22 MBytes 35.4 Mbits/sec 0 233 KBytes 
[ 5] 5.00-6.00 sec 4.16 MBytes 34.9 Mbits/sec 0 258 KBytes 
[ 5] 6.00-7.00 sec 4.04 MBytes 33.9 Mbits/sec 0 268 KBytes 
[ 5] 7.00-8.00 sec 3.68 MBytes 30.8 Mbits/sec 0 282 KBytes 
[ 5] 8.00-9.00 sec 3.92 MBytes 32.9 Mbits/sec 0 301 KBytes 
[ 5] 9.00-10.00 sec 3.74 MBytes 31.3 Mbits/sec 0 319 KBytes 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 40.0 MBytes 33.5 Mbits/sec 11 sender
[ 5] 0.00-10.08 sec 39.7 MBytes 33.0 Mbits/sec receiver

iperf Done.
root@len:/home/kevin#


#



from len to asus:

 

root@len:/home/kevin# iperf3 -c asusvpn
Connecting to host asusvpn, port 5201
[ 5] local 10.147.18.65 port 59526 connected to 10.147.18.14 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 3.41 MBytes 28.6 Mbits/sec 1 169 KBytes 
[ 5] 1.00-2.00 sec 1.81 MBytes 15.2 Mbits/sec 18 102 KBytes 
[ 5] 2.00-3.00 sec 3.92 MBytes 32.9 Mbits/sec 1 145 KBytes 
[ 5] 3.00-4.00 sec 4.64 MBytes 38.9 Mbits/sec 0 185 KBytes 
[ 5] 4.00-5.00 sec 2.35 MBytes 19.7 Mbits/sec 8 102 KBytes 
[ 5] 5.00-6.00 sec 1.63 MBytes 13.7 Mbits/sec 0 129 KBytes 
[ 5] 6.00-7.00 sec 3.44 MBytes 28.8 Mbits/sec 1 156 KBytes 
[ 5] 7.00-8.00 sec 4.10 MBytes 34.4 Mbits/sec 4 150 KBytes 
[ 5] 8.00-9.00 sec 2.53 MBytes 21.2 Mbits/sec 6 126 KBytes 
[ 5] 9.00-10.00 sec 1.57 MBytes 13.1 Mbits/sec 2 145 KBytes 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 29.4 MBytes 24.6 Mbits/sec 41 sender
[ 5] 0.00-10.01 sec 29.1 MBytes 24.4 Mbits/sec receiver

iperf Done.
root@len:/home/kevin#

root@asus:/# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 10.147.18.65, port 59524
[ 5] local 10.147.18.14 port 5201 connected to 10.147.18.65 port 59526
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 3.01 MBytes 25.2 Mbits/sec 
[ 5] 1.00-2.00 sec 1.71 MBytes 14.4 Mbits/sec 
[ 5] 2.00-3.00 sec 3.99 MBytes 33.5 Mbits/sec 
[ 5] 3.00-4.00 sec 4.57 MBytes 38.4 Mbits/sec 
[ 5] 4.00-5.00 sec 2.43 MBytes 20.4 Mbits/sec 
[ 5] 5.00-6.00 sec 1.64 MBytes 13.7 Mbits/sec 
[ 5] 6.00-7.00 sec 3.41 MBytes 28.6 Mbits/sec 
[ 5] 7.00-8.00 sec 4.10 MBytes 34.4 Mbits/sec 
[ 5] 8.00-9.00 sec 2.60 MBytes 21.8 Mbits/sec 
[ 5] 9.00-10.00 sec 1.67 MBytes 14.0 Mbits/sec 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 29.1 MBytes 24.4 Mbits/sec receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------




root@len:~# iperf3
iperf3: parameter error - must either be a client (-c) or server (-s)

Usage: iperf3 [-s|-c host] [options]
iperf3 [-h|--help] [-v|--version]

Server or Client:
-p, --port # server port to listen on/connect to
-f, --format [kmgtKMGT] format to report: Kbits, Mbits, Gbits, Tbits
-i, --interval # seconds between periodic throughput reports
-F, --file name xmit/recv the specified file
-A, --affinity n/n,m set CPU affinity
-B, --bind <host> bind to the interface associated with the address <host>
-V, --verbose more detailed output
-J, --json output in JSON format
--logfile f send output to a log file
--forceflush force flushing output at every interval
-d, --debug emit debugging output
-v, --version show version information and quit
-h, --help show this message and quit
Server specific:
-s, --server run in server mode
-D, --daemon run the server as a daemon
-I, --pidfile file write PID file
-1, --one-off handle one client connection then exit
--rsa-private-key-path path to the RSA private key used to decrypt
authentication credentials
--authorized-users-path path to the configuration file containing user
credentials
Client specific:
-c, --client <host> run in client mode, connecting to <host>
--sctp use SCTP rather than TCP
-X, --xbind <name> bind SCTP association to links
--nstreams # number of SCTP streams
-u, --udp use UDP rather than TCP
--connect-timeout # timeout for control connection setup (ms)
-b, --bitrate #[KMG][/#] target bitrate in bits/sec (0 for unlimited)
(default 1 Mbit/sec for UDP, unlimited for TCP)
(optional slash and packet count for burst mode)
--pacing-timer #[KMG] set the timing for pacing, in microseconds (default 1000)
--fq-rate #[KMG] enable fair-queuing based socket pacing in
bits/sec (Linux only)
-t, --time # time in seconds to transmit for (default 10 secs)
-n, --bytes #[KMG] number of bytes to transmit (instead of -t)
-k, --blockcount #[KMG] number of blocks (packets) to transmit (instead of -t or -n)
-l, --length #[KMG] length of buffer to read or write
(default 128 KB for TCP, dynamic or 1460 for UDP)
--cport <port> bind to a specific client port (TCP and UDP, default: ephemeral port)
-P, --parallel # number of parallel client streams to run
-R, --reverse run in reverse mode (server sends, client receives)
--bidir run in bidirectional mode.
Client and server send and receive data.
-w, --window #[KMG] set window size / socket buffer size
-C, --congestion <algo> set TCP congestion control algorithm (Linux and FreeBSD only)
-M, --set-mss # set TCP/SCTP maximum segment size (MTU - 40 bytes)
-N, --no-delay set TCP/SCTP no delay, disabling Nagle's Algorithm
-4, --version4 only use IPv4
-6, --version6 only use IPv6
-S, --tos N set the IP type of service, 0-255.
The usual prefixes for octal and hex can be used,
i.e. 52, 064 and 0x34 all specify the same value.
--dscp N or --dscp val set the IP dscp value, either 0-63 or symbolic.
Numeric values can be specified in decimal,
octal and hex (see --tos above).
-L, --flowlabel N set the IPv6 flow label (only supported on Linux)
-Z, --zerocopy use a 'zero copy' method of sending data
-O, --omit N omit the first n seconds
-T, --title str prefix every output line with this string
--extra-data str data string to include in client and server JSON
--get-server-output get results from server
--udp-counters-64bit use 64-bit counters in UDP test packets
--repeating-payload use repeating pattern in payload, instead of
randomized payload (like in iperf2)
--username username for authentication
--rsa-public-key-path path to the RSA public key used to encrypt
authentication credentials

[KMG] indicates options that support a K/M/G suffix for kilo-, mega-, or giga-

iperf3 homepage at: https://software.es.net/iperf/
Report bugs to: https://github.com/esnet/iperf
root@len:~#


 

Continue Reading

LPIC3 DIPLOMA Linux Clustering – LAB NOTES: Lesson Monit

 

Monit is an open source utility for monitoring services on Linux systems and keeping them running.

 

If for any reason a monitored service shuts down, Monit will attempt to bring it back online.

 

Monit also comes with a web interface which can also be used to control and monitor services.

 

To install Monit

 

(instructions for Debian/Ubuntu systems):

 

apt-get install monit

 

systemctl enable –now monit

 

 

 

How To Configure Monit

 

Monit configuration files are located under /etc/monit/ directory.

 

The main configuration file is /etc/monit/monitrc.

 

All files in /etc/monit/conf.d/ and /etc/monit/conf-enabled/ are read by monit when started.

 

 

Monit has an embedded HTTP interface for viewing service status via a web interface.

 

By default monit HTTP interface is not enabled. To enable uncomment the following lines in /etc/monit/monitrc

 

nano /etc/monit/monitrc

 

set httpd port 2812 and
use address localhost # only accept connection from localhost
allow localhost # allow localhost to connect to the server and
allow admin:monit # require user ‘admin’ with password ‘monit’

 

# NOTE: make sure you change these to something else in online or production environments!

 

 

You can change admin:monit to use another username and password. To connect from a different IP, add:

 

allow <IP Address>

 

then restart:

 

systemctl restart monit

 

 

How To Use Monit

 

 

To display system status with monit:

 

monit status

 

root@intel:~# monit summary
Monit 5.26.0 uptime: 0m
┌─────────────────────────────────┬────────────────────────────┬───────────────┐
│ Service Name │ Status │ Type │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ intel │ OK │ System │
└─────────────────────────────────┴────────────────────────────┴───────────────┘
root@intel:~#

 

root@intel:~# monit status
Monit 5.26.0 uptime: 0m

 

System ‘intel’
status OK
monitoring status Monitored
monitoring mode active
on reboot start
load average [0.22] [0.48] [0.57]
cpu 0.0%us 0.0%sy 0.0%wa
memory usage 2.0 GB [26.3%]
swap usage 0 B [0.0%]
uptime 26m
boot time Mon, 17 May 2021 14:04:37
data collected Mon, 17 May 2021 14:31:10

 

root@intel:~#

 

 

 

To check config:

 

monit -t

 

root@intel:~# monit -t
Control file syntax OK
root@intel:~#

 

 

To reload config after changes:

 

monit reload

 

root@intel:~# monit reload
Reinitializing monit daemon
root@intel:~#

 

to start running all monitored programs:

 

monit start all

 

 

To access Monit Web Interface:

 

http://[ip-address|domain]:2812

Login with username “admin” and password “monit”.

 

To allow access to port from remote IPs through the firewall, run:

 

root@intel:~# ufw allow 2812
Rules updated
Rules updated (v6)
root@intel:~#

 

 

How to Configure Monit Web Interface to use SSL/TLS HTTPS

 

 

In directory  /etc/monit/  prepare the config file monit.cnf:

 

# create RSA certs – Server

RANDFILE = ./openssl.rnd

[ req ]
default_bits = 2048
default_md = sha256
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type

[ req_dn ]
countryName = Country Name (2 letter code)
countryName_default = UK

stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = England

localityName = Locality Name (eg, city)
localityName_default = London

organizationName = Organization Name (eg, company)
organizationName_default = kevwells.com

organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = kevwells.com

commonName = Common Name (FQDN of your server)
commonName_default = kevwells.com

emailAddress = Email Address
emailAddress_default = mmonit@kevwells.com

[ cert_type ]
nsCertType = server

 

 

save above as monit.cnf

 

then still within the /etc/monit directory where you have just saved monit.cnf  run these commands to generate the pemfile :

 

 

# Generates the private key and the certificate
openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /etc/ssl/certs/monit.pem \
-keyout /etc/ssl/certs/monit.pem

 

# Generates the Diffie-Hellman Parameters
openssl dhparam -2 2048 >> /etc/ssl/certs/monit.pem

 

# Set mode
chmod 600 /etc/ssl/certs/monit.pem

 

# Prints out the certificate information
openssl x509 -text -noout -in /etc/ssl/certs/monit.pem

 

 

root@gemini:/etc/monit# openssl dhparam -2 2048 >> /etc/ssl/certs/monit.pem
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
……………………………………………………………+.

 

 

then after doing

 

openssl x509 -text -noout -in /etc/ssl/certs/monit.pem

 

do:

 

root@gemini:/etc/monit# monit -t
Control file syntax OK

root@gemini:/etc/monit# systemctl restart monit
root@gemini:/etc/monit# systemctl status monit
● monit.service – LSB: service and resource monitoring daemon
Loaded: loaded (/etc/init.d/monit; generated)
Active: active (running) since Mon 2021-05-17 14:09:10 BST; 5s ago
Docs: man:systemd-sysv-generator(8)
Process: 13001 ExecStart=/etc/init.d/monit start (code=exited, status=0/SUCCESS)
Tasks: 2 (limit: 2280)
Memory: 1.2M
CGroup: /system.slice/monit.service
└─13018 /usr/bin/monit -c /etc/monit/monitrc

 

May 17 14:09:10 gemini systemd[1]: Starting LSB: service and resource monitoring daemon…
May 17 14:09:10 gemini monit[13001]: * Starting daemon monitor monit
May 17 14:09:10 gemini monit[13001]: …done.
May 17 14:09:10 gemini systemd[1]: Started LSB: service and resource monitoring daemon.
root@gemini:/etc/monit#

 

You can then access the monitoring web interface with:

 

https://kevwells.com:2812

 

(enter username and password when prompted – these have been changed from the standard)

 

Continue Reading