Friday, 27 March 2015

How to Run IPerf Traffic on same Computer with two Interfaces


Setup:

           Linux PC/Device -----------Eth1--------|
                                  |                            | Loopback cable
                                   |-------------Eth2------- |

Requirements:

  The Iperf traffic should pass externally from the Ethernet interfaces which are connected using Ethernet cable..

Problem:

We have one interface which is called as loopback interface (lo). When we ping or send traffic to test local interface it is the loopback interface which replies.

Lets say we have three interfaces on Linux PC eth1, eth2 and lo (loopback interface). 

Commands

Ifconfig eth1 10.1.1.1 netmask 255.255.255.0 up
ifconfig eth2 10.2.1.1 netmask 255.255.255.0 up

ifconfig -> Verify loopback interface is up

ping 10.1.1.1 -> Reply will come

ping 10.2.1.1 -> Reply will come

Now disable loopback interface

ifconfig lo down

ping 10.1.1.1 -> Reply will not come

ping 10.2.1.1 -> Reply will not come

So the problem is if the loopback interface is present this interface will reply and the packets will not go from out side the cable or in other words the kernel detects that the destination is a local one, so the traffic is looped back to the machine itself without going through eth1 or eth2.


Solution

Got solution using NAT iptables rules as described in below reference link.


ifconfig eth0 10.50.0.1 netmask 255.255.255.0
ifconfig eth1 10.50.1.1 netmask 255.255.255.0
iptables -t nat -L
iptables -t nat -A POSTROUTING -s 10.50.0.1 -d 10.60.1.1 -j SNAT --to-source 10.60.0.1
iptables -t nat -A PREROUTING -d 10.60.0.1 -j DNAT --to-destination 10.50.0.1
iptables -t nat -A POSTROUTING -s 10.50.1.1 -d 10.60.0.1 -j SNAT --to-source 10.60.1.1
iptables -t nat -A PREROUTING -d 10.60.1.1 -j DNAT --to-destination 10.50.1.1
ip route add 10.60.1.1 dev eth0
arp -i eth0 -s 10.60.1.1 00:22:45:f1:18:53 # eth1's mac address
ip route add 10.60.0.1 dev eth1
arp -i eth1 -s 10.60.0.1 02:22:23:f1:18:52 # eth0's mac address
ping 10.60.1.1

Using above commands it was possible to force the traffic outside the cable.

Once setup is ready, run the Iperf server and client on the PC.

# server
iperf -B 10.50.0.1 -s -u -w 256k -l 1KB &
# client
iperf -B 10.50.1.1 -c 10.60.0.1 -u -b 600M -w 256k -l 1KB -P 10 -t 60

8 comments:

  1. Any idea how to do the same on Windows?

    ReplyDelete
  2. I believe its possible but definitely not easy. Got below information from one of the links:

    http://serverfault.com/questions/390274/windows-firewalls-iptables-equivalent



    The only real native firewall management within the Windows GUI (beyond enable/disable radio buttons) is handled in the 'Windows Firewall with Advanced Security' management console. Creating inbound and outbound rules, you will be able to match a rule configuration with each IPTable command you are seeking. If command line is required, import the NetSecurity PowerShell module where you can use cmdlets like New-NetFirewallRule and others to manage. Although not a one-to-one translation in your case.

    Alternatively, might check out Windows Firewall Notifier, it basically enables firewall logging, parses in realtime and displays into a GUI where you can monitor and exceptions/rules to incoming and outgoing traffic. I've found it very useful in troubleshooting scenarios for traffic mgmt, then usually disable/remove after identifying the rule definitions and configuring in the Advanced Security console. Link: http://wokhan.online.fr/progs.php?sec=WFN

    ReplyDelete
  3. I cannot ping.

    Do I need Cross Cable ?

    ReplyDelete
    Replies
    1. Depends on the type of interfaces you are trying to connect, When connecting an MDI port to an MDI-X port a straight through cable is used while to connect two MDI ports or two MDI-X ports a crossover cable should be used.

      Delete
    2. I cannot ping can you help me..
      root@phyCORE-AM335x:~ iptables -t nat -L
      Chain PREROUTING (policy ACCEPT)
      target prot opt source destination
      DNAT all -- anywhere 10.60.0.1 to:10.50.0.1
      DNAT all -- anywhere 10.60.1.1 to:10.50.1.1

      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination

      Chain POSTROUTING (policy ACCEPT)
      target prot opt source destination
      SNAT all -- 10.50.0.1 10.60.1.1 to:10.60.0.1
      SNAT all -- 10.50.1.1 10.60.0.1 to:10.60.1.1
      root@phyCORE-AM335x:~ ip route
      10.0.0.0/8 dev eth0 proto kernel scope link src 10.50.0.1
      10.50.1.0/24 dev eth1 proto kernel scope link src 10.50.1.1
      10.60.0.1 dev eth1 scope link
      10.60.1.1 dev eth0 scope link

      Delete
    3. Did you add ARP static entries ?

      "10.0.0.0/8 dev eth0 proto kernel scope link src 10.50.0.1"

      should be

      "10.0.0.0/24 dev eth0 proto kernel scope link src 10.50.0.1"

      Try and let us know.

      Delete
    4. This the output now

      root@phyCORE-AM335x:~ ip route
      10.50.0.0/24 dev eth0 proto kernel scope link src 10.50.0.1
      10.50.1.0/24 dev eth1 proto kernel scope link src 10.50.1.1
      10.60.0.1 dev eth1 scope link
      10.60.1.1 dev eth0 scope link

      disabled loop back now.

      eth0<----->eth1

      cannot ping

      ping 10.50.0.1

      Delete
  4. Is it possible to use iperf client and server on single interface ?

    eth0 <------> eth0

    I want to measure the speed of the ethernet controller by using loopback on ethernet cable.

    ReplyDelete

Related Posts Plugin for WordPress, Blogger...