Use fallocate and SCP to quickly test Cisco network throughput
A rubber band, a paper clip and a drinking straw...
In a pinch where you can't use iPerf to test network throughput - either because you can't access/RDP onto a Windows/Linux host, or maybe can't download iPerf from the big bad Interwebs? I've been here before, and armed with the following tools (like a Network MacGyver), you can use Secure Copy (the FTP of the SSH world) and a bit of Linux standard binary to do much the same job:
- Cisco (or Juniper) Switch or Router
- RW/Admin/Priv 15 access to write a bit of config
- Linux Box (for fallocate binary)
- Depending on your Cisco Appliances (ISE, ACS, NCS), if they run ADE-OS, you might be able to access ADE-OS Linux-like shell
- Network connectivity between said Linux Box and Cisco Router/Switch
Method
On the Linux Box
- Login to your Linux Box
- Issue the following command to create a 1 GB test file called "1gb-test.bin":
fallocate -l 1G 1gb-test.bin
- Check your file is 1 GB in size:
ls -l 1gb-test.bin
On the Cisco Switch/Router
- Login to your Cisco Router or Switch
- Enable SCP File Copy:
// Cisco ASA Firewalls conf t scp copy enable end // Cisco Switches/Routers conf t ip scp server enable end
- (If ASA Firewall) Check your Management Firewall Rules allow SCP (TCP/22) transfer to the Cisco Switch/Router
- Get the Disk identifier for your SD Card/NVRAM (usually it's "disk0:" or "bootflash:") and check you have enough free space (1 GB in this example, or 1,073,741,824 bytes) for the file transfer:
dir
Back on the Linux Box
- Copy your 1 GB test file "1gb-test.bin" from the Linux Box onto the Cisco Switch/Router/Firewall (in this example, my Router is running Disk0: as the NVRAM/Flash Volume):
scp -v 1gb-test.bin <USERNAME>@<CISCO_IP_ADDRESS>:disk0:1gb-test.bin
- Watch the SCP File Transfer statistics, and/or...
Back on the Cisco Switch/Router
- Check the tx/rx rate on the interface you are expecting traffic to come in on:
sh int | i Interface|Desc|rate|tx|rx
- (ProTip) If you've not change the stock setting, it's only sampled every 5 minutes; change that to 30 seconds (or similarly more-frequent) with:
conf t interface X/Y load-interval 30 end
Results
That's it; if you're using the correct interface you are bothered about, you are now doing a TCP/22 (SSH/SCP) transfer of a 1 GB test file from a Linux Box to your Cisco Router/Firewall/Switch. Bear in mind that it might not be the throughput rate you are expecting (or what the LAN/WAN Link can actually perform at), due to a few limiting factors:
- NVRAM/Flash Medium transfer speed (microSD Cards in ASR's are faster than, say, CompactFlash in older ISR's)
- CoPP (Control Plane Policing)
- Technically, SCP is Control Plane operation to the Router/Switch rather than Data Plane through the Router/Switch, so your SCP copy might be being rate-limited by this
Don't forget to delete your test file when you're done, and note if the file copy doesn't complete, the file isn't pre-allocated on IOS - so a subsequent "dir" will show no data written to disk.
I've personally found this useful for minimal "stress-testing", or to try and invoke some legitimate LAN/WAN traffic to show up on a NetFlow Collector or SNMP Polling NMS (maybe something like LibreNMS).