Use fallocate and SCP to quickly test Cisco network throughput

Monday, 16 Apr 2018

A rubber band, a paper clip and a drinking straw...

In a pinch where you can't use iPerf to test network throughput - either because you can't access/RDP onto a Windows/Linux host, or maybe can't download iPerf from the big bad Interwebs? I've been here before, and armed with the following tools (like a Network MacGyver), you can use Secure Copy (the FTP of the SSH world) and a bit of Linux standard binary to do much the same job:

  • Cisco (or Juniper) Switch or Router
    • RW/Admin/Priv 15 access to write a bit of config
  • Linux Box (for fallocate binary)
  • Network connectivity between said Linux Box and Cisco Router/Switch

Method

On the Linux Box

  1. Login to your Linux Box
  2. Issue the following command to create a 1 GB test file called "1gb-test.bin":
    1. fallocate -l 1G 1gb-test.bin
  3. Check your file is 1 GB in size:
    1. ls -l 1gb-test.bin

On the Cisco Switch/Router

  1. Login to your Cisco Router or Switch
  2. Enable SCP File Copy:
    1. // Cisco ASA Firewalls
      conf t
      scp copy enable
      end
      // Cisco Switches/Routers
      conf t
      ip scp server enable
      end
  3. (If ASA Firewall) Check your Management Firewall Rules allow SCP (TCP/22) transfer to the Cisco Switch/Router
  4. Get the Disk identifier for your SD Card/NVRAM (usually it's "disk0:" or "bootflash:") and check you have enough free space (1 GB in this example, or 1,073,741,824 bytes) for the file transfer:
    1. dir

Back on the Linux Box

  1. Copy your 1 GB test file "1gb-test.bin" from the Linux Box onto the Cisco Switch/Router/Firewall (in this example, my Router is running Disk0: as the NVRAM/Flash Volume):
    1. scp -v 1gb-test.bin <USERNAME>@<CISCO_IP_ADDRESS>:disk0:1gb-test.bin
  2. Watch the SCP File Transfer statistics, and/or...

Back on the Cisco Switch/Router

  1. Check the tx/rx rate on the interface you are expecting traffic to come in on:
    1. sh int | i Interface|Desc|rate|tx|rx
  2. (ProTip) If you've not change the stock setting, it's only sampled every 5 minutes; change that to 30 seconds (or similarly more-frequent) with:
    1. conf t
      interface X/Y
      load-interval 30
      end

Results

That's it; if you're using the correct interface you are bothered about, you are now doing a TCP/22 (SSH/SCP) transfer of a 1 GB test file from a Linux Box to your Cisco Router/Firewall/Switch. Bear in mind that it might not be the throughput rate you are expecting (or what the LAN/WAN Link can actually perform at), due to a few limiting factors:

  • NVRAM/Flash Medium transfer speed (microSD Cards in ASR's are faster than, say, CompactFlash in older ISR's)
  • CoPP (Control Plane Policing)
    • Technically, SCP is Control Plane operation to the Router/Switch rather than Data Plane through the Router/Switch, so your SCP copy might be being rate-limited by this

Don't forget to delete your test file when you're done, and note if the file copy doesn't complete, the file isn't pre-allocated on IOS - so a subsequent "dir" will show no data written to disk.

I've personally found this useful for minimal "stress-testing", or to try and invoke some legitimate LAN/WAN traffic to show up on a NetFlow Collector or SNMP Polling NMS (maybe something like LibreNMS).