Re: Is it possible to use Iperf behind a NAT?
On Fri, Dec 20, 2002 at 11:31:49AM -0800, Daniel Spisak wrote:
> I've been working on a web-based, database driven interface to Iperf
> for network throughput spot testing and have pretty much finished that.
> However, in talking with my peers it becomes obvious to me that my
> current solution as architected doesn't work in situation where one
> side of the Iperf test falls behind a NATed Ip address behind a router.
> I've been trying to think of an easy way to get around this
> limitation with Iperf but I am coming up blank. Best I can think of so
> far is to write a Java app that would download a file of fixed size to
> a users browser and then use that same file for an upstream throughput
> test and then time the transfers. This is not ideal I realize and I
> would much rather use the great work everyone has put into Iperf as I
> trust its reported numbers.
First off, I'm not quite sure what the setup is here. Do you have a
collection of machines that can participate in these tests or are you
testing from the user's brower to the server?
Putting an Iperf server process behind a NAT requires that the NAT box have
a static configuration forwarding the appropriate port through the NAT to
the desired machine behind the NAT. If you are already installing software
at each site to handle the testing, it may not be such a big deal to have
the static mapping added.
However, Kevin has been working on adding a feature to Iperf that will do
testing in both directions. That is the client will contact the server and
it will do a test one direction and then test the other. Assuming that we
use the same TCP connection for both directions, it will Just Work (TM).
Additionally, I'm not sure how NAT translations get expired. If they watch
for a FIN the following idea won't work. Consider the following diagram:
Host A -- NAT --- ( Internet ) --- Host B
Have host A establish a connection to host B (A is the client, B is the
server). That will give you performance in one direction. Note what
ephemeral port the traffic from host A uses (and what IP address it comes
from since it will actually be the external address of the NAT box). Then
Host A could setup a server process on the port that it just used as a
client and then B could connect back.
I just tested this though a FreeBSD NAT running ipfilter. It seems to work.
There is one trick though -- the client on host B trying to connect to the
server on host A needs to set it's outgoing port number to the port that the
server process was listening on (the Iperf default is 5001). This is
because NAT is a 4 way tuple (src addr, dst addr, src port, dst port).
Iperf doesn't presently support this, but it could be added easily -- if you
do decide to add it please send us the patch.
> Additionally, is there any reason that the Jperf java app of Iperf is
> no longer included in the Iperf source? I only see it in the archived
> 1.1.1 version so far.
It fell way behind the actual state of Iperf, so we pulled it out for the
present. The plan is to release an updated Java interface as a seperate
project. Look for it in the coming months.
> I guess I'm wondering if it would be possible to somehow alter the old
> Java Iperf client to work in the NAT scenario I've described above.
I don't see how the Iperf app helps at all -- it just executes an iperf
binary with the command line switches you select. If you run it in the
browser it won't be able to talk to a native Iperf binary due to browser
security restrictions and the fact that it won't likely be on most people's
systems. Maybe I'm missing something here.
I hope this helps.
Jon
--
Jon Dugan | Senior Network Engineer, NCSA Network Research
jdugan --at-- ncsa.uiuc.edu | 269 CAB, 605 E Springfield, Champaign, IL 61820
217-244-7715 | http://www.ncsa.uiuc.edu/~jdugan/