iperf

Date created: Friday, October 18, 2024 10:23:38 AM. Last modified: Friday, October 18, 2024 10:29:09 AM

iperf

References
https://arista.my.site.com/AristaCommunity/s/article/default-control-plane-acl-explained

Control Plane ACL

EOS has a default auto-generated control-plane ACL.

lab#show ip access-lists default-control-plane-acl
IP Access List default-control-plane-acl [readonly]
        counters per-entry
        10 permit icmp any any [match 541163498 bytes in 4900227 packets, 0:00:00 ago]
        20 permit ip any any tracked [match 329364147549 bytes in 1126954545 packets, 0:00:00 ago]
        30 permit udp any any eq bfd ttl eq 255
        40 permit udp any any eq bfd-echo ttl eq 254
        50 permit udp any any eq multihop-bfd micro-bfd sbfd [match 31111326168 bytes in 598294734 packets, 0:20:05 ago]
        60 permit udp any eq sbfd any eq sbfd-initiator
        70 permit ospf any any
        80 permit tcp any any eq ssh telnet www snmp bgp https msdp ldp netconf-ssh gnmi [match 210610 bytes in 3383 packets, 17:57:20 ago]
        90 permit udp any any eq bootps bootpc snmp rip ntp ldp ptp-event ptp-general [match 1150 bytes in 8 packets, 108 days, 14:25:55 ago]
        100 permit tcp any any eq mlag ttl eq 255
        110 permit udp any any eq mlag ttl eq 255
        120 permit vrrp any any
        130 permit ahp any any
        140 permit pim any any
        150 permit igmp any any
        160 permit tcp any any range 5900 5910 [match 520 bytes in 13 packets, 107 days, 20:59:34 ago]
        170 permit tcp any any range 50000 50100 [match 244 bytes in 6 packets, 109 days, 7:13:45 ago]
        180 permit udp any any range 51000 51100
        190 permit tcp any any eq 3333 [match 124 bytes in 3 packets, 119 days, 12:41:52 ago]
        200 permit tcp any any eq nat ttl eq 255
        210 permit tcp any eq bgp any [match 162 bytes in 2 packets, 17 days, 17:26:11 ago]
        220 permit rsvp any any
        230 permit tcp any any eq 9340 [match 80 bytes in 2 packets, 113 days, 21:53:01 ago]
        240 permit tcp any any eq 9559 [match 80 bytes in 2 packets, 114 days, 5:17:45 ago]
        250 permit udp any any eq 8503
        260 permit udp any any eq lsp-ping
        270 permit udp any eq lsp-ping any

If one wants to run iPerf between EOS devices, one must first make a new control plane ACL which is a copy of that auto generated one, and then add iPerf permitting ACEs to that ACL.

ip access-list default-control-plane-acl-iperf
   counters per-entry
   10 permit icmp any any
   20 permit ip any any tracked
   30 permit udp any any eq bfd ttl eq 255
   40 permit udp any any eq bfd-echo ttl eq 254
   50 permit udp any any eq multihop-bfd micro-bfd sbfd
   60 permit udp any eq sbfd any eq sbfd-initiator
   70 permit ospf any any
   80 permit tcp any any eq ssh telnet www snmp bgp https msdp ldp netconf-ssh gnmi
   90 permit udp any any eq bootps bootpc snmp rip ntp ldp ptp-event ptp-general
   100 permit tcp any any eq mlag ttl eq 255
   110 permit udp any any eq mlag ttl eq 255
   120 permit vrrp any any
   130 permit ahp any any
   140 permit pim any any
   150 permit igmp any any
   160 permit tcp any any range 5900 5910
   170 permit tcp any any range 50000 50100
   180 permit udp any any range 51000 51100
   190 permit tcp any any eq 3333
   200 permit tcp any any eq nat ttl eq 255
   210 permit tcp any eq bgp any
   220 permit rsvp any any
   230 permit tcp any any eq 9340
   240 permit tcp any any eq 9559
   250 permit udp any any eq 8503
   260 permit udp any any eq lsp-ping
   270 permit udp any eq lsp-ping any
   300 permit tcp 192.0.2.0/24 range 1024 65535 192.0.2.0/24 eq 5001
   310 permit udp 192.0.2.0/24 range 1024 65535 192.0.2.0/24 eq 5001
   exit

system control-plane
   ip access-group default-control-plane-acl-iperf in
   exit

Running iPerf

Becasue everything is in a network namespace in EOS, one needs to run iPerf in the "default" namespace to run iPerf across an underlay.

# Start iPerf server in default routing table, listening on lo0 IPv4 address:
bash sudo ip netns exec default iperf -B $(ip addr show dev lo0 | grep "inet " | awk '{print $2}' | cut -d "/" -f 1) -i 1 -s

# Start iPerf client using lo0 IPv4 address in default routing table as source address
bash sudo ip netns exec default iperf -B $(ip addr show dev lo0 | grep "inet " | awk '{print $2}' | cut -d "/" -f 1) -i 1 -t 30 -c 192.0.2.1 -u -b 200M

Bandwidth Limitations

When testing on 7280R3 devices, iPerf can achieve more than ~240Mbps between devices, and when running at this maximum speed for an extended period of time, the CLI/SSH becomes slow to respond, and GNMIC can no longer be polled, so it seems that this is the max control-plane <-> data-plane bandwidth for this platform.

^ Top

Previous page: ethxmit
Next page: tcpdump

Navigation

iperf