summaryrefslogtreecommitdiffstats
path: root/src/iperf3.1
diff options
context:
space:
mode:
Diffstat (limited to 'src/iperf3.1')
-rw-r--r--src/iperf3.1507
1 files changed, 507 insertions, 0 deletions
diff --git a/src/iperf3.1 b/src/iperf3.1
new file mode 100644
index 0000000..344a762
--- /dev/null
+++ b/src/iperf3.1
@@ -0,0 +1,507 @@
+.TH IPERF3 1 "November 2023" ESnet "User Manuals"
+.SH NAME
+iperf3 \- perform network throughput tests
+.SH SYNOPSIS
+.B iperf3 -s [
+.I options
+.B ]
+.br
+.B iperf3 -c
+.I server
+.B [
+.I options
+.B ]
+
+.SH DESCRIPTION
+iperf3 is a tool for performing network throughput measurements.
+It can test TCP, UDP, or SCTP throughput.
+To perform an iperf3 test the user must establish both a server and a
+client.
+.PP
+The iperf3 executable contains both client and server functionality.
+An iperf3 server can be started using either of the -s or
+--server command-line parameters, for example:
+.IP
+\fCiperf3 -s\fR
+.IP
+\fCiperf3 --server \fR
+.PP
+Note that many iperf3 parameters have both short (-s) and long
+(--server) forms.
+In this section we will generally use the short form of command-line
+flags, unless only the long form of a flag is available.
+.PP
+By default, the iperf3 server listens on TCP port 5201 for connections
+from an iperf3 client.
+A custom port can be specified by using the -p flag, for
+example:
+.IP
+\fCiperf3 -s -p 5002\fR
+.PP
+After the server is started, it will listen for connections from
+iperf3 clients (in other words, the iperf3 program run in client
+mode).
+The client mode can be started using the -c command-line option,
+which also requires a host to which iperf3 should connect.
+The host can by specified by hostname, IPv4 literal, or IPv6 literal:
+.IP
+\fCiperf3 -c iperf3.example.com\fR
+.IP
+\fCiperf3 -c 192.0.2.1\fR
+.IP
+\fCiperf3 -c 2001:db8::1\fR
+.PP
+If the iperf3 server is running on a non-default TCP port, that port
+number needs to be specified on the client as well:
+.IP
+\fCiperf3 -c iperf3.example.com -p 5002\fR
+.PP
+The initial TCP connection is used to exchange test parameters,
+control the start and end of the test, and to exchange test results.
+This is sometimes referred to as the "control connection".
+The actual test data is sent over a separate TCP connection, as a
+separate flow of UDP packets, or as an independent SCTP connection,
+depending on what protocol was specified by the client.
+.PP
+Normally, the test data is sent from the client to the server, and
+measures the upload speed of the client.
+Measuring the download speed from the server can be done by specifying
+the -R flag on the client.
+This causes data to be sent from the server to the client.
+.IP
+\fCiperf3 -c iperf3.example.com -p 5202 -R
+.PP
+Results are displayed on both the client and server.
+There will be at least one line of output per measurement interval (by
+default a measurement interval lasts for one second, but this can be
+changed by the -i option).
+Each line of output includes (at least) the time since the start of
+the test, amount of data transferred during the interval, and the
+average bitrate over that interval.
+Note that the values for each measurement interval are taken from the
+point of view of the endpoint process emitting that output (in other
+words, the output on the client shows the measurement interval data for
+the client.
+.PP
+At the end of the test is a set of statistics that shows (at
+least as much as possible) a summary of the test as seen by both the
+sender and the receiver, with lines tagged accordingly.
+Recall that by default the client is the sender and the server is the
+receiver, although as indicated above, use of the \fC-R\fR flag will
+reverse these roles.
+.PP
+The client can be made to retrieve the server-side output for a given
+test by specifying the --get-server-output flag.
+.PP
+Either the client or the server can produce its output in a JSON
+structure, useful for integration with other programs, by passing it
+the -J flag.
+Because the contents of the JSON structure are only completely known
+after the test has finished, no JSON output will be emitted until the
+end of the test.
+.PP
+iperf3 has a (overly) large set of command-line options that can be
+used to set the parameters of a test.
+They are given in the "GENERAL OPTIONS" section of the manual page
+below, as well as summarized in iperf3's help output, which can be
+viewed by running iperf3 with the -h flag.
+.SH "GENERAL OPTIONS"
+.TP
+.BR -p ", " --port " \fIn\fR"
+set server port to listen on/connect to to \fIn\fR (default 5201)
+.TP
+.BR -f ", " --format " "
+[kmgtKMGT] format to report: Kbits/Mbits/Gbits/Tbits
+.TP
+.BR -i ", " --interval " \fIn\fR"
+pause \fIn\fR seconds between periodic throughput reports;
+default is 1, use 0 to disable
+.TP
+.BR -I ", " --pidfile " \fIfile\fR"
+write a file with the process ID, most useful when running as a daemon.
+.TP
+.BR -F ", " --file " \fIname\fR"
+Use a file as the source (on the sender) or sink (on the receiver) of
+data, rather than just generating random data or throwing it away.
+This feature is used for finding whether or not the storage subsystem
+is the bottleneck for file transfers.
+It does not turn iperf3 into a file transfer tool.
+The length, attributes, and in some cases contents of the received
+file may not match those of the original file.
+.TP
+.BR -A ", " --affinity " \fIn/n,m\fR"
+Set the CPU affinity, if possible (Linux, FreeBSD, and Windows only).
+On both the client and server you can set the local affinity by using
+the \fIn\fR form of this argument (where \fIn\fR is a CPU number).
+In addition, on the client side you can override the server's
+affinity for just that one test, using the \fIn,m\fR form of
+argument.
+Note that when using this feature, a process will only be bound
+to a single CPU (as opposed to a set containing potentially multiple
+CPUs).
+.TP
+.BR -B ", " --bind " \fIhost\fR[\fB%\fIdev\fR]"
+bind to the specific interface associated with address \fIhost\fR.
+If an optional interface is specified, it is treated as a shortcut
+for \fB--bind-dev \fIdev\fR.
+Note that a percent sign and interface device name are required for IPv6 link-local address literals.
+.TP
+.BR --bind-dev " \fIdev\fR"
+bind to the specified network interface.
+This option uses SO_BINDTODEVICE, and may require root permissions.
+(Available on Linux and possibly other systems.)
+.TP
+.BR -V ", " --verbose " "
+give more detailed output
+.TP
+.BR -J ", " --json " "
+output in JSON format
+.TP
+.BR --logfile " \fIfile\fR"
+send output to a log file.
+.TP
+.BR --forceflush " "
+force flushing output at every interval.
+Used to avoid buffering when sending output to pipe.
+.TP
+.BR --timestamps "[\fB=\fIformat\fR]"
+prepend a timestamp at the start of each output line.
+By default, timestamps have the format emitted by
+.BR ctime ( 1 ).
+Optionally, \fC=\fR followed by
+a format specification can be passed to customize the
+timestamps, see
+.BR strftime ( 3 ).
+If this optional format is given, the \fC=\fR must immediately
+follow the \fB--timestamps\fR option with no whitespace intervening.
+.TP
+.BR --rcv-timeout " \fI#\fR"
+set idle timeout for receiving data during active tests. The receiver
+will halt a test if no data is received from the sender for this
+number of ms (default to 12000 ms, or 2 minutes).
+.TP
+.BR --snd-timeout " \fI#\fR"
+set timeout for unacknowledged TCP data (on both test and control
+connections) This option can be used to force a faster test timeout
+in case of a network partition during a test. The required
+parameter is specified in ms, and defaults to the system settings.
+This functionality depends on the TCP_USER_TIMEOUT socket option, and
+will not work on systems that do not support it.
+.TP
+.BR -d ", " --debug " "
+emit debugging output.
+Primarily (perhaps exclusively) of use to developers.
+.TP
+.BR -v ", " --version " "
+show version information and quit
+.TP
+.BR -h ", " --help " "
+show a help synopsis
+
+.SH "SERVER SPECIFIC OPTIONS"
+.TP
+.BR -s ", " --server " "
+run in server mode
+.TP
+.BR -D ", " --daemon " "
+run the server in background as a daemon
+.TP
+.BR -1 ", " --one-off
+handle one client connection, then exit. If an idle time is set, the
+server will exit after that amount of time with no connection.
+.TP
+.BR --idle-timeout " \fIn\fR"
+restart the server after \fIn\fR seconds in case it gets stuck. In
+one-off mode, this is the number of seconds the server will wait
+before exiting.
+.TP
+.BR --server-bitrate-limit " \fIn\fR[KMGT]"
+set a limit on the server side, which will cause a test to abort if
+the client specifies a test of more than \fIn\fR bits per second, or
+if the average data sent or received by the client (including all data
+streams) is greater than \fIn\fR bits per second. The default limit
+is zero, which implies no limit. The interval over which to average
+the data rate is 5 seconds by default, but can be specified by adding
+a '/' and a number to the bitrate specifier.
+.TP
+.BR --rsa-private-key-path " \fIfile\fR"
+path to the RSA private key (not password-protected) used to decrypt
+authentication credentials from the client (if built with OpenSSL
+support).
+.TP
+.BR --authorized-users-path " \fIfile\fR"
+path to the configuration file containing authorized users credentials to run
+iperf tests (if built with OpenSSL support).
+The file is a comma separated list of usernames and password hashes;
+more information on the structure of the file can be found in the
+EXAMPLES section.
+.TP
+.BR --time-skew-threshold second " \fIseconds\fR"
+time skew threshold (in seconds) between the server and client
+during the authentication process.
+.SH "CLIENT SPECIFIC OPTIONS"
+.TP
+.BR -c ", " --client " \fIhost\fR[\fB%\fIdev\fR]"
+run in client mode, connecting to the specified server.
+By default, a test consists of sending data from the client to the
+server, unless the \-R flag is specified.
+If an optional interface is specified, it is treated as a shortcut
+for \fB--bind-dev \fIdev\fR.
+Note that a percent sign and interface device name are required for IPv6 link-local address literals.
+.TP
+.BR --sctp
+use SCTP rather than TCP (FreeBSD and Linux)
+.TP
+.BR -u ", " --udp
+use UDP rather than TCP
+.TP
+.BR --connect-timeout " \fIn\fR"
+set timeout for establishing the initial control connection to the
+server, in milliseconds.
+The default behavior is the operating system's timeout for TCP
+connection establishment.
+Providing a shorter value may speed up detection of a down iperf3
+server.
+.TP
+.BR -b ", " --bitrate " \fIn\fR[KMGT]"
+set target bitrate to \fIn\fR bits/sec (default 1 Mbit/sec for UDP,
+unlimited for TCP/SCTP).
+If there are multiple streams (\-P flag), the throughput limit is applied
+separately to each stream.
+You can also add a '/' and a number to the bitrate specifier.
+This is called "burst mode".
+It will send the given number of packets without pausing, even if that
+temporarily exceeds the specified throughput limit.
+Setting the target bitrate to 0 will disable bitrate limits
+(particularly useful for UDP tests).
+This throughput limit is implemented internally inside iperf3, and is
+available on all platforms.
+Compare with the \--fq-rate flag.
+This option replaces the \--bandwidth flag, which is now deprecated
+but (at least for now) still accepted.
+.TP
+.BR --pacing-timer " \fIn\fR[KMGT]"
+set pacing timer interval in microseconds (default 1000 microseconds,
+or 1 ms).
+This controls iperf3's internal pacing timer for the \-b/\--bitrate
+option.
+The timer fires at the interval set by this parameter.
+Smaller values of the pacing timer parameter smooth out the traffic
+emitted by iperf3, but potentially at the cost of performance due to
+more frequent timer processing.
+.TP
+.BR --fq-rate " \fIn\fR[KMGT]"
+Set a rate to be used with fair-queueing based socket-level pacing,
+in bits per second.
+This pacing (if specified) will be in addition to any pacing due to
+iperf3's internal throughput pacing (\-b/\--bitrate flag), and both can be
+specified for the same test.
+Only available on platforms supporting the
+\fCSO_MAX_PACING_RATE\fR socket option (currently only Linux).
+The default is no fair-queueing based pacing.
+.TP
+.BR --no-fq-socket-pacing
+This option is deprecated and will be removed.
+It is equivalent to specifying --fq-rate=0.
+.TP
+.BR -t ", " --time " \fIn\fR"
+time in seconds to transmit for (default 10 secs)
+.TP
+.BR -n ", " --bytes " \fIn\fR[KMGT]"
+number of bytes to transmit (instead of \-t)
+.TP
+.BR -k ", " --blockcount " \fIn\fR[KMGT]"
+number of blocks (packets) to transmit (instead of \-t or \-n)
+.TP
+.BR -l ", " --length " \fIn\fR[KMGT]"
+length of buffer to read or write. For TCP tests, the default value
+is 128KB.
+In the case of UDP, iperf3 tries to dynamically determine a reasonable
+sending size based on the path MTU; if that cannot be determined it
+uses 1460 bytes as a sending size.
+For SCTP tests, the default size is 64KB.
+.TP
+.BR --cport " \fIport\fR"
+bind data streams to a specific client port (for TCP and UDP only,
+default is to use an ephemeral port)
+.TP
+.BR -P ", " --parallel " \fIn\fR"
+number of parallel client streams to run. iperf3 will spawn off a
+separate thread for each test stream. Using multiple streams may
+result in higher throughput than a single stream.
+.TP
+.BR -R ", " --reverse
+reverse the direction of a test, so that the server sends data to the
+client
+.TP
+.BR --bidir
+test in both directions (normal and reverse), with both the client and
+server sending and receiving data simultaneously
+.TP
+.BR -w ", " --window " \fIn\fR[KMGT]"
+set socket buffer size / window size.
+This value gets sent to the server and used on that side too; on both
+sides this option sets both the sending and receiving socket buffer sizes.
+This option can be used to set (indirectly) the maximum TCP window size.
+Note that on Linux systems, the effective maximum window size is approximately
+double what is specified by this option (this behavior is not a bug in iperf3
+but a "feature" of the Linux kernel, as documented by tcp(7) and socket(7)).
+.TP
+.BR -M ", " --set-mss " \fIn\fR"
+set TCP/SCTP maximum segment size (MTU - 40 bytes)
+.TP
+.BR -N ", " --no-delay " "
+set TCP/SCTP no delay, disabling Nagle's Algorithm
+.TP
+.BR -4 ", " --version4 " "
+only use IPv4
+.TP
+.BR -6 ", " --version6 " "
+only use IPv6
+.TP
+.BR -S ", " --tos " \fIn\fR"
+set the IP type of service. The usual prefixes for octal and hex can be used,
+i.e. 52, 064 and 0x34 all specify the same value.
+.TP
+.BR "--dscp " \fIdscp\fR
+set the IP DSCP bits. Both numeric and symbolic values are accepted. Numeric
+values can be specified in decimal, octal and hex (see --tos above).
+.TP
+.BR -L ", " --flowlabel " \fIn\fR"
+set the IPv6 flow label (currently only supported on Linux)
+.TP
+.BR -X ", " --xbind " \fIname\fR"
+Bind SCTP associations to a specific subset of links using sctp_bindx(3).
+The \fB--B\fR flag will be ignored if this flag is specified.
+Normally SCTP will include the protocol addresses of all active links
+on the local host when setting up an association. Specifying at least
+one \fB--X\fR name will disable this behaviour.
+This flag must be specified for each link to be included in the
+association, and is supported for both iperf servers and clients
+(the latter are supported by passing the first \fB--X\fR argument to bind(2)).
+Hostnames are accepted as arguments and are resolved using
+getaddrinfo(3).
+If the \fB--4\fR or \fB--6\fR flags are specified, names
+which do not resolve to addresses within the
+specified protocol family will be ignored.
+.TP
+.BR --nstreams " \fIn\fR"
+Set number of SCTP streams.
+.TP
+.BR -Z ", " --zerocopy " "
+Use a "zero copy" method of sending data, such as sendfile(2),
+instead of the usual write(2).
+.TP
+.BR -O ", " --omit " \fIn\fR"
+Perform pre-test for N seconds and omit the pre-test statistics, to skip past the TCP slow-start
+period.
+.TP
+.BR -T ", " --title " \fIstr\fR"
+Prefix every output line with this string.
+.TP
+.BR --extra-data " \fIstr\fR"
+Specify an extra data string field to be included in JSON output.
+.TP
+.BR -C ", " --congestion " \fIalgo\fR"
+Set the congestion control algorithm (Linux and FreeBSD only). An
+older
+.B --linux-congestion
+synonym for this flag is accepted but is deprecated.
+.TP
+.BR "--get-server-output"
+Get the output from the server.
+The output format is determined by the server (in particular, if the
+server was invoked with the \fB--json\fR flag, the output will be in
+JSON format, otherwise it will be in human-readable format).
+If the client is run with \fB--json\fR, the server output is included
+in a JSON object; otherwise it is appended at the bottom of the
+human-readable output.
+.TP
+.BR --udp-counters-64bit
+Use 64-bit counters in UDP test packets.
+The use of this option can help prevent counter overflows during long
+or high-bitrate UDP tests. Both client and server need to be running
+at least version 3.1 for this option to work. It may become the
+default behavior at some point in the future.
+.TP
+.BR --repeating-payload
+Use repeating pattern in payload, instead of random bytes.
+The same payload is used in iperf2 (ASCII '0..9' repeating).
+It might help to test and reveal problems in networking gear with hardware
+compression (including some WiFi access points), where iperf2 and iperf3
+perform differently, just based on payload entropy.
+.TP
+.BR --dont-fragment
+Set the IPv4 Don't Fragment (DF) bit on outgoing packets.
+Only applicable to tests doing UDP over IPv4.
+.TP
+.BR --username " \fIusername\fR"
+username to use for authentication to the iperf server (if built with
+OpenSSL support).
+The password will be prompted for interactively when the test is run. Note,
+the password to use can also be specified via the IPERF3_PASSWORD environment
+variable. If this variable is present, the password prompt will be skipped.
+.TP
+.BR --rsa-public-key-path " \fIfile\fR"
+path to the RSA public key used to encrypt authentication credentials
+(if built with OpenSSL support)
+
+.SH EXAMPLES
+.SS "Authentication - RSA Keypair"
+The authentication feature of iperf3 requires an RSA public keypair.
+The public key is used to encrypt the authentication token containing the
+user credentials, while the private key is used to decrypt the authentication token.
+The private key must be in PEM format and additionally must not have a
+password set.
+The public key must be in PEM format and use SubjectPrefixKeyInfo encoding.
+An example of a set of UNIX/Linux commands using OpenSSL
+to generate a correctly-formed keypair follows:
+.sp 1
+.in +.5i
+> openssl genrsa -des3 -out private.pem 2048
+.sp 0
+> openssl rsa -in private.pem -outform PEM -pubout -out public.pem
+.sp 0
+> openssl rsa -in private.pem -out private_not_protected.pem -outform PEM
+.in -.5i
+.sp 1
+After these commands, the public key will be contained in the file
+public.pem and the private key will be contained in the file
+private_not_protected.pem.
+.SS "Authentication - Authorized users configuration file"
+A simple plaintext file must be provided to the iperf3 server in order to specify
+the authorized user credentials.
+The file is a simple list of comma-separated pairs of a username and a
+corresponding password hash.
+The password hash is a SHA256 hash of the string "{$user}$password".
+The file can also contain commented lines (starting with the \fC#\fR
+character).
+An example of commands to generate the password hash on a UNIX/Linux system
+is given below:
+.sp 1
+.in +.5i
+> S_USER=mario S_PASSWD=rossi
+.sp 0
+> echo -n "{$S_USER}$S_PASSWD" | sha256sum | awk '{ print $1 }'
+.in -.5i
+.sp 1
+An example of a password file (with an entry corresponding to the
+above username and password) is given below:
+.sp 0
+.in +.5i
+> cat credentials.csv
+.sp 0
+# file format: username,sha256
+.sp 0
+mario,bf7a49a846d44b454a5d11e7acfaf13d138bbe0b7483aa3e050879700572709b
+.in -.5i
+.sp 1
+
+.SH AUTHORS
+A list of the contributors to iperf3 can be found within the
+documentation located at
+\fChttps://software.es.net/iperf/dev.html#authors\fR.
+
+.SH "SEE ALSO"
+libiperf(3),
+https://software.es.net/iperf