We’ve written extensively about the phenomenon of network microbursts and how to use the iPerf network performance tool to create them in order to test their effects on your network. Our interest in them grew out of our work with Velocimetrics, since microbursts can have pretty significant effects in financial/trade markets.
Our journey down the rabbit-hole got us interested in seeing the effects of microbursts on switches and interfaces in a test network.
Bursty traffic, particularly microbursts, are an often overlooked phenomenon that can cause serious issues with network performance. We’ve explained before what microbursts are and what they look like, but how can you use existing tools to test your network’s reliability in the presence of microbursts?
How can I test network throughput? iPerf is one of the most commonly used tools to test network throughput. From their site:
iPerf3 is a tool for active measurements of the maximum achievable bandwidth on IP networks.
When packets are transmitted from one interface to another, they aren’t necessarily delivered consistently. When a multitasking OS gives CPU time to the network process, it will send as much data as it can in the shortest time. In addition, for each “hop” that data traverses, buffering and other resource bottlenecks inherently make most traffic “bursty”.
However, not all bursts are easily detected. A tool with fine enough granularity
When getting to the heart of an application or security problem, finding the right TCP stream and following it using the “Follow TCP Stream” view in CloudShark is usually the place you want to get to in order to see an issue in action, for a great many use cases. But how do you find the right stream, and what should you look for once you’re viewing it?
What is a stream?
This challenge is now concluded! Read the solution below or scroll down for the original challenge!
The Solution So, what’s going on here?
This communication is happening over a home gateway using Network Address Translation, or NAT. This is very common in home networks as it allows a Service Provider to use only one public address to represent many hosts. It also has an interesting side effect of acting as a natural firewall.