Cisco: Use TTCP to test together with TTCPW or JPerf

In one my previous posts, I shown you how to test a connection using a hidden Cisco IOS tool called TTCP.  A few days ago I run into an issue. I had to test a TCP connection to a remote Cisco router, but I had not other router on which to initiate the TTCP connection. As explained in Testing TCP Connection post, to use TTCP you need 2 Cisco routers.

Now, I found 2 new ways to do the testing without the need of having 2 routers, but just one. Maybe you already know this methods, but for those who don’t please keep on reading.

First, there is a Windows tool called TTCPW (download here) (actually you can download also the code, and I think it’s possible to compile and run it under Linux as well). This TTCW tool have the same option like Cisco TTCP and can work together without any issue.
On Cisco router, issue the ttcp command, and keep the regular parameters (we are not interested for now in fine tuning). Below I set the Cisco router to be the receiver:

Cisco TTCP
Cisco TTCP with default settings

On PC side, you download TTCPW and use the same settings. Basically to transmit you only need to input ttcpw.exe -t or -r “ip.address” and that’s it  Of course you can tune the settings to meet your needs. Just type ttcpw.exe to see all the settings.

TTCPW help

The second tool that you can use with Cisco TTCP is IPerf (text mode) or JPerf (Java graphical mode). Just fill in the IP address and the port (5001 if default) and you’re ready to go:

Jperf with TTCP
Jperf with TTCP

Of course there are some limitations on JPerf to TTCP compared to JPerf to JPerf testing. One of then is that you cannot use parallel streams, if you want to stress the connection. To overcome this limitation, I do the following.
Open 2 or 3 connection to the Cisco router where TTCP will run. Start one each connection one TTCP daemon with different ports (e.g. assuming 3 connection than ports 5001, 5002 and 5003). Then on the client start 3 JPerf (Iperf) with the same IP address but different ports (you can take the one below). In this way you can stress the connection a little bit.

Free Netflow Analyzer software

For today, I put together a list with the software that I’m using when I’m testing network behavior in the lab. The software below is free, with some restrictions but is perfect to use it when you need a quick solution to monitor your network with Netflow, sFlow or jFlow.

All the proposed software have commercial version, so if you like then and you consider one for your company please get in touch with the company that develop them for more information about licenses.


Free, graphical network monitoring tool. sFlowTrend makes use of the popular sFlow standard to generate real-time displays of the top users and applications making use of network bandwidth.

Some features:

  • Quickly understand who is using the network and what they are doing.
  • Enforce corporate acceptable network use policies.
  • Rapidly identify the cause of any problems or abnormal traffic.
  • Understand trends in usage and accurately target upgrades.
  • Generate management reports on current and historical performance.

sFlowTrend is written in Java and will run on most platforms.

Download sFlowTrend.

Solarwinds Netflow Analyzer

Solarwinds Real-Time NetFlow Analyzer captures and analyzes NetFlow data in real time to show you exactly what types of traffic are on your network, where that traffic is coming from, and where it is going. It displays inbound and outbound traffic separately for granular analysis that makes problem diagnosis quick and easy. You can view the historical NetFlow data broken out by application, conversation, domain, endpoint, and protocol. That way you know exactly how your bandwidth is being used and by whom.

  • Investigate, troubleshoot, and quickly remediate network slowdowns
  • Easily identify which users, devices, and applications are consuming the most bandwidth
  • Isolate inbound and outbound traffic by conversation, application, domain, endpoint, and protocol
  • Personalize NetFlow data displays to view traffic by specified time periods (up to 60 minutes) and by traffic type
  • Customize refresh rates and display units for NetFlow traffic

Drawback for this free version is that it can record only up to 60 minutes, than you have to restart software to record again.

Available only for Windows platforms.

Download Solarwinds Netflow Analyzer

ManageEngine Netflow Analyzer

ManageEngine NetFlow Analyzer is a, web based (no hardware probes), bandwidth monitoring, network forensics and network traffic analysis tool that has been optimizing thousands of networks across varied industries for peak performance and helping them to put their bandwidth for a better use. NetFlow Analyzer is a NetFlow, sFlow, JFLow (and more) collector, analyzer and reporting engine integrated together.


  • Real-time visibility into top applications and talkers in the network.
  • Detection of unauthorized WAN traffic.
  • Identify virus, worms and DoS attacks in real-time.
  • Understand the history of security violations with alert reports.
  • Recognize applications that use dynamic ports by performing a deep-packet inspection using Cisco NBAR.
  • Real time reports with 1 minute granularity.
  • Aggregated data stored for ever for historic reports
  • Ability to view reports in different granularity – 10 min, hourly, daily, weekly, monthly, and custom time period.

The bad aspect is that you can use it only for 30 days. Then you have to buy it. There is a trick, that if you reinstall the product you can use it again for 30 days. I advice to use this trick just for personal use or for testing purpose.

Available for Linux and Windows.

Download ManageEngine Netflow Analyzer

Plixer Scrutinizer

Plixer Scrutinizer captures Cisco NetFlow, sFlow and other flow technologies and uses that data to monitor the overall network health. Reports on which hosts, applications, protocols that are consuming network bandwidth.

Custom NetFlow Reports allow you to filter (include/exclude) in on exactly the information you need. They can be saved and run again later.


  • Adds several additional traffic analysis Report Types (e.g. Flows, Flow Volume, NBAR Support, etc.).
  • Report on Top Applications, Conversations, Flows, Protocols, Domains, Countries, Subnets, etc., across dozens of routers and switches.
  • Any saved report in Scrutinizer can be configured with a threshold to trigger an alarm.
  • DNS resolution becomes automated and a constant process.
  • Network traffic reporting and alarming on the internal network: SYN, NULL, FIN, XMAS Scans, RST/ACK worms, P2P, ICMP Unreachable, illegal IP addresses, excessive Multicast traffic, known compromised Internet hosts and more.

The bad part is that it drops the database after 24 hours. Still you can save the databases before this are dropped by the free version of Scrutinizer.

Available for Windows platforms.

Download Plixer Scrutinizer

Do you have any other alternatives that can help network engineer test their environment? Feel free to suggest in the comments form and if they are good I will add them to  this post.

Cisco: The basics about VRF implementation

VRF, meaning Virtual Routing and Forwarding, is a technology implemented in the IP network routers that allows multiple instances of a routing table to exist on the same router in the same time. Since each VRF is independent, the same IP subnet can exist in 2 different VRFs. Basically you can overlap one IP address in 2 VRFs but without conflicting with each other. Even this is possible, I would not suggest doing so, unless you have a very good reason to do it.

Another meaning of VRF is VPN Routing and Forwarding which is a key element in Cisco’s MPLS (Multiprotocol Label Switching) VPN technology. Internet service providers often take advantage of VRF to create separate virtual private networks (VPNs) for customers. Some advantages of  using this technology is than an ISP can provision scalable IP  MPLS VPN services, generate reports (e.g. audit for services), Service Level Agreements (SLA) contracts and more…

To summarize, virtual networks enable administrators to split a physical link into multiple virtual links completely isolated one from the others. Typically, a virtual network will be dedicated to traffic from a specific application or from a specific users / customers.

Now that we clarify the basic of what is and how it works, let’s see where is VRF used the most. As you maybe guess already, this is in the MPLS VPN environment, due to the fact that in today’s business granularity is very important and VRF help network engineers to isolate and provide security for its customers in an ISP environment or to separate services in an Intranet environment. As you probably already know, MPLS functionality is based on P (Provider) routers, PE (Provider edge) routers and CE (Customer edge) routers. Each of these routers must be configured in order for MPLS to work within an enterprise’s architecture. I describe a little bit the MPLS technology, so you can understand better the topology presented below and then following configuration example:

VRF Implementation As you can see from the topology, one PE router can hold and manage multiple virtual routing table, one for each customer that an ISP have. If you are running in a private environment (e.g. Intranet), you can use MPLS VPN to separate services (e.g. office, development…) The  basic functionality is the same and I’ll show you below how to implement VRFs.

The actual configuration of VRFs  is not a complicate task to achieve. There are two main components to a VRF: The route distinguisher(RD) and the route target(RT).

The route distinguisher (RD) is a number which help identify a VPN in a provider’s network and allow for overlapping IP space.

The route target (RT) indicates the VPN membership of a route and allows VPN routes to be imported or exported into or out of your VRFs. The RT functions a little like a routing policy — determining how routes are distributed throughout the particular VPN.

The RD / RT is a 8-byte (64-bits) number which can be written down as follow:

16-bit AS number: your 32-bit number
(e.g.) 65000:100


32-bit IP address: your 16-bit number

Usually the first method is used more often.

For some very basic VRF configuration follow the steps:
Enters VRF configuration mode and assigns a VRF name.

Router(config)#ip vrf vrf-name

2. Creates a VPN route distinguisher (RD) following one of the 16bit-ASN:32bit-number or 32bit-IP:16bit-number explained above

Router(config-vrf)#rd route-distinguisher

3. Creates a list of import and/or export route target communities for the specified VRF.

Router(config-vrf)# route-target {import | export | both} route-distinguisher

4. (Optional step) Associates the specified route map with the VRF.

Router(config-vrf)# import map route-map

5. Specifies an interface and enters interface configuration mode.

Router(config)# interface type number

6. Associates a VRF with an interface or subinterface.

Router(config-vrf)# ip vrf forwarding vrf-name

To check your configuration, you can use ping or traceroute tools under Cisco CLI, but remember that you have to use “vrf vrf-name” parameter:

Router# ping vrf vrf-name IP-address

Also you can check the virtual routing table:

Router# show ip route vrf vrf-name

In some of the following posts, I will present a VRF implementation following a real environment topology, but until then I hope you understood the basics of VRF functionality. It’s not hard to implement (from case to case it might be due to local topologies and technology) but it can help you to have a more granular connections and makes troubleshooting more easy, especially in the environments which have a lot of IP addresses under management.