症状
笔者在用iperf3做UDP收发实验时,在接收端的防火墙设置中开放了UDP端口1234,并让接收端的iperf作为server监听1234端口。然而,用命令iperf3 -c 192.168.1.1 -u -p 1234 -n 50M从发送端向接收端的UDP 1234端口发送数据时,发送端直接卡住,接收端没有反应。
调查与结论
在发送UDP时用Wireshark抓包可以看到,iperf3在向接收端的UDP 1234端口发送UDP数据之前,会先向接收端的TCP 1234端口发送TCP数据。查看TCP数据内容,能看到带宽、时间等明文信息。
所以结论就是:iperf3即使在UDP模式下,也会在发送UDP数据前通过TCP连接建立会话,交换测试参数。这条TCP连接建立之后才真正开始发送UDP数据。因此为了让iperf正常收发UDP数据,在防火墙设置或Virtual Server(BIG-IP)配置上,要确保接收方在iperf的监听端口能同时收到发送方发来的TCP和UDP两种数据。
相关文档对此的说明
查询资料可知,iperf3的这一特性亦记录于Debian的man page:
The initial TCP connection is used to exchange test parameters, control the start and end of the test, and to exchange test results. This is sometimes referred to as the “control connection”. The actual test data is sent over a separate TCP connection, as a separate flow of UDP packets, or as an independent SCTP connection, depending on what protocol was specified by the client.