Check Marks
This example demonstrates how to mark NHRP traffic in a scenario using one Tunnel with GRE encapsulation.
Test Marks In NHRP Traffic
Description
In this scenario, a traffic policy was configured to drop unmarked traffic. In order to bypass this restriction, a new option has been configured in the tunnel nhrp configuration section to set different kinds of traffic marks.
Scenario
Example 1
Step 1: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 2: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 3: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 4: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.10/24 set interfaces ethernet eth0 traffic policy out ACCEPT_MARKED set interfaces tunnel tun0 address 10.0.0.1/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.10 set traffic policy ACCEPT_MARKED rule 1 action accept set traffic policy ACCEPT_MARKED rule 1 selector SEL_MARKED set traffic policy ACCEPT_MARKED rule 2 action drop set interfaces tunnel tun0 nhrp mark 10 set traffic selector SEL_MARKED rule 1 mark 10
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.20/24 set interfaces tunnel tun0 address 10.0.0.2/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.20 set interfaces tunnel tun0 nhrp nhs 10.0.0.1 nbma 192.168.100.10
Step 6: Run command protocols ip show nhrp at DUT0 and check if output matches the following regular expressions:
tun0\s+dynamic\s+10\.0\.0\.2Show output
Iface Type Protocol NBMA Claimed NBMA Expires(s) Flags Identity tun0 local 10.0.0.1 192.168.100.10 192.168.100.10 - - tun0 dynamic 10.0.0.2 192.168.100.20 192.168.100.20 7199 UTA
Example 2
Step 1: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 2: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 3: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 4: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.10/24 set interfaces ethernet eth0 traffic policy out ACCEPT_MARKED set interfaces tunnel tun0 address 10.0.0.1/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.10 set traffic policy ACCEPT_MARKED rule 1 action accept set traffic policy ACCEPT_MARKED rule 1 selector SEL_MARKED set traffic policy ACCEPT_MARKED rule 2 action drop set interfaces tunnel tun0 nhrp extra-mark1 10 set traffic selector SEL_MARKED rule 2 extra-mark 1 value 10
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.20/24 set interfaces tunnel tun0 address 10.0.0.2/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.20 set interfaces tunnel tun0 nhrp nhs 10.0.0.1 nbma 192.168.100.10
Step 6: Run command protocols ip show nhrp at DUT0 and check if output matches the following regular expressions:
tun0\s+dynamic\s+10\.0\.0\.2Show output
Iface Type Protocol NBMA Claimed NBMA Expires(s) Flags Identity tun0 local 10.0.0.1 192.168.100.10 192.168.100.10 - - tun0 dynamic 10.0.0.2 192.168.100.20 192.168.100.20 7200 UTA
Example 3
Step 1: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 2: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 3: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 4: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.10/24 set interfaces ethernet eth0 traffic policy out ACCEPT_MARKED set interfaces tunnel tun0 address 10.0.0.1/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.10 set traffic policy ACCEPT_MARKED rule 1 action accept set traffic policy ACCEPT_MARKED rule 1 selector SEL_MARKED set traffic policy ACCEPT_MARKED rule 2 action drop set interfaces tunnel tun0 nhrp extra-mark2 10 set traffic selector SEL_MARKED rule 3 extra-mark 2 value 10
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.20/24 set interfaces tunnel tun0 address 10.0.0.2/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.20 set interfaces tunnel tun0 nhrp nhs 10.0.0.1 nbma 192.168.100.10
Step 6: Run command protocols ip show nhrp at DUT0 and check if output matches the following regular expressions:
tun0\s+dynamic\s+10\.0\.0\.2Show output
Iface Type Protocol NBMA Claimed NBMA Expires(s) Flags Identity tun0 local 10.0.0.1 192.168.100.10 192.168.100.10 - - tun0 dynamic 10.0.0.2 192.168.100.20 192.168.100.20 7200 UTA