Selector
The following scenario shows how to configure different traffic selector rules. Selectors can be used to restrict the traffic affected by other features (like NAT, Netflow, traffic policies, etc).
Test Traffic Selector Rules
Description
This scenario demonstrates how to use traffic selector rules that can be configured as filters to match the desired traffic.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.329 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.329/0.329/0.329/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 2
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 exclude set traffic selector SELECTOR rule 1 not protocol icmp set traffic selector SELECTOR rule 2 destination address 100.0.0.1 set traffic selector SELECTOR rule 3 source address 100.0.0.2
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.322 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.322/0.322/0.322/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) --------------------------------------------------------- rule pkts match pkts eval bytes match bytes eval --------------------------------------------------------- 1 (excl.) 0 1 0 84 2 1 1 84 84 3 0 0 0 0 --------------------------------------------------------- Total 1 1 84 84
Example 3
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 destination address 100.0.0.1
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.384 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.384/0.384/0.384/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 4
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 dscp 8
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.333 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.333/0.333/0.333/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 5
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 icmp-type echo-reply,echo-request
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.282 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.282/0.282/0.282/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 6
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not ip-option lsrr
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.394 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.394/0.394/0.394/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 7
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 in-interface eth0
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.281 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.281/0.281/0.281/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 8
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 length min 32
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.349 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.349/0.349/0.349/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 9
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not out-interface eth0
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.352 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.352/0.352/0.352/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 10
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 pkt-type unicast
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.389 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.389/0.389/0.389/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 11
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 protocol icmp
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.289 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.289/0.289/0.289/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 12
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 source address 100.0.0.2
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.354 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.354/0.354/0.354/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 13
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 state new,established
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.321 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.321/0.321/0.321/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 14
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 ttl equal 32
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.340 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.340/0.340/0.340/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 15
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 ttl greater-than 16 set traffic selector SELECTOR rule 1 ttl less-than 64
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.280 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.280/0.280/0.280/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 16
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not destination mac-address 00:00:12:34:56:78
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.448 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.448/0.448/0.448/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 17
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 source mac-address DE:AD:BE:EF:6C:00-DE:AD:BE:EF:6C:FF
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.288 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.288/0.288/0.288/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 18
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 ether-type ip,ip6
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.328 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.328/0.328/0.328/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 19
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 header-length min 4
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.388 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.388/0.388/0.388/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 20
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 destination port 8080 set traffic selector SELECTOR rule 1 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 6 6 338 338 ----------------------------------------------------- Total 6 6 338 338
Example 21
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not source port 8080 set traffic selector SELECTOR rule 1 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 6 6 338 338 ----------------------------------------------------- Total 6 6 338 338
Example 22
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not tcp-flags rst set traffic selector SELECTOR rule 1 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 6 6 338 338 ----------------------------------------------------- Total 6 6 338 338
Example 23
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not tcp-option sack set traffic selector SELECTOR rule 1 tcp-flags syn set traffic selector SELECTOR rule 1 protocol tcp set traffic selector SELECTOR rule 2 not tcp-flags syn set traffic selector SELECTOR rule 2 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 6 60 338 2 5 5 278 278 ----------------------------------------------------- Total 6 6 338 338
Example 24
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 tcp-mss greater-than 1300 set traffic selector SELECTOR rule 1 tcp-flags syn set traffic selector SELECTOR rule 1 protocol tcp set traffic selector SELECTOR rule 2 not tcp-flags syn set traffic selector SELECTOR rule 2 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 6 60 338 2 5 5 278 278 ----------------------------------------------------- Total 6 6 338 338
Example 25
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 tcp-window greater-than 5 set traffic selector SELECTOR rule 1 tcp-flags syn set traffic selector SELECTOR rule 1 protocol tcp set traffic selector SELECTOR rule 2 not tcp-flags syn set traffic selector SELECTOR rule 2 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 6 60 338 2 5 5 278 278 ----------------------------------------------------- Total 6 6 338 338
Example 26
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 destination ipv6-address 2001:d00::/24 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.259 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.259/0.259/0.259/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 27
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 hoplimit greater-than 16 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.278 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.278/0.278/0.278/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 28
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 hoplimit less-than 64 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.306 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.306/0.306/0.306/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 29
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 ipv6-dscp 8 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.391 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.391/0.391/0.391/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 30
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 ipv6-icmp-type echo-reply,echo-request set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.345 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.345/0.345/0.345/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 31
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 protocol ipv6-icmp set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.271 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.271/0.271/0.271/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 2 2 168 168 2 0 0 0 0 ----------------------------------------------------- Total 2 2 168 168
Example 32
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 source ipv6-address 2001:d00::2 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.271 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.271/0.271/0.271/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104