Out Policy With Snat
This scenario demonstrates the importance of choosing the appropriate priority when it comes to combine traffic policies and NAT configuration.
Test Interface Traffic Out Before SNAT
Description
This scenario shows the importance of configuring the
different priorities of a traffic policy at the
out hook when there’s also SNAT configuration.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth1 traffic policy out POL priority high set traffic selector SEL rule 1 source address 10.0.0.2
Step 2: Ping IP address 20.0.0.2 from DUT1:
admin@DUT1$ ping 20.0.0.2 count 1 size 56 timeout 1Show output
PING 20.0.0.2 (20.0.0.2) 56(84) bytes of data. 64 bytes from 20.0.0.2: icmp_seq=1 ttl=63 time=0.806 ms --- 20.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.806/0.806/0.806/0.000 ms
Step 3: Run command traffic policy show at DUT0 and check if output matches the following regular expressions:
1\s+SEL\s+[1-9]\d*\s+[1-9]\d*Show output
Policy POL -- ifc eth1 -- hook out prio high --------------------------------------------------------------- rule selector pkts match pkts eval bytes match bytes eval --------------------------------------------------------------- 1 SEL 1 1 84 84 --------------------------------------------------------------- Total 1 1 84 84
Example 2
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth1 traffic policy out POL priority high set traffic selector SEL rule 1 source address 20.0.0.1
Step 2: Ping IP address 20.0.0.2 from DUT1:
admin@DUT1$ ping 20.0.0.2 count 1 size 56 timeout 1Show output
PING 20.0.0.2 (20.0.0.2) 56(84) bytes of data. 64 bytes from 20.0.0.2: icmp_seq=1 ttl=63 time=0.564 ms --- 20.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.564/0.564/0.564/0.000 ms
Step 3: Run command traffic policy show at DUT0 and check if output matches the following regular expressions:
1\s+SEL\s+0\s+[1-9]\d*Show output
Policy POL -- ifc eth1 -- hook out prio high --------------------------------------------------------------- rule selector pkts match pkts eval bytes match bytes eval --------------------------------------------------------------- 1 SEL 0 1 0 84 --------------------------------------------------------------- Total 0 1 0 84
Example 3
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth1 traffic policy out POL priority low set traffic selector SEL rule 1 source address 10.0.0.2
Step 2: Ping IP address 20.0.0.2 from DUT1:
admin@DUT1$ ping 20.0.0.2 count 1 size 56 timeout 1Show output
PING 20.0.0.2 (20.0.0.2) 56(84) bytes of data. 64 bytes from 20.0.0.2: icmp_seq=1 ttl=63 time=0.591 ms --- 20.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.591/0.591/0.591/0.000 ms
Step 3: Run command traffic policy show at DUT0 and check if output matches the following regular expressions:
1\s+SEL\s+0\s+[1-9]\d*Show output
Policy POL -- ifc eth1 -- hook out prio low --------------------------------------------------------------- rule selector pkts match pkts eval bytes match bytes eval --------------------------------------------------------------- 1 SEL 0 1 0 84 --------------------------------------------------------------- Total 0 1 0 84
Example 4
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth1 traffic policy out POL priority low set traffic selector SEL rule 1 source address 20.0.0.1
Step 2: Ping IP address 20.0.0.2 from DUT1:
admin@DUT1$ ping 20.0.0.2 count 1 size 56 timeout 1Show output
PING 20.0.0.2 (20.0.0.2) 56(84) bytes of data. 64 bytes from 20.0.0.2: icmp_seq=1 ttl=63 time=0.548 ms --- 20.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.548/0.548/0.548/0.000 ms
Step 3: Run command traffic policy show at DUT0 and check if output matches the following regular expressions:
1\s+SEL\s+[1-9]\d*\s+[1-9]\d*Show output
Policy POL -- ifc eth1 -- hook out prio low --------------------------------------------------------------- rule selector pkts match pkts eval bytes match bytes eval --------------------------------------------------------------- 1 SEL 1 1 84 84 --------------------------------------------------------------- Total 1 1 84 84