OSDx Documentation Logo
v3.9.1.2
  • About
  • Releases

First steps

  • Setting Up
  • Quick Start
  • Licensing
  • CLI Overview
  • Configuration Management

Admin Guide

  • System Administration
  • Articles
  • Troubleshooting
  • Examples
    • Basic
    • Interfaces
      • Bonding
      • Bridge
      • Cellular
        • Traffic
        • Check Connection
        • Check Op Commands
      • Dummy
      • Ethernet
      • Tunnel
      • Vti
      • Wlan
    • Protocols
    • Service
    • System
    • Traffic
    • User-Level
    • Vpn

Command reference

  • Configuration commands
  • Operational commands
OSDx Documentation
  • Examples
  • Interfaces
  • Cellular
  • Traffic
  • Policy
  • Check Link Hook
  • View page source

Check Link Hook

This scenario shows how to attach a traffic policy to the link hook in a Cellular interface. This hook is triggered at a very early stage of the network packet stack (level 2 layer). packet stack.

../../../../../_images/google2.svg

Test Early Packet Drop

Description

A traffic policy is configured in DUT0 to drop all incoming traffic at the link stage. ARP and UDP packets are allowed.

Scenario

Step 1: Set the following configuration in DUT0:

set cellular profile CELPROFILE apn movistar.es
set cellular profile CELPROFILE pin 9922
set interfaces cellular cell0 profile CELPROFILE
set interfaces cellular cell0 address dhcp
set service dns forwarding dhcp interface cell0

Step 2: Ping IP address 8.8.8.8 from DUT0:

admin@DUT0$ ping 8.8.8.8 count 1 size 56 timeout 1
Show output
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=307 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 307.173/307.173/307.173/0.000 ms

Step 3: Set the following configuration in DUT0:

set interfaces cellular cell0 traffic policy link EDROP_POLICY
set traffic policy EDROP_POLICY rule 1 action accept
set traffic policy EDROP_POLICY rule 1 selector ACCEPT_SEL
set traffic policy EDROP_POLICY rule 2 action drop
set traffic selector ACCEPT_SEL rule 1 protocol udp
set traffic selector ACCEPT_SEL rule 2 ether-type arp

Step 4: Expect a failure in the following command: Ping IP address 8.8.8.8 from DUT0:

admin@DUT0$ ping 8.8.8.8 count 1 size 56 timeout 1
Show output
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

Step 5: Run command nslookup www.google.es at DUT0 and check if output matches the following regular expressions:

Server:\s+(\d+\.){3}\d+
Show output
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   www.google.es
Address: 216.58.215.131
Name:   www.google.es
Address: 2a00:1450:4003:80c::2003

Step 6: Run command traffic policy show at DUT0 and check if output matches the following regular expressions:

1\s+ACCEPT_SEL\s+\b[^0]\d*
Show output
Policy EDROP_POLICY -- ifc cell0 -- hook link prio very-high

-----------------------------------------------------------------
rule    selector   pkts match  pkts eval  bytes match  bytes eval
-----------------------------------------------------------------
1      ACCEPT_SEL           3          4          237         321
2      -                    1          1           84          84
-----------------------------------------------------------------
Total                       4          4          321         321
Previous Next

© Copyright 2024, Teldat.

Built with Sphinx using a theme provided by Read the Docs.