Timeout
This scenario shows how to configure the timeout option
in the system offload feature.
Test Expired Offloaded-Flows
Description
In this scenario, the timeout is configured using a low value (only 5 seconds). The default value is 30 seconds. Then, a SSH connection is started from DUT1 to DUT2 to check if the accelerated flow expires after a while.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.0.0.1/24 set interfaces ethernet eth1 address 20.0.0.1/24 set system offload timeout 5
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.0.0.2/24 set protocols static route 0.0.0.0/0 next-hop 10.0.0.1
Step 3: Set the following configuration in DUT2:
set interfaces ethernet eth0 address 20.0.0.2/24 set protocols static route 0.0.0.0/0 next-hop 20.0.0.1 set service ssh
Step 4: Ping IP address 10.0.0.2 from DUT0:
admin@DUT0$ ping 10.0.0.2 count 1 size 56 timeout 1Show output
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.445 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms
Step 5: Ping IP address 20.0.0.2 from DUT0:
admin@DUT0$ ping 20.0.0.2 count 1 size 56 timeout 1Show output
PING 20.0.0.2 (20.0.0.2) 56(84) bytes of data. 64 bytes from 20.0.0.2: icmp_seq=1 ttl=64 time=0.552 ms --- 20.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.552/0.552/0.552/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 20.0.0.2 with the user admin:
admin@DUT1$ ssh admin@20.0.0.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '20.0.0.2' (ED25519) to the list of known hosts. admin@20.0.0.2's password: Welcome to Teldat OSDx 202401241058.f949bb7-v3.9.1.2-snapshot This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Jan 25 00:56:04 2024 admin@osdx$
Step 7: Run command system conntrack show protocol tcp at DUT0 and check if output contains the following tokens:
OFFLOADShow output
tcp 6 src=10.0.0.2 dst=20.0.0.2 sport=39114 dport=22 packets=23 bytes=3513 src=20.0.0.2 dst=10.0.0.2 sport=22 dport=39114 packets=31 bytes=4433 [ASSURED] [OFFLOAD, packets=21 bytes=3401 packets=30 bytes=4373] mark=0 use=2 conntrack v1.4.5 (conntrack-tools): 1 flow entries have been shown.
Step 8: Run command system conntrack show protocol tcp at DUT0 and check if output does not contain the following tokens:
OFFLOADShow output
tcp 6 119 ESTABLISHED src=10.0.0.2 dst=20.0.0.2 sport=39114 dport=22 packets=23 bytes=3513 src=20.0.0.2 dst=10.0.0.2 sport=22 dport=39114 packets=31 bytes=4433 [ASSURED] mark=0 use=1 conntrack v1.4.5 (conntrack-tools): 1 flow entries have been shown.