Selector
The following scenario shows how to configure different traffic selector rules. Selectors can be used to restrict the traffic affected by other features (like NAT, Netflow, traffic policies, etc).
Test Traffic Selector Rules
Description
This scenario demonstrates how to use traffic selector rules that can be configured as filters to match the desired traffic.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.275 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.275/0.275/0.275/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 2
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 exclude set traffic selector SELECTOR rule 1 not protocol icmp set traffic selector SELECTOR rule 2 destination address 100.0.0.1 set traffic selector SELECTOR rule 3 source address 100.0.0.2
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=3.68 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.681/3.681/3.681/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) --------------------------------------------------------- rule pkts match pkts eval bytes match bytes eval --------------------------------------------------------- 1 (excl.) 0 1 0 84 2 1 1 84 84 3 0 0 0 0 --------------------------------------------------------- Total 1 1 84 84
Example 3
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 destination address 100.0.0.1
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=2.75 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.753/2.753/2.753/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 4
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 dscp 8
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.378 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.378/0.378/0.378/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 5
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 icmp-type echo-reply,echo-request
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.256 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.256/0.256/0.256/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 6
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not ip-option lsrr
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.361 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.361/0.361/0.361/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 7
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 in-interface eth0
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.413 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.413/0.413/0.413/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 8
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 length min 32
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.338 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.338/0.338/0.338/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 9
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not out-interface eth0
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=2.41 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.407/2.407/2.407/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 10
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 pkt-type unicast
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.342 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.342/0.342/0.342/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 11
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 protocol icmp
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.526 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.526/0.526/0.526/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 12
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 source address 100.0.0.2
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.419 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.419/0.419/0.419/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 13
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 state new,established
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=1.34 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.344/1.344/1.344/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 14
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 ttl equal 32
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.267 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.267/0.267/0.267/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 15
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 ttl greater-than 16 set traffic selector SELECTOR rule 1 ttl less-than 64
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.360 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.360/0.360/0.360/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 16
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not destination mac-address 00:00:12:34:56:78
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.297 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.297/0.297/0.297/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 17
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 source mac-address DE:AD:BE:EF:6C:00-DE:AD:BE:EF:6C:FF
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=4.77 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.767/4.767/4.767/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 18
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 ether-type ip,ip6
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.403 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.403/0.403/0.403/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 19
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 header-length min 4
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.348 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.348/0.348/0.348/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 20
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 destination port 8080 set traffic selector SELECTOR rule 1 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 6 6 338 338 ----------------------------------------------------- Total 6 6 338 338
Example 21
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not source port 8080 set traffic selector SELECTOR rule 1 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 6 6 338 338 ----------------------------------------------------- Total 6 6 338 338
Example 22
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not tcp-flags rst set traffic selector SELECTOR rule 1 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 6 6 338 338 ----------------------------------------------------- Total 6 6 338 338
Example 23
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 not tcp-option sack set traffic selector SELECTOR rule 1 tcp-flags syn set traffic selector SELECTOR rule 1 protocol tcp set traffic selector SELECTOR rule 2 not tcp-flags syn set traffic selector SELECTOR rule 2 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 6 60 338 2 5 5 278 278 ----------------------------------------------------- Total 6 6 338 338
Example 24
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 tcp-mss greater-than 1300 set traffic selector SELECTOR rule 1 tcp-flags syn set traffic selector SELECTOR rule 1 protocol tcp set traffic selector SELECTOR rule 2 not tcp-flags syn set traffic selector SELECTOR rule 2 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 6 60 338 2 5 5 278 278 ----------------------------------------------------- Total 6 6 338 338
Example 25
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 tcp-window greater-than 5 set traffic selector SELECTOR rule 1 tcp-flags syn set traffic selector SELECTOR rule 1 protocol tcp set traffic selector SELECTOR rule 2 not tcp-flags syn set traffic selector SELECTOR rule 2 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 6 60 338 2 5 5 278 278 ----------------------------------------------------- Total 6 6 338 338
Example 26
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 destination ipv6-address 2001:d00::/24 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.252 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.252/0.252/0.252/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 27
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 hoplimit greater-than 16 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.271 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.271/0.271/0.271/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 28
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 hoplimit less-than 64 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.232 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.232/0.232/0.232/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 29
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 ipv6-dscp 8 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.379 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.379/0.379/0.379/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 30
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 ipv6-icmp-type echo-reply,echo-request set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.369 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.369/0.369/0.369/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 31
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 protocol ipv6-icmp set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.278 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.278/0.278/0.278/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 2 2 168 168 2 0 0 0 0 ----------------------------------------------------- Total 2 2 168 168
Example 32
Step 1: Set the following configuration in DUT0:
del traffic selector SELECTOR set traffic selector SELECTOR rule 1 source ipv6-address 2001:d00::2 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.288 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.288/0.288/0.288/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104