.. _example_service_firewall_bypasstests:

############
Bypass Tests
############


.. sidebar:: Contents

  .. contents::
    :depth: 2
    :local:

The following scenario shows different configuration
alternatives to improve the OSDx firewall performance.

.. image:: topology.svg
  :width: 400

*****************
Test Local Bypass
*****************

Description
===========

Builds a scenario with three DUTs in which a performance
test is carried out between DUT1 and DUT2, and DUT0 is the
router running the firewall. "Local bypass" is set
to allow the firewall to internally skips packets belonging
to a flow that must be bypassed. The performance test may
produce better results than the general tests.

Scenario
========

.. include:: bypasstests/testlocalbypass

.. raw:: html

  <hr>

*******************
Test Capture Bypass
*******************

Description
===========

Builds a scenario with three DUTs in which a performance
test is conducted between DUT1 and DUT2, and DUT0 is the
router running the firewall. "Capture bypass" is set
to allow the firewall to mark packets. An external tool
can then decide what to do with the flow when the mark is seen.
For this example, when packet marks are detected, the traffic is
assigned a label, thereby allowing the possibility of classifying traffic.
In particular, labeling avoids traffic from entering the firewall.

Performance must improve considerably compared to the previous
test.

Scenario
========

.. include:: bypasstests/testcapturebypass

.. raw:: html

  <hr>

**************************
Test Simple Capture Bypass
**************************

Description
===========

Builds a scenario with three DUTs in which a performance
test is conducted between DUT1 and DUT2, and DUT0 is the
router running the firewall. This test sets the conntrack
mark directly, thus skipping all the steps required to set
it later.

Performance must improve considerably compared to the previous
test.

Scenario
========

.. include:: bypasstests/testsimplecapturebypass

.. raw:: html

  <hr>

***************************
Test Traffic Early Dropping
***************************

Description
===========

.. include:: xdpfiltering.rst.partial

Scenario
========

.. include:: bypasstests/testtrafficearlydropping

.. raw:: html

  <hr>