Mark

The following scenario shows how to filter packets based on the meta mark attribute using traffic selectors.

Test Drop Outgoing ICMP Traffic

Description

This scenario demonstrates how to use the special filter mark to drop outgoing ICMP packets without a packet meta mark in DUT0.

Scenario

Step 1: Set the following configuration in DUT1:

set interfaces ethernet eth0 address 10.0.0.2/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.0.0.1/24
set interfaces ethernet eth0 traffic policy out DROP_UNMARKED
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy DROP_UNMARKED rule 1 action drop
set traffic policy DROP_UNMARKED rule 1 log prefix DROP
set traffic policy DROP_UNMARKED rule 1 selector SEL_UNMARKED
set traffic policy DROP_UNMARKED rule 2 action accept
set traffic policy DROP_UNMARKED rule 2 log prefix BYPASS
set traffic selector SEL_UNMARKED rule 1 mark 0
set traffic selector SEL_UNMARKED rule 1 protocol icmp

Step 3: Ping IP address 10.0.0.2 from DUT0:

admin@DUT0$ ping 10.0.0.2 mark 1 count 1 size 56 timeout 1

Show output

PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.330 ms

--- 10.0.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.330/0.330/0.330/0.000 ms

---