.. _example_service_firewall_bypasstests:

############
Bypass Tests
############


.. sidebar:: Contents

  .. contents::
    :depth: 2
    :local:

The following scenario shows different configuration
alternatives to improve the OSDx firewall performance.

.. image:: topology.svg
  :width: 400

*****************
Test Local Bypass
*****************

Description
===========

Builds a scenario with three DUTs in which a performance
test is carried out between DUT1 and DUT2, and DUT0 is the
router running the firewall. "Local bypass" is set
to allow the firewall to internally skips packets belonging
to a flow that must be bypassed. The performance test may
produce better results than the general tests.

Scenario
========

.. include:: bypasstests/testlocalbypass

.. raw:: html

  <hr>

*************************************
Test Capture Bypass Using Packet Mark
*************************************

Description
===========

Builds a scenario with three DUTs in which a performance
test is conducted between DUT1 and DUT2, and DUT0 is the
router running the firewall. "Capture bypass" is set
to allow the firewall to mark packets. An external tool
can then decide what to do with the flow when the mark is seen.
For this example, when packet marks are detected, the traffic is
assigned a label, thereby allowing the possibility of classifying traffic.
In particular, labeling avoids traffic from entering the firewall.

Performance must improve considerably compared to the Local Bypass
test.

Scenario
========

.. include:: bypasstests/testcapturebypassusingpacketmark

.. raw:: html

  <hr>

****************************************
Test Capture Bypass Using Conntrack Mark
****************************************

Description
===========

Builds a scenario with three DUTs in which a performance
test is conducted between DUT1 and DUT2, and DUT0 is the
router running the firewall. This test sets the conntrack
mark directly, thus skipping all the steps required to set
it later.

Performance must improve considerably compared to the Local Bypass
test.

Then, the test is broaden by configuring "Capture bypass drop"
to also avoid dropped packets from entering the firewall.

Scenario
========

.. include:: bypasstests/testcapturebypassusingconntrackmark

.. raw:: html

  <hr>

************************
Test Capture And Offload
************************

Description
===========

Builds a scenario with three DUTs in which a performance
test is conducted between DUT1 and DUT2, and DUT0 is the
router running the firewall. This test sets the conntrack
mark directly, thus skipping all the steps required to set
it later. In addition, OSDx is instructed to accelerate
the flow using internal accelerators.

Performance must improve considerably compared to the previous
test, to reach its top value.

Scenario
========

.. include:: bypasstests/testcaptureandoffload

.. raw:: html

  <hr>

***************************
Test Traffic Early Dropping
***************************

Description
===========

.. include:: xdpfiltering.rst.partial

Scenario
========

.. include:: bypasstests/testtrafficearlydropping

.. raw:: html

  <hr>