Traffic Trace
In this chapter, you can find all the available commands to
configure traffic trace, which can be used to generate
information about those packets that traverse a specific
OSDx feature in the network path.
traffic trace can be very useful to debug our configuration
in real-time. The following features can be debugged:
Interface and system
traffic policy.Netflow rulesets (
interfaces <if_type> <if_name> flow).NAT rulesets (
interfaces <if_type> <if_name> traffic nat).Security zones (
traffic zone).
Configuration
This is the syntax to enable traffic trace in a specific
feature:
set traffic trace <trace_feature> <hook> [ selector <selector_name> ]
A traffic selector can be used to only generate information for
those network packets that matches at least one selector rule.
Here you can find more information about traffic
selectors.
For example, to generate information for all packets that go through the
traffic policy rules in system, we could type the following command:
set traffic trace sys-policy all
Monitoring
After committing that change, we could monitor this information using the
operational command traffic trace monitor.
In some scenarios, the above configuration could drop a huge amount of
information. In order to avoid that, you can specify a traffic selector
and/or enable only specific hook.
For example, the following configuration would be more appropriate to generate information about locally generated ICMP-traffic:
set traffic selector ICMP_SELECTOR rule 1 protocol icmp
set traffic trace sys-policy local-out selector ICMP_SELECTOR