App-Dictionary
These scenarios check the application dictionary support provided by app-detect feature.
Local Storage Application Dictionary
Description
DUT0 configures HTTP and DNS detection. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. Traffic is first generated without a dictionary and connections are verified to be classified only by below-L7 detectors. Then a local dictionary file is loaded and statistics are checked to be empty. An HTTP download verifies FQDN match with local dictionary and performs IP-cache population. A second download verifies IP-cache match. An SSH connection verifies static IP address range match. Finally a DNS lookup and ping verify DNS-host detection with IP-cache lookup.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 address 192.168.2.100/24 set system conntrack app-detect dns-host set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping the IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.720 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.720/0.720/0.720/0.000 ms
Step 5: Run the command file copy http://10.215.168.1/~robot/test_file running://user-data/ force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7350 0 --:--:-- --:--:-- --:--:-- 7400
Step 6: Initiate an SSH connection from DUT0 to IP address 10.215.168.66 using user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.10.0 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue May 19 15:38:25 2026 from 192.168.100.2 admin@osdx$
Step 7: Ping the IP address 10.215.168.64 from DUT1:
admin@DUT1$ ping 10.215.168.64 count 1 size 56 timeout 1Show output
PING 10.215.168.64 (10.215.168.64) 56(84) bytes of data. 64 bytes from 10.215.168.64: icmp_seq=1 ttl=64 time=0.280 ms --- 10.215.168.64 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.280/0.280/0.280/0.000 ms
Step 8: Run the command system conntrack show on DUT0 and expect the following output:
Show output
tcp 6 7 CLOSE src=10.215.168.64 dst=10.215.168.1 sport=58920 dport=80 packets=3 bytes=398 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=58920 packets=3 bytes=1649 mark=0 use=1 appdetect[L4:80] icmp 1 29 src=192.168.2.101 dst=10.215.168.64 type=8 code=0 id=280 packets=1 bytes=84 src=10.215.168.64 dst=192.168.2.101 type=0 code=0 id=280 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] icmp 1 29 src=192.168.2.101 dst=10.215.168.1 type=8 code=0 id=279 packets=1 bytes=84 src=10.215.168.1 dst=10.215.168.64 type=0 code=0 id=279 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=48152 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=48152 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=55398 dport=22 packets=24 bytes=5057 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=55398 packets=21 bytes=4881 [ASSURED] mark=0 use=1 appdetect[L4:22] conntrack v1.4.7 (conntrack-tools): 5 flow entries have been shown.
Step 9: Run the command file copy http://10.215.168.1/~robot/test_dict.gz running://user-data/ force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 12.1M 0 --:--:-- --:--:-- --:--:-- 13.0M
Note
The dictionary file contains the following test entries used in this scenario:
Show output
<app id="30" name="Teldat Test" version="1"> <fqdn_list> <fqdn>10.215.168.1</fqdn> </fqdn_list> </app> <app id="31" name="Teldat Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.64</net_address> <net_mask>255.255.255.192</net_mask> </range> </address_list> </app>
Step 10: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://user-data/test_dict.gz' set system conntrack app-detect enable_dict_match_priv_ip
Step 11: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 12: Run the command system conntrack clear on DUT0.
Step 13: Run the command file copy http://10.215.168.1/~robot/test_file running://user-data/ force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6304 0 --:--:-- --:--:-- --:--:-- 7400
Step 14: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
appdetect\[U128:30\shttp-host:10.215.168.1\]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=48174 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=48174 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 15: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run the command file copy http://10.215.168.1/~robot/test_file running://user-data/ force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6991 0 --:--:-- --:--:-- --:--:-- 7400
Step 17: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 18: Initiate an SSH connection from DUT0 to IP address 10.215.168.66 using user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.10.0 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue May 19 15:39:10 2026 from 10.215.168.64 admin@osdx$
Step 19: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
src=10.215.168.64\sdst=10.215.168.66.*appdetect\[U128:31]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=48182 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=48182 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=48174 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=48174 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=55408 dport=22 packets=24 bytes=5057 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=55408 packets=20 bytes=4793 [ASSURED] mark=0 use=1 appdetect[U128:31] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 20: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 1 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Ping the IP address static.opentok.com from DUT1:
admin@DUT1$ ping static.opentok.com count 1 size 56 timeout 1Show output
PING static.opentok.com (192.168.2.100) 56(84) bytes of data. 64 bytes from static.opentok.com (192.168.2.100): icmp_seq=1 ttl=64 time=0.097 ms --- static.opentok.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.097/0.097/0.097/0.000 ms
Step 22: Run the command system conntrack show on DUT0 and expect the following output:
Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=48182 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=48182 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=34277 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34277 packets=1 bytes=64 mark=0 use=1 appdetect[U128:31] icmp 1 29 src=192.168.2.101 dst=192.168.2.100 type=8 code=0 id=281 packets=1 bytes=84 src=192.168.2.100 dst=192.168.2.101 type=0 code=0 id=281 packets=1 bytes=84 mark=0 use=1 appdetect[U128:12] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=35827 dport=53 packets=1 bytes=72 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35827 packets=1 bytes=104 mark=0 use=1 appdetect[U128:31] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=48174 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=48174 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=57666 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57666 packets=1 bytes=80 mark=0 use=1 appdetect[U128:31 dns-host:static.opentok.com] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=55408 dport=22 packets=24 bytes=5057 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=55408 packets=20 bytes=4793 [ASSURED] mark=0 use=1 appdetect[U128:31] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 23: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 4 Matches in IP-cache 2 Modifications in IP-cache 2 Matches in dynamic dictionaries 3 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
CLI Custom Application Dictionary
Description
DUT0 configures HTTP detection with a custom dictionary defined via CLI. DUT1 acts as a client behind DUT0 and downloads a file via HTTP. The connection is verified to be classified with the custom App-ID on the first request through FQDN match, and on subsequent requests through IP-cache.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 address 192.168.2.100/24 set system conntrack app-detect dictionary 1 local app-id custom 42 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 1 local app-id custom 42 name 'Teldat Test' set system conntrack app-detect dictionary 2 local app-id custom 43 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 2 local app-id custom 43 name 'Teldat Test' set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping the IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.832 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.832/0.832/0.832/0.000 ms
Step 5: Run the command system conntrack clear on DUT0.
Step 6: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 7: Run the command system conntrack clear on DUT0.
Step 8: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 11843 0 --:--:-- --:--:-- --:--:-- 12333
Step 9: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
appdetect\[U6:42\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=51484 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51484 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59231 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59231 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=55784 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=55784 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U6:42 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 10: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 11: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 10413 0 --:--:-- --:--:-- --:--:-- 12333
Step 12: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Remote Application Dictionary
Description
DUT0 configures HTTP detection with a remote application dictionary served by a categorization server. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. A traffic policy drops uncategorized traffic until the remote dictionary classifies it. Traffic belonging to the remote dictionary protocol is allowed.
Phase 1: HTTP-host detection triggers a remote dictionary lookup in override mode and the connection is classified with the remote App-ID.
Phase 2: DNS-host detection is added so classification happens at DNS resolution time and populates the IP-cache.
Phase 3: App-detect chained storage mode is enabled and the full App-ID chain is verified.
Phase 4: An alarm is configured to detect communication errors with the remote dictionary server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth0 traffic policy out POL set interfaces ethernet eth1 address 192.168.2.100/24 set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+pqw6f6kmM0gwzXTKHnUu4NINXo9uavEQ= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19EebtYNOOh04NUvyID53QpYpuANTMdKCQsJRTulb/W3RrX/zwLQIu7 set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/kd4+GBr/NaBWbszgMNrrcWCRZWQR7zUw= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/zEf/z/MBoGixmGolKWFFgBgBrWdR9lzdpSUwRsJMK3exJu6jsSImf set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping the IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.605 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.605/0.605/0.605/0.000 ms
Step 5: Run the command system conntrack clear on DUT0.
Step 6: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run the command system journal show | tail -n 200 on DUT0 and expect the following output:
Show output
May 19 15:40:39.000209 osdx systemd-timedated[465099]: Changed local time to Tue 2026-05-19 15:40:39 UTC May 19 15:40:39.001309 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'set date 2026-05-19 15:40:39'. May 19 15:40:39.003378 osdx systemd-journald[2275]: Time jumped backwards, rotating. May 19 15:40:39.293534 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:40:39.295384 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:40:39.295437 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:40:39.302469 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:40:39.519801 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:40:39.753455 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:40:39.830639 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.2.100/24'. May 19 15:40:39.901180 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 15:40:39.952133 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic nat source rule 1 address masquerade'. May 19 15:40:40.047240 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy out POL'. May 19 15:40:40.099053 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'. May 19 15:40:40.196261 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'. May 19 15:40:40.247090 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'. May 19 15:40:40.338055 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'. May 19 15:40:40.391130 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'. May 19 15:40:40.489762 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'. May 19 15:40:40.538013 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'. May 19 15:40:40.644860 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'. May 19 15:40:40.704895 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'. May 19 15:40:40.786790 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'. May 19 15:40:40.839244 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'. May 19 15:40:40.947100 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'. May 19 15:40:41.008926 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'. May 19 15:40:41.090553 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'. May 19 15:40:41.143858 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'. May 19 15:40:41.240333 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'. May 19 15:40:41.292592 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'. May 19 15:40:41.381287 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'. May 19 15:40:41.432839 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. May 19 15:40:41.528175 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'. May 19 15:40:41.580627 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. May 19 15:40:41.676929 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'. May 19 15:40:41.746180 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:40:41.844060 osdx ubnt-cfgd[465160]: inactive May 19 15:40:41.906565 osdx INFO[465201]: FRR daemons did not change May 19 15:40:42.011385 osdx kernel: nfUDPlink: module init May 19 15:40:42.011435 osdx kernel: app-detect: module init May 19 15:40:42.011445 osdx kernel: app-detect: registered: sysctl net.appdetect May 19 15:40:42.011453 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 May 19 15:40:42.011462 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 May 19 15:40:42.011470 osdx kernel: app-detect: registered: /proc/net/stat/appdetect May 19 15:40:42.015388 osdx kernel: app-detect: expression init May 19 15:40:42.015422 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) May 19 15:40:42.015430 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) May 19 15:40:42.019393 osdx kernel: app-detect: selected hash dict hash table with 13 hash bits and 8192 buckets for max 5000 entries (supported range 2^8...2^20) May 19 15:40:42.019423 osdx kernel: app-detect: allocated memory for hash table with 8192 buckets (65536 bytes) May 19 15:40:42.019436 osdx kernel: app-detect: allocated memory for 5000 hash entries (520000 bytes) May 19 15:40:42.019444 osdx kernel: app-detect: CNAME database reallocated to 5000 entries May 19 15:40:42.031462 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) May 19 15:40:42.031525 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:42.031550 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:42.031565 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:42.031588 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) May 19 15:40:42.031604 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ May 19 15:40:42.031618 osdx kernel: app-detect: set type of dict _remote_ to remote May 19 15:40:42.031633 osdx kernel: app-detect: user set num_hash_entries=40000 May 19 15:40:42.031647 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) May 19 15:40:42.031662 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) May 19 15:40:42.031676 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) May 19 15:40:42.031691 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 May 19 15:40:42.031705 osdx kernel: app-detect: enable remote dictionary _remote_ May 19 15:40:42.031724 osdx kernel: app-detect: dictionary _remote_ enabled May 19 15:40:42.031739 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:42.031753 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 19 15:40:42.031769 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:42.031784 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:42.035402 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) May 19 15:40:42.035448 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:42.035465 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 19 15:40:42.035480 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:42.035495 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) May 19 15:40:42.035509 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ May 19 15:40:42.035523 osdx kernel: app-detect: set type of dict _remote_ to remote May 19 15:40:42.035542 osdx kernel: app-detect: user set num_hash_entries=40000 May 19 15:40:42.035556 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) May 19 15:40:42.035580 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) May 19 15:40:42.035596 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) May 19 15:40:42.035610 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 May 19 15:40:42.035624 osdx kernel: app-detect: enable remote dictionary _remote_ May 19 15:40:42.035637 osdx kernel: app-detect: dictionary _remote_ enabled May 19 15:40:42.035651 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:42.035665 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 19 15:40:42.035679 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 19 15:40:42.035693 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:42.035706 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:42.045223 osdx INFO[465238]: Updated /etc/default/osdx_tcatd.conf May 19 15:40:42.045265 osdx INFO[465238]: Restarting Traffic Categorization (TCATD) service ... May 19 15:40:42.088351 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... May 19 15:40:42.350863 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. May 19 15:40:42.351908 osdx osdx-tcatd[465242]: Dict_client. rdict_num 2 mark 5555 local-vrf May 19 15:40:42.351988 osdx osdx-tcatd[465242]: Dict_client. ERROR (dict 2) 7 (Couldn't connect to server): Unable to connect to server May 19 15:40:42.352064 osdx osdx-tcatd[465242]: Dict_client. rdict_num 1 mark 5555 local-vrf May 19 15:40:42.352097 osdx osdx-tcatd[465242]: Dict_client. ERROR (dict 1) 7 (Couldn't connect to server): Unable to connect to server May 19 15:40:42.383389 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:40:42.431186 osdx WARNING[465334]: No supported link modes on interface eth0 May 19 15:40:42.432512 osdx modulelauncher[465334]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:40:42.432523 osdx modulelauncher[465334]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:40:42.433648 osdx modulelauncher[465334]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:40:42.433654 osdx modulelauncher[465334]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:40:42.463414 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 May 19 15:40:42.502329 osdx WARNING[465409]: No supported link modes on interface eth1 May 19 15:40:42.503624 osdx modulelauncher[465409]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on May 19 15:40:42.503634 osdx modulelauncher[465409]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. May 19 15:40:42.504745 osdx modulelauncher[465409]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- May 19 15:40:42.504752 osdx modulelauncher[465409]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:40:42.896492 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:40:42.897392 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:40:42.915462 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:40:45.447300 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system conntrack clear'. May 19 15:40:45.577397 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:39234/10.215.168.1:80 May 19 15:40:45.577459 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:39234/10.215.168.1:80 May 19 15:40:45.577468 osdx kernel: app-detect: dictionary search for enterprise.opentok.com May 19 15:40:45.577476 osdx kernel: app-detect: search in dict _remote_, prio 1 May 19 15:40:45.577483 osdx kernel: app-detect: search in dict _remote_, prio 2 May 19 15:40:45.577499 osdx osdx-tcatd[465242]: UDP_Server. Read 27 bytes May 19 15:40:45.577506 osdx osdx-tcatd[465242]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com May 19 15:40:45.577523 osdx osdx-tcatd[465242]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} May 19 15:40:45.577535 osdx osdx-tcatd[465242]: UDP_Server. Read 27 bytes May 19 15:40:45.577537 osdx osdx-tcatd[465242]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com May 19 15:40:45.577550 osdx osdx-tcatd[465242]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} May 19 15:40:45.585915 osdx osdx-tcatd[465242]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} May 19 15:40:45.585930 osdx osdx-tcatd[465242]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 May 19 15:40:45.585970 osdx osdx-tcatd[465242]: UDP_Server. Sent 38 bytes May 19 15:40:45.586140 osdx osdx-tcatd[465242]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} May 19 15:40:45.586152 osdx osdx-tcatd[465242]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 May 19 15:40:45.586178 osdx osdx-tcatd[465242]: UDP_Server. Sent 38 bytes May 19 15:40:45.587389 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) May 19 15:40:45.587427 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:45.587436 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 19 15:40:45.587443 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote May 19 15:40:45.587451 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:45.587458 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:45.587465 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds May 19 15:40:45.587472 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) May 19 15:40:45.587484 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:45.587491 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 19 15:40:45.587498 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 19 15:40:45.587505 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:45.587512 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:45.587520 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Step 8: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443Show output
udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=42219 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42219 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=53968 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=53968 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=39234 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=39234 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=53235 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=53235 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=41325 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41325 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=53966 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=53966 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 9: Run the command traffic selector RDICT show on DUT0 and check whether the output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth0 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 22 39 3318 6023 ----------------------------------------------------- Total 22 39 3318 6023
Step 10: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
tcp.*dport=80.*packets=[1-9].*appdetect\[L4:80\shttp-host:enterprise.opentok.com\]Show output
udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=42219 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42219 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=53968 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=53968 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=39234 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=39234 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=53235 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=53235 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=41325 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41325 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=53966 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=53966 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 11: Run the command system conntrack clear on DUT1.
Step 12: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 10457 0 --:--:-- --:--:-- --:--:-- 12333 admin@osdx$
Step 13: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=47410 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47410 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=39238 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=39238 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=42219 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42219 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=53968 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=53968 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=39234 dport=80 packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=39234 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=53235 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=53235 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=41325 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41325 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=53966 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=53966 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 14: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 4m57s892ms
Step 15: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run the command system conntrack clear on DUT0.
Step 17: Run the command system conntrack clear on DUT1.
Step 18: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6155 0 --:--:-- --:--:-- --:--:-- 7400
Step 19: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=50710 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=50710 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=41347 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41347 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 20: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth0 traffic policy out POL set interfaces ethernet eth1 address 192.168.2.100/24 set system conntrack app-detect app-id-storage override set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1//PyGzx5GiSrnWhTSkW/0zQUJK4n+blDI= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18TDU8MBdS90Op5DJhI7TEjkSeRPXsSNi83y7DHth6e+9io1I6+RvLr set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/wFXQRS2TCwafVSsvrCCOHXplyXhb1Nfg= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+vmjexUyGKit/E2IYlVgjpBKTW5A816aHG4qmw66X2dFj1UwEvKSO9 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 22: Run the command system conntrack clear on DUT0.
Step 23: Run the command nslookup enterprise.opentok.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 24: Run the command nslookup www.gamblingteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 25: Run the command nslookup www.newspaperteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 26: Run the command system conntrack show on DUT0 and expect the following output:
Show output
tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36080 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36080 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=53459 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53459 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=38878 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38878 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59984 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59984 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=54436 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54436 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 29 src=127.0.0.1 dst=127.0.0.1 sport=53235 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=53235 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36094 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36094 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=35523 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35523 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=49996 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=49996 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 27: Run the command nslookup enterprise.opentok.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 28: Run the command nslookup www.gamblingteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 29: Run the command nslookup www.newspaperteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 30: Run the command system conntrack show on DUT0 and expect the following output:
Show output
tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36080 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36080 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=53459 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53459 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=38878 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38878 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59042 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59042 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=51635 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51635 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=59984 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59984 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=54436 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54436 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=40455 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40455 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=34161 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34161 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=53235 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=53235 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36094 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36094 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=35523 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35523 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=49996 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=49996 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=33529 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=33529 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=44624 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44624 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] conntrack v1.4.7 (conntrack-tools): 15 flow entries have been shown.
Step 31: Run the command system journal show | tail -n 200 on DUT0 and expect the following output:
Show output
May 19 15:40:53.647594 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote May 19 15:40:53.647612 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:53.647627 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 19 15:40:53.647642 osdx kernel: app-detect: freed hash table May 19 15:40:53.647659 osdx kernel: app-detect: freed memory for hashes+appids May 19 15:40:53.647682 osdx kernel: app-detect: dictionary _remote_ deleted May 19 15:40:53.647698 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:53.647713 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote May 19 15:40:53.647730 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:53.647744 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:53.647759 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) May 19 15:40:53.647774 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:53.647788 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote May 19 15:40:53.647803 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:53.647818 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) May 19 15:40:53.647833 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ May 19 15:40:53.647848 osdx kernel: app-detect: set type of dict _remote_ to remote May 19 15:40:53.647862 osdx kernel: app-detect: user set num_hash_entries=40000 May 19 15:40:53.647877 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) May 19 15:40:53.647897 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) May 19 15:40:53.647911 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) May 19 15:40:53.647926 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 May 19 15:40:53.647940 osdx kernel: app-detect: enable remote dictionary _remote_ May 19 15:40:53.647954 osdx kernel: app-detect: dictionary _remote_ enabled May 19 15:40:53.647971 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:53.647985 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 19 15:40:53.647999 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote May 19 15:40:53.648013 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:53.648027 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:53.651395 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) May 19 15:40:53.651433 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:53.651445 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 19 15:40:53.651455 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 19 15:40:53.651465 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:53.651475 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:53.651485 osdx kernel: app-detect: dictionary _remote_ disabled May 19 15:40:53.651495 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:53.651504 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 19 15:40:53.651514 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:53.651524 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote (target_dict) May 19 15:40:53.651534 osdx kernel: app-detect: freed hash table May 19 15:40:53.651544 osdx kernel: app-detect: freed memory for hashes+appids May 19 15:40:53.651558 osdx kernel: app-detect: dictionary _remote_ deleted May 19 15:40:53.651568 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:53.651585 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 19 15:40:53.651595 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:53.651605 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:53.651614 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) May 19 15:40:53.651624 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:53.651633 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 19 15:40:53.651642 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:53.651652 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) May 19 15:40:53.651661 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ May 19 15:40:53.651671 osdx kernel: app-detect: set type of dict _remote_ to remote May 19 15:40:53.651682 osdx kernel: app-detect: user set num_hash_entries=40000 May 19 15:40:53.651692 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) May 19 15:40:53.651707 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) May 19 15:40:53.651716 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) May 19 15:40:53.651726 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 May 19 15:40:53.651735 osdx kernel: app-detect: enable remote dictionary _remote_ May 19 15:40:53.651746 osdx kernel: app-detect: dictionary _remote_ enabled May 19 15:40:53.651756 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:53.651764 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 19 15:40:53.651773 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 19 15:40:53.651782 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:53.651792 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:53.658980 osdx INFO[465673]: Updated /etc/default/osdx_tcatd.conf May 19 15:40:53.659021 osdx INFO[465673]: Restarting Traffic Categorization (TCATD) service ... May 19 15:40:53.669111 osdx osdx-tcatd[465242]: UDP_Server. Received STOP signal. Cleanup May 19 15:40:53.669178 osdx osdx-tcatd[465242]: Dict_client. Cleanup May 19 15:40:53.669217 osdx systemd[1]: Stopping osdx-tcatd.service - App-Detect Traffic Categorization daemon... May 19 15:40:53.672486 osdx systemd[1]: osdx-tcatd.service: Deactivated successfully. May 19 15:40:53.672692 osdx systemd[1]: Stopped osdx-tcatd.service - App-Detect Traffic Categorization daemon. May 19 15:40:53.692159 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... May 19 15:40:53.953606 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. May 19 15:40:53.954583 osdx osdx-tcatd[465677]: Dict_client. rdict_num 2 mark 5555 local-vrf May 19 15:40:53.962461 osdx osdx-tcatd[465677]: Dict_client. rdict_num 1 mark 5555 local-vrf May 19 15:40:54.228299 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:40:54.228800 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:40:54.243539 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:40:54.375918 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system conntrack clear'. May 19 15:40:56.600226 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:35523/10.215.168.66:53 May 19 15:40:56.600493 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:35523/10.215.168.66:53 May 19 15:40:56.600510 osdx kernel: app-detect: dictionary search for enterprise.opentok.com May 19 15:40:56.600518 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com May 19 15:40:56.600525 osdx kernel: app-detect: search in dict _remote_, prio 1 May 19 15:40:56.600533 osdx kernel: app-detect: search in dict _remote_, prio 2 May 19 15:40:56.600603 osdx osdx-tcatd[465677]: UDP_Server. Read 27 bytes May 19 15:40:56.600611 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com May 19 15:40:56.600632 osdx osdx-tcatd[465677]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} May 19 15:40:56.600645 osdx osdx-tcatd[465677]: UDP_Server. Read 27 bytes May 19 15:40:56.600647 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com May 19 15:40:56.600653 osdx osdx-tcatd[465677]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} May 19 15:40:56.601521 osdx osdx-tcatd[465677]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} May 19 15:40:56.601535 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 May 19 15:40:56.601573 osdx osdx-tcatd[465677]: UDP_Server. Sent 38 bytes May 19 15:40:56.601782 osdx osdx-tcatd[465677]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} May 19 15:40:56.601796 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 May 19 15:40:56.601836 osdx osdx-tcatd[465677]: UDP_Server. Sent 38 bytes May 19 15:40:56.603381 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) May 19 15:40:56.603396 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:56.603404 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 19 15:40:56.603412 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 19 15:40:56.603419 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:56.603426 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:56.603435 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds May 19 15:40:56.603445 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) May 19 15:40:56.603453 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:56.603460 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 19 15:40:56.603467 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote May 19 15:40:56.603475 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:56.603482 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:56.603489 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds May 19 15:40:56.690028 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:59984/10.215.168.66:53 May 19 15:40:56.690296 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:59984/10.215.168.66:53 May 19 15:40:56.690307 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com May 19 15:40:56.690315 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com May 19 15:40:56.690323 osdx kernel: app-detect: search in dict _remote_, prio 1 May 19 15:40:56.690331 osdx kernel: app-detect: search in dict _remote_, prio 2 May 19 15:40:56.690387 osdx osdx-tcatd[465677]: UDP_Server. Read 27 bytes May 19 15:40:56.690394 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.gamblingteldat.com May 19 15:40:56.690411 osdx osdx-tcatd[465677]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} May 19 15:40:56.690422 osdx osdx-tcatd[465677]: UDP_Server. Read 27 bytes May 19 15:40:56.690424 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.gamblingteldat.com May 19 15:40:56.690431 osdx osdx-tcatd[465677]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} May 19 15:40:56.691281 osdx osdx-tcatd[465677]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} May 19 15:40:56.691296 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.gamblingteldat.com TTL 172800 AppID:8200000F May 19 15:40:56.691341 osdx osdx-tcatd[465677]: UDP_Server. Sent 38 bytes May 19 15:40:56.691398 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) May 19 15:40:56.691413 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:56.691423 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 19 15:40:56.691434 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote May 19 15:40:56.691444 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:56.691454 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:56.691465 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds May 19 15:40:56.691476 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) May 19 15:40:56.691486 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:56.691496 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 19 15:40:56.691506 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 19 15:40:56.691516 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:56.691526 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:56.691536 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds May 19 15:40:56.691441 osdx osdx-tcatd[465677]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} May 19 15:40:56.691448 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.gamblingteldat.com TTL 172800 AppID:83000019 May 19 15:40:56.691475 osdx osdx-tcatd[465677]: UDP_Server. Sent 38 bytes May 19 15:40:56.785675 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:53459/10.215.168.66:53 May 19 15:40:56.785915 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:53459/10.215.168.66:53 May 19 15:40:56.785926 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com May 19 15:40:56.785934 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com May 19 15:40:56.785941 osdx kernel: app-detect: search in dict _remote_, prio 1 May 19 15:40:56.785949 osdx kernel: app-detect: search in dict _remote_, prio 2 May 19 15:40:56.786016 osdx osdx-tcatd[465677]: UDP_Server. Read 28 bytes May 19 15:40:56.786023 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.newspaperteldat.com May 19 15:40:56.786039 osdx osdx-tcatd[465677]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} May 19 15:40:56.786049 osdx osdx-tcatd[465677]: UDP_Server. Read 28 bytes May 19 15:40:56.786051 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.newspaperteldat.com May 19 15:40:56.786057 osdx osdx-tcatd[465677]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} May 19 15:40:56.786897 osdx osdx-tcatd[465677]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} May 19 15:40:56.786909 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.newspaperteldat.com TTL 172800 AppID:8300005C May 19 15:40:56.786934 osdx osdx-tcatd[465677]: UDP_Server. Sent 39 bytes May 19 15:40:56.787193 osdx osdx-tcatd[465677]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} May 19 15:40:56.787206 osdx osdx-tcatd[465677]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.newspaperteldat.com TTL 172800 AppID:82000004 May 19 15:40:56.787244 osdx osdx-tcatd[465677]: UDP_Server. Sent 39 bytes May 19 15:40:56.787391 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) May 19 15:40:56.787406 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:56.787416 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 19 15:40:56.787426 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 19 15:40:56.787436 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:56.787448 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:56.787458 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds May 19 15:40:56.787468 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) May 19 15:40:56.787478 osdx kernel: app-detect: linked list of enabled dicts: May 19 15:40:56.787488 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 19 15:40:56.787498 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote May 19 15:40:56.787508 osdx kernel: app-detect: linked list of disabled dicts: May 19 15:40:56.787517 osdx kernel: app-detect: (empty, no dicts) May 19 15:40:56.787526 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds May 19 15:40:56.883625 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system conntrack show'. May 19 15:40:57.967003 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:40455/10.215.168.66:53 May 19 15:40:57.967382 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:40455/10.215.168.66:53 May 19 15:40:57.967395 osdx kernel: app-detect: dictionary search for enterprise.opentok.com May 19 15:40:57.967403 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com May 19 15:40:57.967425 osdx kernel: app-detect: search in dict _remote_, prio 1 May 19 15:40:57.967433 osdx kernel: app-detect: appid 82000007 found in hash dictionary May 19 15:40:57.967441 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache May 19 15:40:58.049177 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:33529/10.215.168.66:53 May 19 15:40:58.049474 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:33529/10.215.168.66:53 May 19 15:40:58.049484 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com May 19 15:40:58.049492 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com May 19 15:40:58.049500 osdx kernel: app-detect: search in dict _remote_, prio 1 May 19 15:40:58.049508 osdx kernel: app-detect: appid 8200000f found in hash dictionary May 19 15:40:58.049515 osdx kernel: app-detect: add address 192.168.2.10, appids 8200000f to cache May 19 15:40:58.142637 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:44624/10.215.168.66:53 May 19 15:40:58.142852 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:44624/10.215.168.66:53 May 19 15:40:58.142863 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com May 19 15:40:58.142880 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com May 19 15:40:58.142887 osdx kernel: app-detect: search in dict _remote_, prio 1 May 19 15:40:58.142895 osdx kernel: app-detect: appid 82000004 found in hash dictionary May 19 15:40:58.142902 osdx kernel: app-detect: add address 192.168.2.20, appids 82000004 to cache May 19 15:40:58.243351 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system conntrack show'.
Step 32: Run the command system conntrack app-detect show ip-cache on DUT0 and expect the following output:
Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s284ms 192.168.2.10 U130:15 28s368ms 192.168.2.20 U130:4 28s460ms
Step 33: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s224ms 192.168.2.10 U130:15 28s308ms 192.168.2.20 U130:4 28s400ms
Step 34: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
192.168.2.10\s*.*U130:15Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s124ms 192.168.2.10 U130:15 28s208ms 192.168.2.20 U130:4 28s300ms
Step 35: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
192.168.2.20\s*.*U130:4Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s64ms 192.168.2.10 U130:15 28s148ms 192.168.2.20 U130:4 28s240ms
Step 36: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth0 traffic policy out POL set interfaces ethernet eth1 address 192.168.2.100/24 set system conntrack app-detect app-id-storage chained set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18gbUq/wDVVP2uyGzdX7bER76eUyrztiWw= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+Iy5jCq7J7yjsVCoAk1ZRbPilhvZtroAvHZgtZ3E+99e2/qnhW/SeZ set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/g713UOY6oef7lkvU16qWOeBc+goMZ1xk= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+yYmSPaWlk0WehRMYi5sldBUG0m7CqRoOC1hi82sfJxHtF6z0VFMlP set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 37: Run the command system conntrack clear on DUT0.
Step 38: Run the command system conntrack clear on DUT0.
Step 39: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 40: Run the command system conntrack clear on DUT1.
Step 41: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5995 0 --:--:-- --:--:-- --:--:-- 6166
Step 42: Run the command system conntrack clear on DUT1.
Step 43: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6287 0 --:--:-- --:--:-- --:--:-- 7400
Step 44: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
appdetect\[(U130:7;U131:88|U131:88;U130:7);L3:6;L4:80\shttp-host:enterprise.opentok.com\]Show output
tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=58924 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=58924 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=41820 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=41820 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=45944 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45944 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=41804 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=41804 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:80 http-host:enterprise.opentok.com] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=41824 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=41824 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=58932 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=58932 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=55030 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55030 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=43221 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=43221 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=53235 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=53235 packets=2 bytes=132 mark=0 use=1 appdetect[L3:17;L4:49000] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 45: Run the command nslookup www.gamblingteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 46: Run the command nslookup www.newspaperteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 47: Run the command nslookup www.gamblingteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 48: Run the command nslookup www.newspaperteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 49: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
10.215.168.1\s*.*(U130:7;U131:88|U131:88;U130:7)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m55s232ms 192.168.2.10 U130:15;U131:25 28s828ms 192.168.2.20 U130:4;U131:92 28s908ms
Step 50: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
192.168.2.10\s*.*(U130:15;U131:25|U131:25;U130:15)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m55s172ms 192.168.2.10 U130:15;U131:25 28s768ms 192.168.2.20 U130:4;U131:92 28s848ms
Step 51: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
192.168.2.20\s*.*(U130:4;U131:92|U131:92;U130:4)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m55s76ms 192.168.2.10 U130:15;U131:25 28s672ms 192.168.2.20 U130:4;U131:92 28s752ms
Step 52: Modify the following configuration lines in DUT0 :
set system alarm DICTERROR1 set system alarm DICTERROR2 set system conntrack app-detect dictionary 1 remote alarm connection-error DICTERROR1 set system conntrack app-detect dictionary 2 remote alarm connection-error DICTERROR2
Step 53: Run the command system alarm show on DUT0 and check whether the output matches the following regular expressions:
DICTERROR1\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 54: Run the command system alarm show on DUT0 and check whether the output matches the following regular expressions:
DICTERROR2\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 55: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19gteIHtukguE0tSMhgjcRFHHxPFp9lN40= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18grgQEAdXtypngJIfQuYyneR1fP24Aac0=
Step 56: Run the command system conntrack clear on DUT0.
Step 57: Run the command system conntrack clear on DUT1.
Step 58: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 3 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 59: Run the command system alarm show on DUT0 and check whether the output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+trueShow output
--------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) --------------------------------------------------------------------------------------------- DICTERROR1 true 2026-05-19 15:41:13.125360+00:00 1 72.61 DICTERROR2 true 2026-05-19 15:41:13.125490+00:00 1 72.64
Step 60: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+KMXM+CzmIVrDYJ0qrjyowm/CrlzxCxQs= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/e/jXw+jKxYyNUGezF+DFuNrdPqgKs/vc=
Step 61: Run the command system conntrack clear on DUT0.
Step 62: Run the command system conntrack clear on DUT1.
Step 63: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 3 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 64: Run the command system alarm show on DUT0 and check whether the output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+falseShow output
----------------------------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) ----------------------------------------------------------------------------------------------------------------- DICTERROR1 false 2026-05-19 15:41:19.374156+00:00 2026-05-19 15:41:13.125360+00:00 2 47.59 DICTERROR2 false 2026-05-19 15:41:19.373921+00:00 2026-05-19 15:41:13.125490+00:00 2 47.60
Remote Application Dictionary run in a VRF
Description
DUT0 configures HTTP detection with a remote application dictionary running in a separate VRF. DUT1 acts as a client behind DUT0. The test verifies that remote dictionary protocol traffic uses the VRF and HTTP connections are classified.
Phase 1: Using the local-vrf option to specify the VRF for the remote dictionary protocol.
Phase 2: Using the local-interface option with an interface assigned to the VRF.
Phase 3: Using the local-address option to source from an address on an interface in the VRF.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth0 traffic policy out POL set interfaces ethernet eth0 vrf MYVRF set interfaces ethernet eth1 address 192.168.2.100/24 set interfaces ethernet eth1 vrf MYVRF set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/kd5K3TrY79pgkhaydyBiFmljy3uK8fmU= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/SmqomKXl0DjVsH1OQJjwBJX8rhu4HLeU5HThe2SKXUHttLiM+LV+m set system conntrack app-detect dictionary 1 remote local-vrf MYVRF set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 1 remote vrf-mark MYVRF set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX191bdPdqheuGgQ3fkC36aZettApBSy7GWE= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+gicW0JJM5gA8ePiBf541dpx60kVgkV8C+Acb8xRvqS7/LjNkNolij set system conntrack app-detect dictionary 2 remote local-vrf MYVRF set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote vrf-mark MYVRF set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf MYVRF set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 vrf-mark MYVRF set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping the IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.475 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.475/0.475/0.475/0.000 ms
Step 5: Run the command system conntrack clear on DUT0.
Step 6: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=48210 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=48210 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=44000 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44000 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=33455 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=33455 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=40514 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40514 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=36445 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36445 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=48212 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=48212 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 8: Run the command traffic selector RDICT show on DUT0 and check whether the output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth0 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 22 42 3318 6351 ----------------------------------------------------- Total 22 42 3318 6351
Step 9: Run the command system conntrack clear on DUT1.
Step 10: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 12325 0 --:--:-- --:--:-- --:--:-- 18500 admin@osdx$
Step 11: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=48210 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=48210 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=44000 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44000 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=33455 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=33455 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=53278 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53278 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=40514 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40514 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=44016 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44016 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=36445 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36445 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=48212 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=48212 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 12: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-vrf delete system conntrack app-detect dictionary 2 remote local-vrf set system conntrack app-detect dictionary 1 remote local-interface eth1 set system conntrack app-detect dictionary 2 remote local-interface eth1
Step 13: Run the command system conntrack clear on DUT0.
Step 14: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 15: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38608 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38608 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=59706 dport=443 vrf=MYVRF packets=14 bytes=1875 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=59706 vrf=MYVRF packets=12 bytes=3700 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 9 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=44000 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44000 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=33455 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=33455 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3598 ESTABLISHED src=10.215.168.1 dst=10.215.168.64 sport=443 dport=59700 vrf=MYVRF packets=9 bytes=2088 src=10.215.168.64 dst=10.215.168.1 sport=59700 dport=443 vrf=MYVRF packets=10 bytes=1142 [ASSURED] mark=0 use=1 appdetect[L4:59700] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=51965 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51965 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 16: Run the command system conntrack clear on DUT1.
Step 17: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 10496 0 --:--:-- --:--:-- --:--:-- 12333 admin@osdx$
Step 18: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=53924 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53924 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38608 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38608 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=59706 dport=443 vrf=MYVRF packets=14 bytes=1875 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=59706 vrf=MYVRF packets=12 bytes=3700 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=38624 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38624 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=44000 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44000 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=33455 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=33455 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3595 ESTABLISHED src=10.215.168.1 dst=10.215.168.64 sport=443 dport=59700 vrf=MYVRF packets=9 bytes=2088 src=10.215.168.64 dst=10.215.168.1 sport=59700 dport=443 vrf=MYVRF packets=10 bytes=1142 [ASSURED] mark=0 use=1 appdetect[L4:59700] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=51965 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51965 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 19: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-interface delete system conntrack app-detect dictionary 2 remote local-interface set system conntrack app-detect dictionary 1 remote local-address 10.215.168.64 set system conntrack app-detect dictionary 2 remote local-address 10.215.168.64
Step 20: Run the command system conntrack clear on DUT0.
Step 21: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 22: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 9 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=38608 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38608 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=34256 dport=443 vrf=MYVRF packets=14 bytes=1875 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34256 vrf=MYVRF packets=12 bytes=3700 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38640 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38640 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=33455 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=33455 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=48079 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48079 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34244 vrf=MYVRF packets=9 bytes=2088 src=10.215.168.64 dst=10.215.168.1 sport=34244 dport=443 vrf=MYVRF packets=10 bytes=1142 [ASSURED] mark=0 use=1 appdetect[L4:34244] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 23: Run the command system conntrack clear on DUT1.
Step 24: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 12449 0 --:--:-- --:--:-- --:--:-- 18500 admin@osdx$
Step 25: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=38608 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38608 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=34256 dport=443 vrf=MYVRF packets=14 bytes=1875 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34256 vrf=MYVRF packets=12 bytes=3700 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=38648 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38648 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38640 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38640 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=33455 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=33455 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=39011 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=39011 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=48079 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48079 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34244 vrf=MYVRF packets=9 bytes=2088 src=10.215.168.64 dst=10.215.168.1 sport=34244 dport=443 vrf=MYVRF packets=10 bytes=1142 [ASSURED] mark=0 use=1 appdetect[L4:34244] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.