App-Dictionary
These scenarios check the application dictionary support provided by app-detect feature.
Local Storage Application Dictionary
Description
DUT0 configures HTTP and DNS detection. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. Traffic is first generated without a dictionary and connections are verified to be classified only by below-L7 detectors. Then a local dictionary file is loaded and statistics are checked to be empty. An HTTP download verifies FQDN match with local dictionary and performs IP-cache population. A second download verifies IP-cache match. An SSH connection verifies static IP address range match. Finally a DNS lookup and ping verify DNS-host detection with IP-cache lookup.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 address 192.168.2.100/24 set system conntrack app-detect dns-host set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping the IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.722 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.722/0.722/0.722/0.000 ms
Step 5: Run the command file copy http://10.215.168.1/~robot/test_file running://user-data/ force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 13962 0 --:--:-- --:--:-- --:--:-- 18500
Step 6: Initiate an SSH connection from DUT0 to IP address 10.215.168.66 using user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.10.1 This system includes free software. Contact Teldat for licenses information and source code. Last login: Wed Jun 3 11:08:54 2026 from 10.0.0.2 admin@osdx$
Step 7: Ping the IP address 10.215.168.64 from DUT1:
admin@DUT1$ ping 10.215.168.64 count 1 size 56 timeout 1Show output
PING 10.215.168.64 (10.215.168.64) 56(84) bytes of data. 64 bytes from 10.215.168.64: icmp_seq=1 ttl=64 time=0.626 ms --- 10.215.168.64 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.626/0.626/0.626/0.000 ms
Step 8: Run the command system conntrack show on DUT0 and expect the following output:
Show output
icmp 1 29 src=192.168.2.101 dst=10.215.168.1 type=8 code=0 id=585 packets=1 bytes=84 src=10.215.168.1 dst=10.215.168.64 type=0 code=0 id=585 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] icmp 1 29 src=192.168.2.101 dst=10.215.168.64 type=8 code=0 id=586 packets=1 bytes=84 src=10.215.168.64 dst=192.168.2.101 type=0 code=0 id=586 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=47436 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=47436 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=38138 dport=22 packets=24 bytes=5057 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=38138 packets=20 bytes=4793 [ASSURED] mark=0 use=1 appdetect[L4:22] conntrack v1.4.7 (conntrack-tools): 4 flow entries have been shown.
Step 9: Run the command file copy http://10.215.168.1/~robot/test_dict.gz running://user-data/ force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 16.7M 0 --:--:-- --:--:-- --:--:-- 21.6M
Note
The dictionary file contains the following test entries used in this scenario:
Show output
<app id="30" name="Teldat Test" version="1"> <fqdn_list> <fqdn>10.215.168.1</fqdn> </fqdn_list> </app> <app id="31" name="Teldat Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.64</net_address> <net_mask>255.255.255.192</net_mask> </range> </address_list> </app>
Step 10: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://user-data/test_dict.gz' set system conntrack app-detect enable_dict_match_priv_ip
Step 11: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 12: Run the command system conntrack clear on DUT0.
Step 13: Run the command file copy http://10.215.168.1/~robot/test_file running://user-data/ force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 13607 0 --:--:-- --:--:-- --:--:-- 18500
Step 14: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
appdetect\[U128:30\shttp-host:10.215.168.1\]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=47454 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=47454 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 15: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run the command file copy http://10.215.168.1/~robot/test_file running://user-data/ force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 9334 0 --:--:-- --:--:-- --:--:-- 12333
Step 17: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 18: Initiate an SSH connection from DUT0 to IP address 10.215.168.66 using user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.10.1 This system includes free software. Contact Teldat for licenses information and source code. Last login: Wed Jun 3 11:37:29 2026 from 10.215.168.64 admin@osdx$
Step 19: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
src=10.215.168.64\sdst=10.215.168.66.*appdetect\[U128:31]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=59440 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59440 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=47454 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=47454 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=41558 dport=22 packets=24 bytes=5057 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=41558 packets=21 bytes=4881 [ASSURED] mark=0 use=1 appdetect[U128:31] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 20: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 1 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Ping the IP address static.opentok.com from DUT1:
admin@DUT1$ ping static.opentok.com count 1 size 56 timeout 1Show output
PING static.opentok.com (192.168.2.100) 56(84) bytes of data. 64 bytes from static.opentok.com (192.168.2.100): icmp_seq=1 ttl=64 time=0.196 ms --- static.opentok.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.196/0.196/0.196/0.000 ms
Step 22: Run the command system conntrack show on DUT0 and expect the following output:
Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=59440 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59440 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=47454 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=47454 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=43195 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=43195 packets=1 bytes=64 mark=0 use=1 appdetect[U128:31] icmp 1 29 src=192.168.2.101 dst=192.168.2.100 type=8 code=0 id=587 packets=1 bytes=84 src=192.168.2.100 dst=192.168.2.101 type=0 code=0 id=587 packets=1 bytes=84 mark=0 use=1 appdetect[U128:12] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=41558 dport=22 packets=24 bytes=5057 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=41558 packets=21 bytes=4881 [ASSURED] mark=0 use=1 appdetect[U128:31] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=53719 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53719 packets=1 bytes=80 mark=0 use=1 appdetect[U128:31 dns-host:static.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59059 dport=53 packets=1 bytes=72 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59059 packets=1 bytes=104 mark=0 use=1 appdetect[U128:31] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 23: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 4 Matches in IP-cache 2 Modifications in IP-cache 2 Matches in dynamic dictionaries 3 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
CLI Custom Application Dictionary
Description
DUT0 configures HTTP detection with a custom dictionary defined via CLI. DUT1 acts as a client behind DUT0 and downloads a file via HTTP. The connection is verified to be classified with the custom App-ID on the first request through FQDN match, and on subsequent requests through IP-cache.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 address 192.168.2.100/24 set system conntrack app-detect dictionary 1 local app-id custom 42 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 1 local app-id custom 42 name 'Teldat Test' set system conntrack app-detect dictionary 2 local app-id custom 43 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 2 local app-id custom 43 name 'Teldat Test' set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping the IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.662 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.662/0.662/0.662/0.000 ms
Step 5: Run the command system conntrack clear on DUT0.
Step 6: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 7: Run the command system conntrack clear on DUT0.
Step 8: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 8472 0 --:--:-- --:--:-- --:--:-- 9250
Step 9: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
appdetect\[U6:42\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=48241 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48241 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=42852 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=42852 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U6:42 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=37322 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37322 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 10: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 11: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 9475 0 --:--:-- --:--:-- --:--:-- 12333
Step 12: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Remote Application Dictionary
Description
DUT0 configures HTTP detection with a remote application dictionary served by a categorization server. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. A traffic policy drops uncategorized traffic until the remote dictionary classifies it. Traffic belonging to the remote dictionary protocol is allowed.
Phase 1: HTTP-host detection triggers a remote dictionary lookup in override mode and the connection is classified with the remote App-ID.
Phase 2: DNS-host detection is added so classification happens at DNS resolution time and populates the IP-cache.
Phase 3: App-detect chained storage mode is enabled and the full App-ID chain is verified.
Phase 4: An alarm is configured to detect communication errors with the remote dictionary server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth0 traffic policy out POL set interfaces ethernet eth1 address 192.168.2.100/24 set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/CgImBJPFe+jwpwUqKs5oR+OEXHX15n2g= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+BrRHTy+i0fJtP7foJSPL6ANcYxdZ0p6pXA1zk/kPeJyqy+Nm5GB4c set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/LFpzomHH9sa3TkPouk78+JKhyjsjZ874= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/pqZpGO6IaL5kBSRjaeHa9mea0FsLpV0x8oNIUm8OPWaIwoWn5hrgu set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping the IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=7.73 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 7.732/7.732/7.732/0.000 ms
Step 5: Run the command system conntrack clear on DUT0.
Step 6: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run the command system journal show | tail -n 200 on DUT0 and expect the following output:
Show output
Jun 03 11:39:02.000219 osdx systemd-timedated[187684]: Changed local time to Wed 2026-06-03 11:39:02 UTC Jun 03 11:39:02.000989 osdx systemd-journald[2151]: Time jumped backwards, rotating. Jun 03 11:39:02.001882 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'set date 2026-06-03 11:39:02'. Jun 03 11:39:02.357040 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.9M, max 13.8M, 11.8M free. Jun 03 11:39:02.361020 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:39:02.361095 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:39:02.369306 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:39:02.695563 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:39:02.953358 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:39:03.048505 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.2.100/24'. Jun 03 11:39:03.144255 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 03 11:39:03.266780 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic nat source rule 1 address masquerade'. Jun 03 11:39:03.331556 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy out POL'. Jun 03 11:39:03.488500 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'. Jun 03 11:39:03.569586 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'. Jun 03 11:39:03.668847 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'. Jun 03 11:39:03.725285 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'. Jun 03 11:39:03.858956 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'. Jun 03 11:39:03.930770 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'. Jun 03 11:39:04.024353 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'. Jun 03 11:39:04.102623 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'. Jun 03 11:39:04.190528 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'. Jun 03 11:39:04.272999 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'. Jun 03 11:39:04.346274 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'. Jun 03 11:39:04.471962 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'. Jun 03 11:39:04.544684 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'. Jun 03 11:39:04.641509 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'. Jun 03 11:39:04.779836 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'. Jun 03 11:39:04.887980 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'. Jun 03 11:39:05.017401 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'. Jun 03 11:39:05.101342 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'. Jun 03 11:39:05.213471 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 03 11:39:05.294020 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'. Jun 03 11:39:05.391856 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Jun 03 11:39:05.465430 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'. Jun 03 11:39:05.641709 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:39:05.771223 osdx ubnt-cfgd[187745]: inactive Jun 03 11:39:05.881249 osdx INFO[187786]: FRR daemons did not change Jun 03 11:39:05.989219 osdx kernel: nfUDPlink: module init Jun 03 11:39:05.993029 osdx kernel: app-detect: module init Jun 03 11:39:05.993079 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 03 11:39:05.993091 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Jun 03 11:39:05.993101 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Jun 03 11:39:05.993111 osdx kernel: app-detect: registered: /proc/net/stat/appdetect Jun 03 11:39:05.993126 osdx kernel: app-detect: expression init Jun 03 11:39:05.993136 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Jun 03 11:39:05.993146 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Jun 03 11:39:05.997003 osdx kernel: app-detect: selected hash dict hash table with 13 hash bits and 8192 buckets for max 5000 entries (supported range 2^8...2^20) Jun 03 11:39:05.997042 osdx kernel: app-detect: allocated memory for hash table with 8192 buckets (65536 bytes) Jun 03 11:39:05.997055 osdx kernel: app-detect: allocated memory for 5000 hash entries (520000 bytes) Jun 03 11:39:05.997065 osdx kernel: app-detect: CNAME database reallocated to 5000 entries Jun 03 11:39:06.009037 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Jun 03 11:39:06.009108 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:06.009122 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:06.009130 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:06.009137 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Jun 03 11:39:06.009145 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Jun 03 11:39:06.009152 osdx kernel: app-detect: set type of dict _remote_ to remote Jun 03 11:39:06.009160 osdx kernel: app-detect: user set num_hash_entries=40000 Jun 03 11:39:06.009167 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Jun 03 11:39:06.009179 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Jun 03 11:39:06.009190 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Jun 03 11:39:06.009199 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Jun 03 11:39:06.009206 osdx kernel: app-detect: enable remote dictionary _remote_ Jun 03 11:39:06.009215 osdx kernel: app-detect: dictionary _remote_ enabled Jun 03 11:39:06.009222 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:06.009229 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 03 11:39:06.009241 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:06.009255 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:06.012997 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Jun 03 11:39:06.013037 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:06.013055 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 03 11:39:06.013087 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:06.013096 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Jun 03 11:39:06.013104 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Jun 03 11:39:06.013112 osdx kernel: app-detect: set type of dict _remote_ to remote Jun 03 11:39:06.013122 osdx kernel: app-detect: user set num_hash_entries=40000 Jun 03 11:39:06.013130 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Jun 03 11:39:06.013137 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Jun 03 11:39:06.013145 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Jun 03 11:39:06.013152 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Jun 03 11:39:06.013159 osdx kernel: app-detect: enable remote dictionary _remote_ Jun 03 11:39:06.013166 osdx kernel: app-detect: dictionary _remote_ enabled Jun 03 11:39:06.013178 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:06.013193 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 03 11:39:06.013204 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 03 11:39:06.013212 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:06.013219 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:06.021846 osdx INFO[187823]: Updated /etc/default/osdx_tcatd.conf Jun 03 11:39:06.021917 osdx INFO[187823]: Restarting Traffic Categorization (TCATD) service ... Jun 03 11:39:06.059048 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Jun 03 11:39:06.418660 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Jun 03 11:39:06.420353 osdx osdx-tcatd[187827]: Dict_client. rdict_num 2 mark 5555 local-vrf Jun 03 11:39:06.420487 osdx osdx-tcatd[187827]: Dict_client. ERROR (dict 2) 7 (Couldn't connect to server): Unable to connect to server Jun 03 11:39:06.420754 osdx osdx-tcatd[187827]: Dict_client. rdict_num 1 mark 5555 local-vrf Jun 03 11:39:06.420814 osdx osdx-tcatd[187827]: Dict_client. ERROR (dict 1) 7 (Couldn't connect to server): Unable to connect to server Jun 03 11:39:06.457006 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:39:06.523621 osdx WARNING[187919]: No supported link modes on interface eth0 Jun 03 11:39:06.525706 osdx modulelauncher[187919]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:39:06.525718 osdx modulelauncher[187919]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:39:06.527420 osdx modulelauncher[187919]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:39:06.527432 osdx modulelauncher[187919]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:39:06.569013 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jun 03 11:39:06.622037 osdx WARNING[187994]: No supported link modes on interface eth1 Jun 03 11:39:06.623845 osdx modulelauncher[187994]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Jun 03 11:39:06.623861 osdx modulelauncher[187994]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Jun 03 11:39:06.625224 osdx modulelauncher[187994]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:39:06.625233 osdx modulelauncher[187994]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:39:07.095518 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:39:07.096202 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:39:07.112929 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:39:10.461456 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system conntrack clear'. Jun 03 11:39:10.617000 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:56182/10.215.168.1:80 Jun 03 11:39:10.617095 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:56182/10.215.168.1:80 Jun 03 11:39:10.617110 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Jun 03 11:39:10.617123 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 03 11:39:10.617136 osdx kernel: app-detect: search in dict _remote_, prio 2 Jun 03 11:39:10.617120 osdx osdx-tcatd[187827]: UDP_Server. Read 27 bytes Jun 03 11:39:10.617124 osdx osdx-tcatd[187827]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Jun 03 11:39:10.617141 osdx osdx-tcatd[187827]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Jun 03 11:39:10.617153 osdx osdx-tcatd[187827]: UDP_Server. Read 27 bytes Jun 03 11:39:10.617156 osdx osdx-tcatd[187827]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Jun 03 11:39:10.617172 osdx osdx-tcatd[187827]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Jun 03 11:39:10.631126 osdx osdx-tcatd[187827]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Jun 03 11:39:10.631146 osdx osdx-tcatd[187827]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Jun 03 11:39:10.631204 osdx osdx-tcatd[187827]: UDP_Server. Sent 38 bytes Jun 03 11:39:10.631611 osdx osdx-tcatd[187827]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Jun 03 11:39:10.631623 osdx osdx-tcatd[187827]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Jun 03 11:39:10.631662 osdx osdx-tcatd[187827]: UDP_Server. Sent 38 bytes Jun 03 11:39:10.633022 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Jun 03 11:39:10.633062 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:10.633074 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 03 11:39:10.633083 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 03 11:39:10.633090 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:10.633097 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:10.633104 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Jun 03 11:39:10.633112 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Jun 03 11:39:10.633119 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:10.633132 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 03 11:39:10.633139 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Jun 03 11:39:10.633146 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:10.633153 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:10.633167 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Step 8: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443Show output
tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=54240 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=54240 packets=9 bytes=3381 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=40169 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40169 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=54234 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=54234 packets=9 bytes=3381 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=56100 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56100 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=58611 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58611 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=56182 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=56182 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 9: Run the command traffic selector RDICT show on DUT0 and check whether the output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth0 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 21 38 3266 5971 ----------------------------------------------------- Total 21 38 3266 5971
Step 10: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
tcp.*dport=80.*packets=[1-9].*appdetect\[L4:80\shttp-host:enterprise.opentok.com\]Show output
tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=54240 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=54240 packets=9 bytes=3381 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=40169 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40169 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=54234 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=54234 packets=9 bytes=3381 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=56100 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56100 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=58611 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58611 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=56182 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=56182 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 11: Run the command system conntrack clear on DUT1.
Step 12: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7643 0 --:--:-- --:--:-- --:--:-- 9250 admin@osdx$
Step 13: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=56194 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=56194 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=33263 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=33263 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=54240 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=54240 packets=9 bytes=3381 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=40169 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40169 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=54234 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=54234 packets=9 bytes=3381 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=56100 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56100 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=58611 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58611 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=56182 dport=80 packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=56182 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 14: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 4m57s940ms
Step 15: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run the command system conntrack clear on DUT0.
Step 17: Run the command system conntrack clear on DUT1.
Step 18: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7569 0 --:--:-- --:--:-- --:--:-- 9250
Step 19: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=56202 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=56202 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=48616 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48616 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 20: Run the command system conntrack app-detect show on DUT0 and expect the following output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth0 traffic policy out POL set interfaces ethernet eth1 address 192.168.2.100/24 set system conntrack app-detect app-id-storage override set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18frmai0zQzGiYpM+3TLDrrOJbUTJncQ6M= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19HvAzpqFA7UUAq/1Vj/Mn8y2HQ/jaL6C57gWcDZMoUJQAQ702L5Huj set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18VgjfowjQrGp9f/6ligF0GdTfmpMIwsYU= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/DxW0gs/dvE8Wp7DO2v01k4jAV0BSpjpEaCf29s8fq40oU/VBJn6tp set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 22: Run the command system conntrack clear on DUT0.
Step 23: Run the command nslookup enterprise.opentok.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 24: Run the command nslookup www.gamblingteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 25: Run the command nslookup www.newspaperteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 26: Run the command system conntrack show on DUT0 and expect the following output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=43610 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=43610 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=53158 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=53158 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=57021 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57021 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=42778 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42778 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] tcp 6 3599 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=53166 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=53166 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=38539 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38539 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=127.0.0.1 dst=127.0.0.1 sport=40169 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40169 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=39680 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=39680 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=45327 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45327 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 27: Run the command nslookup enterprise.opentok.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 28: Run the command nslookup www.gamblingteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 29: Run the command nslookup www.newspaperteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 30: Run the command system conntrack show on DUT0 and expect the following output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59730 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59730 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=47213 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47213 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=43610 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=43610 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=53158 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=53158 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=57021 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57021 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=42778 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42778 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59352 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59352 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=53166 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=53166 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=38539 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38539 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=40169 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40169 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=37942 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37942 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=39680 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=39680 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=45327 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45327 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=48887 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48887 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=57151 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57151 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] conntrack v1.4.7 (conntrack-tools): 15 flow entries have been shown.
Step 31: Run the command system journal show | tail -n 200 on DUT0 and expect the following output:
Show output
Jun 03 11:39:19.181204 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Jun 03 11:39:19.181218 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:19.181225 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 03 11:39:19.181232 osdx kernel: app-detect: freed hash table Jun 03 11:39:19.181241 osdx kernel: app-detect: freed memory for hashes+appids Jun 03 11:39:19.181255 osdx kernel: app-detect: dictionary _remote_ deleted Jun 03 11:39:19.181264 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:19.181273 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Jun 03 11:39:19.181281 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:19.181288 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:19.181296 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Jun 03 11:39:19.181303 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:19.181312 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Jun 03 11:39:19.181320 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:19.181326 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Jun 03 11:39:19.181333 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Jun 03 11:39:19.181341 osdx kernel: app-detect: set type of dict _remote_ to remote Jun 03 11:39:19.181348 osdx kernel: app-detect: user set num_hash_entries=40000 Jun 03 11:39:19.181355 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Jun 03 11:39:19.181368 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Jun 03 11:39:19.181375 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Jun 03 11:39:19.181383 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Jun 03 11:39:19.181390 osdx kernel: app-detect: enable remote dictionary _remote_ Jun 03 11:39:19.181397 osdx kernel: app-detect: dictionary _remote_ enabled Jun 03 11:39:19.181405 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:19.181412 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 03 11:39:19.181419 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Jun 03 11:39:19.181426 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:19.181433 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:19.181440 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Jun 03 11:39:19.181447 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:19.181454 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 03 11:39:19.181461 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 03 11:39:19.181469 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:19.181476 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:19.181483 osdx kernel: app-detect: dictionary _remote_ disabled Jun 03 11:39:19.181490 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:19.181497 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 03 11:39:19.181504 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:19.181511 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote (target_dict) Jun 03 11:39:19.181518 osdx kernel: app-detect: freed hash table Jun 03 11:39:19.181526 osdx kernel: app-detect: freed memory for hashes+appids Jun 03 11:39:19.181535 osdx kernel: app-detect: dictionary _remote_ deleted Jun 03 11:39:19.181542 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:19.181551 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 03 11:39:19.181559 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:19.181566 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:19.181573 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Jun 03 11:39:19.181580 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:19.181587 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 03 11:39:19.181594 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:19.181601 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Jun 03 11:39:19.181608 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Jun 03 11:39:19.181615 osdx kernel: app-detect: set type of dict _remote_ to remote Jun 03 11:39:19.181622 osdx kernel: app-detect: user set num_hash_entries=40000 Jun 03 11:39:19.181629 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Jun 03 11:39:19.181636 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Jun 03 11:39:19.185008 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Jun 03 11:39:19.185058 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Jun 03 11:39:19.185072 osdx kernel: app-detect: enable remote dictionary _remote_ Jun 03 11:39:19.185083 osdx kernel: app-detect: dictionary _remote_ enabled Jun 03 11:39:19.185100 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:19.185111 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 03 11:39:19.185122 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 03 11:39:19.185134 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:19.185145 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:19.193595 osdx INFO[188257]: Updated /etc/default/osdx_tcatd.conf Jun 03 11:39:19.193643 osdx INFO[188257]: Restarting Traffic Categorization (TCATD) service ... Jun 03 11:39:19.200827 osdx osdx-tcatd[187827]: UDP_Server. Received STOP signal. Cleanup Jun 03 11:39:19.200867 osdx osdx-tcatd[187827]: Dict_client. Cleanup Jun 03 11:39:19.200940 osdx systemd[1]: Stopping osdx-tcatd.service - App-Detect Traffic Categorization daemon... Jun 03 11:39:19.203474 osdx systemd[1]: osdx-tcatd.service: Deactivated successfully. Jun 03 11:39:19.203606 osdx systemd[1]: Stopped osdx-tcatd.service - App-Detect Traffic Categorization daemon. Jun 03 11:39:19.221545 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Jun 03 11:39:19.503466 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Jun 03 11:39:19.504536 osdx osdx-tcatd[188261]: Dict_client. rdict_num 2 mark 5555 local-vrf Jun 03 11:39:19.513075 osdx osdx-tcatd[188261]: Dict_client. rdict_num 1 mark 5555 local-vrf Jun 03 11:39:19.727573 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:39:19.728127 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:39:19.744311 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:39:19.883420 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system conntrack clear'. Jun 03 11:39:22.132180 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:38539/10.215.168.66:53 Jun 03 11:39:22.132552 osdx osdx-tcatd[188261]: UDP_Server. Read 27 bytes Jun 03 11:39:22.132562 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Jun 03 11:39:22.132580 osdx osdx-tcatd[188261]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Jun 03 11:39:22.133081 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:38539/10.215.168.66:53 Jun 03 11:39:22.133103 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Jun 03 11:39:22.133147 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Jun 03 11:39:22.133164 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 03 11:39:22.133180 osdx kernel: app-detect: search in dict _remote_, prio 2 Jun 03 11:39:22.132593 osdx osdx-tcatd[188261]: UDP_Server. Read 27 bytes Jun 03 11:39:22.132595 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Jun 03 11:39:22.132601 osdx osdx-tcatd[188261]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Jun 03 11:39:22.133664 osdx osdx-tcatd[188261]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Jun 03 11:39:22.133679 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Jun 03 11:39:22.133716 osdx osdx-tcatd[188261]: UDP_Server. Sent 38 bytes Jun 03 11:39:22.133845 osdx osdx-tcatd[188261]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Jun 03 11:39:22.133863 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Jun 03 11:39:22.133904 osdx osdx-tcatd[188261]: UDP_Server. Sent 38 bytes Jun 03 11:39:22.136991 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Jun 03 11:39:22.137027 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:22.137040 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 03 11:39:22.137051 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 03 11:39:22.137062 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:22.137073 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:22.137085 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Jun 03 11:39:22.137096 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Jun 03 11:39:22.137112 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:22.137123 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 03 11:39:22.137134 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Jun 03 11:39:22.137145 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:22.137156 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:22.137166 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Jun 03 11:39:22.234789 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:43610/10.215.168.66:53 Jun 03 11:39:22.235150 osdx osdx-tcatd[188261]: UDP_Server. Read 27 bytes Jun 03 11:39:22.235157 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.gamblingteldat.com Jun 03 11:39:22.235182 osdx osdx-tcatd[188261]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Jun 03 11:39:22.235194 osdx osdx-tcatd[188261]: UDP_Server. Read 27 bytes Jun 03 11:39:22.235196 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.gamblingteldat.com Jun 03 11:39:22.235203 osdx osdx-tcatd[188261]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Jun 03 11:39:22.236160 osdx osdx-tcatd[188261]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Jun 03 11:39:22.236175 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.gamblingteldat.com TTL 172800 AppID:83000019 Jun 03 11:39:22.236224 osdx osdx-tcatd[188261]: UDP_Server. Sent 38 bytes Jun 03 11:39:22.236387 osdx osdx-tcatd[188261]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Jun 03 11:39:22.236399 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.gamblingteldat.com TTL 172800 AppID:8200000F Jun 03 11:39:22.236440 osdx osdx-tcatd[188261]: UDP_Server. Sent 38 bytes Jun 03 11:39:22.236999 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:43610/10.215.168.66:53 Jun 03 11:39:22.237037 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Jun 03 11:39:22.237050 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Jun 03 11:39:22.237062 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 03 11:39:22.237073 osdx kernel: app-detect: search in dict _remote_, prio 2 Jun 03 11:39:22.237084 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Jun 03 11:39:22.237095 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:22.237106 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 03 11:39:22.237117 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 03 11:39:22.237128 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:22.237144 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:22.237155 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Jun 03 11:39:22.237167 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Jun 03 11:39:22.237184 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:22.237195 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 03 11:39:22.237207 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Jun 03 11:39:22.237224 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:22.237235 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:22.237245 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Jun 03 11:39:22.335762 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:42778/10.215.168.66:53 Jun 03 11:39:22.336136 osdx osdx-tcatd[188261]: UDP_Server. Read 28 bytes Jun 03 11:39:22.336143 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.newspaperteldat.com Jun 03 11:39:22.336160 osdx osdx-tcatd[188261]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Jun 03 11:39:22.336172 osdx osdx-tcatd[188261]: UDP_Server. Read 28 bytes Jun 03 11:39:22.336178 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.newspaperteldat.com Jun 03 11:39:22.336184 osdx osdx-tcatd[188261]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Jun 03 11:39:22.337025 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:42778/10.215.168.66:53 Jun 03 11:39:22.337080 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Jun 03 11:39:22.337093 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Jun 03 11:39:22.337105 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 03 11:39:22.337117 osdx kernel: app-detect: search in dict _remote_, prio 2 Jun 03 11:39:22.337128 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Jun 03 11:39:22.337139 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:22.337150 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 03 11:39:22.337161 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 03 11:39:22.337178 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:22.337191 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:22.337201 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Jun 03 11:39:22.337082 osdx osdx-tcatd[188261]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} Jun 03 11:39:22.337090 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.newspaperteldat.com TTL 172800 AppID:8300005C Jun 03 11:39:22.337132 osdx osdx-tcatd[188261]: UDP_Server. Sent 39 bytes Jun 03 11:39:22.337286 osdx osdx-tcatd[188261]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} Jun 03 11:39:22.337291 osdx osdx-tcatd[188261]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.newspaperteldat.com TTL 172800 AppID:82000004 Jun 03 11:39:22.337316 osdx osdx-tcatd[188261]: UDP_Server. Sent 39 bytes Jun 03 11:39:22.340994 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Jun 03 11:39:22.341013 osdx kernel: app-detect: linked list of enabled dicts: Jun 03 11:39:22.341021 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 03 11:39:22.341029 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Jun 03 11:39:22.341036 osdx kernel: app-detect: linked list of disabled dicts: Jun 03 11:39:22.341044 osdx kernel: app-detect: (empty, no dicts) Jun 03 11:39:22.341050 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Jun 03 11:39:22.446037 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system conntrack show'. Jun 03 11:39:23.535916 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:48887/10.215.168.66:53 Jun 03 11:39:23.537025 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:48887/10.215.168.66:53 Jun 03 11:39:23.537078 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Jun 03 11:39:23.537093 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Jun 03 11:39:23.537103 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 03 11:39:23.537115 osdx kernel: app-detect: appid 82000007 found in hash dictionary Jun 03 11:39:23.537125 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache Jun 03 11:39:23.652547 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:57151/10.215.168.66:53 Jun 03 11:39:23.657006 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:57151/10.215.168.66:53 Jun 03 11:39:23.657060 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Jun 03 11:39:23.657079 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Jun 03 11:39:23.657094 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 03 11:39:23.657105 osdx kernel: app-detect: appid 8200000f found in hash dictionary Jun 03 11:39:23.657116 osdx kernel: app-detect: add address 192.168.2.10, appids 8200000f to cache Jun 03 11:39:23.744949 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:47213/10.215.168.66:53 Jun 03 11:39:23.749026 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:47213/10.215.168.66:53 Jun 03 11:39:23.749105 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Jun 03 11:39:23.749119 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Jun 03 11:39:23.749129 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 03 11:39:23.749150 osdx kernel: app-detect: appid 82000004 found in hash dictionary Jun 03 11:39:23.749160 osdx kernel: app-detect: add address 192.168.2.20, appids 82000004 to cache Jun 03 11:39:23.866309 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system conntrack show'.
Step 32: Run the command system conntrack app-detect show ip-cache on DUT0 and expect the following output:
Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s124ms 192.168.2.10 U130:15 28s244ms 192.168.2.20 U130:4 28s336ms
Step 33: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s52ms 192.168.2.10 U130:15 28s172ms 192.168.2.20 U130:4 28s264ms
Step 34: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
192.168.2.10\s*.*U130:15Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s936ms 192.168.2.10 U130:15 28s56ms 192.168.2.20 U130:4 28s148ms
Step 35: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
192.168.2.20\s*.*U130:4Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s840ms 192.168.2.10 U130:15 27s960ms 192.168.2.20 U130:4 28s52ms
Step 36: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth0 traffic policy out POL set interfaces ethernet eth1 address 192.168.2.100/24 set system conntrack app-detect app-id-storage chained set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1//Vg+nc43ecVm/mZDxm4gWCo6V8N/gcS8= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18TJ374HeJrjxDztpDsRiZzrpd6RZhs2X4+vTYeZ0o/b+jeNN2N9o5n set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19HoAM5LswxImh8KZb1B3AYN+9XQPyNsrU= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18qrO9cx41K7XibshmA/i4hXo3Pg+TXE0CJ1J1DefGFiRELlHX5Rtlc set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 37: Run the command system conntrack clear on DUT0.
Step 38: Run the command system conntrack clear on DUT0.
Step 39: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 40: Run the command system conntrack clear on DUT1.
Step 41: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6621 0 --:--:-- --:--:-- --:--:-- 7400
Step 42: Run the command system conntrack clear on DUT1.
Step 43: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 4648 0 --:--:-- --:--:-- --:--:-- 5285
Step 44: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
appdetect\[(U130:7;U131:88|U131:88;U130:7);L3:6;L4:80\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=41158 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=41158 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=50975 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50975 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=46324 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=46324 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=45437 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45437 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=41150 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=41150 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59369 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59369 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=40169 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40169 packets=2 bytes=132 mark=0 use=1 appdetect[L3:17;L4:49000] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=46332 dport=443 packets=3 bytes=480 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=46332 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=41144 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=41144 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 45: Run the command nslookup www.gamblingteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 46: Run the command nslookup www.newspaperteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 47: Run the command nslookup www.gamblingteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 48: Run the command nslookup www.newspaperteldat.com dns-server 10.215.168.66 on DUT1 and expect the following output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 49: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
10.215.168.1\s*.*(U130:7;U131:88|U131:88;U130:7)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m54s924ms 192.168.2.10 U130:15;U131:25 28s796ms 192.168.2.20 U130:4;U131:92 28s884ms
Step 50: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
192.168.2.10\s*.*(U130:15;U131:25|U131:25;U130:15)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m54s840ms 192.168.2.10 U130:15;U131:25 28s712ms 192.168.2.20 U130:4;U131:92 28s800ms
Step 51: Run the command system conntrack app-detect show ip-cache on DUT0 and check whether the output matches the following regular expressions:
192.168.2.20\s*.*(U130:4;U131:92|U131:92;U130:4)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m54s708ms 192.168.2.10 U130:15;U131:25 28s580ms 192.168.2.20 U130:4;U131:92 28s668ms
Step 52: Modify the following configuration lines in DUT0 :
set system alarm DICTERROR1 set system alarm DICTERROR2 set system conntrack app-detect dictionary 1 remote alarm connection-error DICTERROR1 set system conntrack app-detect dictionary 2 remote alarm connection-error DICTERROR2
Step 53: Run the command system alarm show on DUT0 and check whether the output matches the following regular expressions:
DICTERROR1\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 54: Run the command system alarm show on DUT0 and check whether the output matches the following regular expressions:
DICTERROR2\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 55: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/Sqfx9MFZKv9BwF5igDTvL/PotWe9KTGQ= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/15gSKjuZMf3KeLQFHUOenh00ja0icFOk=
Step 56: Run the command system conntrack clear on DUT0.
Step 57: Run the command system conntrack clear on DUT1.
Step 58: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 3 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 59: Run the command system alarm show on DUT0 and check whether the output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+trueShow output
--------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) --------------------------------------------------------------------------------------------- DICTERROR1 true 2026-06-03 11:39:40.528208+00:00 1 69.69 DICTERROR2 true 2026-06-03 11:39:40.528358+00:00 1 69.74
Step 60: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/kKAdSMn1iFYhAMCwLbsYvXdT+Jbhrhhw= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/ESwyYRemuuUrB8pVrU9VjzoYVdem/fm0=
Step 61: Run the command system conntrack clear on DUT0.
Step 62: Run the command system conntrack clear on DUT1.
Step 63: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 3 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 64: Run the command system alarm show on DUT0 and check whether the output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+falseShow output
----------------------------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) ----------------------------------------------------------------------------------------------------------------- DICTERROR1 false 2026-06-03 11:39:47.123715+00:00 2026-06-03 11:39:40.528208+00:00 2 47.94 DICTERROR2 false 2026-06-03 11:39:47.123833+00:00 2026-06-03 11:39:40.528358+00:00 2 47.96
Remote Application Dictionary run in a VRF
Description
DUT0 configures HTTP detection with a remote application dictionary running in a separate VRF. DUT1 acts as a client behind DUT0. The test verifies that remote dictionary protocol traffic uses the VRF and HTTP connections are classified.
Phase 1: Using the local-vrf option to specify the VRF for the remote dictionary protocol.
Phase 2: Using the local-interface option with an interface assigned to the VRF.
Phase 3: Using the local-address option to source from an address on an interface in the VRF.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic nat source rule 1 address masquerade set interfaces ethernet eth0 traffic policy out POL set interfaces ethernet eth0 vrf MYVRF set interfaces ethernet eth1 address 192.168.2.100/24 set interfaces ethernet eth1 vrf MYVRF set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18acgDiQJQ/dhyATjN/cVTTn2DHTIhM09o= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19qHMH3sdt3/sqo1YSWlEKPIwhRiSVKe+QOD3/1CE2TJrgC5Uo46eax set system conntrack app-detect dictionary 1 remote local-vrf MYVRF set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 1 remote vrf-mark MYVRF set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19m4AbcKCgRdjkiXvPoQY5ZLY7uC4b60Og= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX19gizEErsgftOzeJ752amIeYPNWpAsC06Luke1MZectHhMSd5VEO2Wh set system conntrack app-detect dictionary 2 remote local-vrf MYVRF set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote vrf-mark MYVRF set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf MYVRF set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 vrf-mark MYVRF set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping the IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.990 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.990/0.990/0.990/0.000 ms
Step 5: Run the command system conntrack clear on DUT0.
Step 6: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=32882 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=32882 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=49823 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49823 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=46878 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=46878 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=59998 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59998 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=53944 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53944 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=46892 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=46892 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 8: Run the command traffic selector RDICT show on DUT0 and check whether the output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth0 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 22 40 3318 6103 ----------------------------------------------------- Total 22 40 3318 6103
Step 9: Run the command system conntrack clear on DUT1.
Step 10: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 9315 0 --:--:-- --:--:-- --:--:-- 12333 admin@osdx$
Step 11: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=32882 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=32882 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=46374 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46374 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=49823 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49823 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=46878 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=46878 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=59998 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59998 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=53944 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53944 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=54205 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54205 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=46892 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=46892 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 12: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-vrf delete system conntrack app-detect dictionary 2 remote local-vrf set system conntrack app-detect dictionary 1 remote local-interface eth1 set system conntrack app-detect dictionary 2 remote local-interface eth1
Step 13: Run the command system conntrack clear on DUT0.
Step 14: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 15: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=49823 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49823 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=34036 dport=443 vrf=MYVRF packets=14 bytes=1875 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34036 vrf=MYVRF packets=12 bytes=3700 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 8 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=59998 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59998 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 3598 ESTABLISHED src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34030 vrf=MYVRF packets=9 bytes=2088 src=10.215.168.64 dst=10.215.168.1 sport=34030 dport=443 vrf=MYVRF packets=10 bytes=1142 [ASSURED] mark=0 use=1 appdetect[L4:34030] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46378 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46378 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=41085 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41085 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 16: Run the command system conntrack clear on DUT1.
Step 17: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 8749 0 --:--:-- --:--:-- --:--:-- 9250 admin@osdx$
Step 18: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=41649 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41649 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=46394 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46394 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=49823 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49823 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=34036 dport=443 vrf=MYVRF packets=14 bytes=1875 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34036 vrf=MYVRF packets=12 bytes=3700 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=59998 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59998 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 3595 ESTABLISHED src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34030 vrf=MYVRF packets=9 bytes=2088 src=10.215.168.64 dst=10.215.168.1 sport=34030 dport=443 vrf=MYVRF packets=10 bytes=1142 [ASSURED] mark=0 use=1 appdetect[L4:34030] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46378 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46378 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=41085 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41085 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 19: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-interface delete system conntrack app-detect dictionary 2 remote local-interface set system conntrack app-detect dictionary 1 remote local-address 10.215.168.64 set system conntrack app-detect dictionary 2 remote local-address 10.215.168.64
Step 20: Run the command system conntrack clear on DUT0.
Step 21: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 22: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=58298 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58298 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=39152 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=39152 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=49823 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49823 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3598 ESTABLISHED src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34048 vrf=MYVRF packets=8 bytes=2036 src=10.215.168.64 dst=10.215.168.1 sport=34048 dport=443 vrf=MYVRF packets=8 bytes=1038 [ASSURED] mark=0 use=1 appdetect[L4:34048] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=34054 dport=443 vrf=MYVRF packets=14 bytes=1875 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34054 vrf=MYVRF packets=12 bytes=3700 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 8 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=46378 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46378 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 23: Run the command system conntrack clear on DUT1.
Step 24: Run the command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force on DUT1, press Ctrl+C after 2 seconds and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 11008 0 --:--:-- --:--:-- --:--:-- 12333 admin@osdx$
Step 25: Run the command system conntrack show on DUT0 and check whether the output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=39164 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=39164 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=58298 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58298 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=39152 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=39152 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=49823 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49823 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3595 ESTABLISHED src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34048 vrf=MYVRF packets=8 bytes=2036 src=10.215.168.64 dst=10.215.168.1 sport=34048 dport=443 vrf=MYVRF packets=8 bytes=1038 [ASSURED] mark=0 use=1 appdetect[L4:34048] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=34054 dport=443 vrf=MYVRF packets=14 bytes=1875 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=34054 vrf=MYVRF packets=12 bytes=3700 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=58243 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58243 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=46378 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46378 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.