OSDx Documentation Logo
v4.2.7.0
  • About
  • Releases

First steps

  • Setting Up
  • Quick Start
  • Licensing
  • CLI Overview
  • Configuration Management

Admin Guide

  • System Administration
  • Articles
  • Troubleshooting
  • Examples
    • Basic
    • Interfaces
      • Bonding
      • Bridge
      • Cellular
        • Accessibility-Control
        • Dhcp
        • Network
        • Pdp
        • Profile
        • Traffic
      • Dummy
      • Ethernet
      • Tunnel
      • Vti
      • Vxlan
      • Wlan
    • Protocols
    • Service
    • System
    • Tech Support
    • Traffic
    • User-Level
    • Vpn

Command reference

  • Configuration commands
  • Operational commands
OSDx Documentation
  • Examples
  • Interfaces
  • Cellular
  • Traffic
  • Policy
  • Check Link Hook
  • View page source

Check Link Hook

This scenario shows how to attach a traffic policy to the link hook in a Cellular interface. This hook is triggered at a very early stage of the network packet stack (level 2 layer).

../../../../../_images/google4.svg

Test Early Packet Drop

Description

In DUT0, the cellular interface is configured with a traffic policy to drop all incoming traffic at the link stage and only allow ARP and UDP packets.

Scenario

Step 1: Set the following configuration in DUT0 :

set cellular profile CELPROFILE apn movistar.es
set interfaces cellular cell0 address dhcp
set interfaces cellular cell0 encrypted-pin U2FsdGVkX19l8o8124Maop5f1wXFTzGLankYCiGARnQ=
set interfaces cellular cell0 profile CELPROFILE
set service dns forwarding dhcp interface cell0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Ping IP address 8.8.8.8 from DUT0:

admin@DUT0$ ping 8.8.8.8 count 1 size 56 timeout 1
Show output
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=36.2 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 36.215/36.215/36.215/0.000 ms

Note

In the previous command it is observed that the ICMP packets corresponding to the ‘Ping’ command are received without problems. This is because the traffic policy responsible for dropping these packets has not yet been applied to the cellular interface.

Note

However, when the traffic policy is applied, it can be verified that the ‘ping’ command fails since ICMP packets are now being dropped.

Step 3: Modify the following configuration lines in DUT0 :

set interfaces cellular cell0 traffic policy link-in EDROP_POLICY
set traffic policy EDROP_POLICY rule 1 action accept
set traffic policy EDROP_POLICY rule 1 selector ACCEPT_SEL
set traffic policy EDROP_POLICY rule 2 action drop
set traffic selector ACCEPT_SEL rule 1 protocol udp
set traffic selector ACCEPT_SEL rule 2 ether-type arp

Step 4: Expect a failure in the following command: Ping IP address 8.8.8.8 from DUT0:

admin@DUT0$ ping 8.8.8.8 count 1 size 56 timeout 1
Show output
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

Note

On the other hand, the applied traffic policy allows receiving UDP packets, so the ‘nslookup’ command works without problems.

Step 5: Run command nslookup www.google.es at DUT0 and check if output matches the following regular expressions:

Server:\s+(\d+\.){3}\d+
Show output
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
www.google.es   canonical name = forcesafesearch.google.com.
Name:   forcesafesearch.google.com
Address: 216.239.38.120
Name:   forcesafesearch.google.com
Address: 2001:4860:4802:32::78

Note

Finally, with the following operational command the statistics of the traffic policy are displayed.

Step 6: Run command traffic policy show at DUT0 and check if output matches the following regular expressions:

1\s+ACCEPT_SEL\s+\b[^0]\d*
Show output
Policy EDROP_POLICY -- ifc cell0 -- hook link-in prio very-high

-----------------------------------------------------------------
rule    selector   pkts match  pkts eval  bytes match  bytes eval
-----------------------------------------------------------------
1      ACCEPT_SEL           2          3          215         299
2      -                    1          1           84          84
-----------------------------------------------------------------
Total                       3          3          299         299

Previous Next

© Copyright 2025, Teldat.

Built with Sphinx using a theme provided by Read the Docs.