Check Link Hook
This example demonstrates how to process outgoing NHRP traffic in a scenario using one Tunnel with GRE encapsulation.
Test Marks In NHRP Traffic
Description
In this scenario, a traffic policy was configured
to log outgoing NHRP traffic, which is non-IP Layer
3 protocol. The special hook link-out can be
used to process these outgoing frames.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.10/24 set interfaces tunnel tun0 address 10.0.0.1/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.10 set interfaces tunnel tun0 nhrp set interfaces tunnel tun0 traffic policy link-in LOG_NHRP set interfaces tunnel tun0 traffic policy link-out LOG_NHRP set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy LOG_NHRP rule 1 log prefix NHRP__ set traffic policy LOG_NHRP rule 1 selector NHRP_SEL set traffic selector NHRP_SEL rule 1 ether-type 8193
Note
NHRP packets use ethertype 8193 (0x2001).
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.20/24 set interfaces tunnel tun0 address 10.0.0.2/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.20 set interfaces tunnel tun0 nhrp holdtime 5 set interfaces tunnel tun0 nhrp nhs 10.0.0.1 nbma 192.168.100.10 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command protocols ip show nhrp at DUT0 and check if output matches the following regular expressions:
tun0\s+dynamic\s+10\.0\.0\.2Show output
Iface Type Protocol NBMA Claimed NBMA Expires(s) Flags Identity tun0 local 10.0.0.1 192.168.100.10 192.168.100.10 - - tun0 dynamic 10.0.0.2 192.168.100.20 192.168.100.20 4 UT
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
\[NHRP__-1\] ACCEPT IN=tun0 OUT=\w+ \[NHRP__-1\] ACCEPT IN= OUT=tun0Show output
Dec 11 14:45:15.323619 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.7M, max 13.8M, 12.0M free. Dec 11 14:45:15.325575 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 14:45:15.325648 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 14:45:15.333337 osdx OSDxCLI[48660]: User 'admin' executed a new command: 'system journal clear'. Dec 11 14:45:15.569955 osdx OSDxCLI[48660]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 14:45:15.852144 osdx OSDxCLI[48660]: User 'admin' entered the configuration menu. Dec 11 14:45:15.994441 osdx OSDxCLI[48660]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.10/24'. Dec 11 14:45:16.069577 osdx OSDxCLI[48660]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 traffic policy link-out LOG_NHRP'. Dec 11 14:45:16.138398 osdx OSDxCLI[48660]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 traffic policy link-in LOG_NHRP'. Dec 11 14:45:16.255541 osdx OSDxCLI[48660]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 address 10.0.0.1/32'. Dec 11 14:45:16.386318 osdx OSDxCLI[48660]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 encapsulation gre'. Dec 11 14:45:16.461931 osdx OSDxCLI[48660]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 local-address 192.168.100.10'. Dec 11 14:45:16.566657 osdx OSDxCLI[48660]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 nhrp'. Dec 11 14:45:16.632290 osdx OSDxCLI[48660]: User 'admin' added a new cfg line: 'set traffic policy LOG_NHRP rule 1 log prefix NHRP__'. Dec 11 14:45:16.736452 osdx OSDxCLI[48660]: User 'admin' added a new cfg line: 'set traffic policy LOG_NHRP rule 1 selector NHRP_SEL'. Dec 11 14:45:16.803215 osdx OSDxCLI[48660]: User 'admin' added a new cfg line: 'set traffic selector NHRP_SEL rule 1 ether-type 8193'. Dec 11 14:45:16.917744 osdx OSDxCLI[48660]: User 'admin' added a new cfg line: 'show working'. Dec 11 14:45:16.980074 osdx ubnt-cfgd[87179]: inactive Dec 11 14:45:17.057853 osdx systemd[1]: Reloading frr.service - FRRouting... Dec 11 14:45:17.071726 osdx watchfrr[16058]: [NG1AJ-FP2TQ] Terminating on signal Dec 11 14:45:17.172830 osdx frrinit.sh[87209]: Stopped watchfrr. Dec 11 14:45:17.173736 osdx frrinit.sh[87209]: Starting watchfrr with command: ' /usr/lib/frr/watchfrr -d --min-restart-interval 1 --max-restart-interval 600 --timeout 600 --restart-timeout 600 zebra mgmtd nhrpd staticd'. Dec 11 14:45:17.180249 osdx watchfrr[87227]: [T83RR-8SM5G] watchfrr 10.4.1 starting: vty@0 Dec 11 14:45:17.180300 osdx watchfrr[87227]: [QDG3Y-BY5TN] zebra state -> up : connect succeeded Dec 11 14:45:17.180328 osdx watchfrr[87227]: [QDG3Y-BY5TN] mgmtd state -> up : connect succeeded Dec 11 14:45:17.180358 osdx watchfrr[87227]: [ZCJ3S-SPH5S] nhrpd state -> down : initial connection attempt failed Dec 11 14:45:17.180361 osdx watchfrr[87227]: [QDG3Y-BY5TN] staticd state -> up : connect succeeded Dec 11 14:45:17.180826 osdx watchfrr[87227]: [YFT0P-5Q5YX] Forked background command [pid 87228]: /usr/lib/frr/watchfrr.sh restart nhrpd Dec 11 14:45:17.185033 osdx frrinit.sh[87228]: Cannot stop nhrpd: pid file not found Dec 11 14:45:17.185905 osdx watchfrr.sh[87233]: Cannot stop nhrpd: pid file not found Dec 11 14:45:17.195258 osdx zebra[1587]: [V98V0-MTWPF] client 36 says hello and bids fair to announce only nhrp routes vrf=0 Dec 11 14:45:17.203945 osdx watchfrr[87227]: [QDG3Y-BY5TN] nhrpd state -> up : connect succeeded Dec 11 14:45:17.203950 osdx watchfrr[87227]: [KWE5Q-QNGFC] all daemons up, doing startup-complete notify Dec 11 14:45:17.204656 osdx frrinit.sh[87209]: Started watchfrr Dec 11 14:45:17.204656 osdx frrinit.sh[87238]: sh: line 1: ipsec: command not found Dec 11 14:45:17.204779 osdx frrinit.sh[87209]: . Dec 11 14:45:17.298005 osdx systemd[1]: Reloaded frr.service - FRRouting. Dec 11 14:45:17.341566 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 14:45:17.382560 osdx WARNING[87331]: No supported link modes on interface eth0 Dec 11 14:45:17.384260 osdx modulelauncher[87331]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 14:45:17.384274 osdx modulelauncher[87331]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 14:45:17.385858 osdx modulelauncher[87331]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 14:45:17.385870 osdx modulelauncher[87331]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 14:45:17.408562 osdx (udev-worker)[87359]: Network interface NamePolicy= disabled on kernel command line. Dec 11 14:45:17.874729 osdx cfgd[1647]: [48660]Completed change to active configuration Dec 11 14:45:17.886242 osdx OSDxCLI[48660]: User 'admin' committed the configuration. Dec 11 14:45:17.901668 osdx OSDxCLI[48660]: User 'admin' left the configuration menu. Dec 11 14:45:19.656741 osdx OSDxCLI[48660]: User 'admin' executed a new command: 'protocols ip show nhrp'. Dec 11 14:45:20.516396 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT= MAC=45:00:00:74:d2:4b:40:00:40:2f:1e:a0:c0:a8:64:14:c0:a8:64:0a:00:00:20:01 Dec 11 14:45:20.516497 osdx kernel: [NHRP__-1] ACCEPT IN= OUT=tun0 MAC=45:01:00:00:00:00:40:00:40:2f:00:00:c0:a8:64:0a:c0:a8:64:14:00:00:20:01 Dec 11 14:45:20.516511 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT=eth0 MAC=00:01:08:00:00:00:00:00:00:40:00:70:2b:43:00:34:01:04:04:00:04:04:00:02 Dec 11 14:45:21.516926 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT= MAC=45:00:00:74:d2:ce:40:00:40:2f:1e:1d:c0:a8:64:14:c0:a8:64:0a:00:00:20:01 Dec 11 14:45:21.517003 osdx kernel: [NHRP__-1] ACCEPT IN= OUT=tun0 MAC=45:01:00:00:00:00:40:00:40:2f:00:00:c0:a8:64:0a:c0:a8:64:14:00:00:20:01 Dec 11 14:45:21.517013 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT=eth0 MAC=00:01:08:00:00:00:00:00:00:40:00:70:2b:42:00:34:01:04:04:00:04:04:00:02 Dec 11 14:45:21.741294 osdx OSDxCLI[48660]: User 'admin' executed a new command: 'protocols ip show nhrp'.
Step 5: Run command traffic policy show at DUT0 and check if output matches the following regular expressions:
1\s+NHRP_SEL\s+\b[^0]\d*Show output
Policy LOG_NHRP -- ifc tun0 -- hook link-in prio very-high --------------------------------------------------------------- rule selector pkts match pkts eval bytes match bytes eval --------------------------------------------------------------- 1 NHRP_SEL 4 4 456 456 --------------------------------------------------------------- Total 4 4 456 456 Policy LOG_NHRP -- ifc tun0 -- hook link-out prio very-high --------------------------------------------------------------- rule selector pkts match pkts eval bytes match bytes eval --------------------------------------------------------------- 1 NHRP_SEL 2 2 272 272 --------------------------------------------------------------- Total 2 2 272 272