.. _example_traffic_policy_conntag:
#######
Conntag
#######
.. sidebar:: Contents
.. contents::
:depth: 2
:local:
The following scenarios show how to configure traffic policies
using the ``conntag`` feature. Conntag allows tagging conntrack
entries with string values (up to 255 characters) for traffic
classification and filtering. This is similar to connmark but
uses human-readable string tags instead of numeric marks.
.. image:: topology.svg
:width: 400
*****************************
Test Policy Set Conntag Basic
*****************************
Description
===========
In this scenario, an ingress traffic policy is configured
in DUT0 to set a basic conntag string on incoming packets.
The conntag value is stored in the conntrack entry and can
be verified using the ``system conntrack show`` command.
Scenario
========
.. include:: conntag/testpolicysetconntagbasic
.. raw:: html
************************************
Test Policy Set Conntag With Numbers
************************************
Description
===========
This scenario tests setting a conntag that includes numeric
characters mixed with text, demonstrating that conntag values
can contain alphanumeric strings with hyphens.
Scenario
========
.. include:: conntag/testpolicysetconntagwithnumbers
.. raw:: html
******************************************
Test Policy Set Conntag Special Characters
******************************************
Description
===========
This scenario tests setting a conntag that includes special
characters like underscores, dots, and hyphens, which are
commonly used in application versioning and environment naming.
Scenario
========
.. include:: conntag/testpolicysetconntagspecialcharacters
.. raw:: html
**************************************
Test Policy Set Conntag Maximum Length
**************************************
Description
===========
This scenario tests the conntag feature with the maximum
allowed string length of 255 characters. The system should
accept and correctly store strings up to this limit.
Scenario
========
.. include:: conntag/testpolicysetconntagmaximumlength
.. raw:: html
**************************************
Test Policy Set Conntag Invalid Length
**************************************
Description
===========
This scenario tests that the system correctly rejects
conntag strings that exceed the maximum allowed length
of 255 characters with an appropriate error message.
Scenario
========
.. include:: conntag/testpolicysetconntaginvalidlength
.. raw:: html
************************************
Test Policy Set Conntag Empty String
************************************
Description
===========
This scenario tests that the system correctly rejects
empty or whitespace-only conntag strings.
Scenario
========
.. include:: conntag/testpolicysetconntagemptystring
.. raw:: html
*************************************
Test Policy Set Conntag With Connmark
*************************************
Description
===========
This scenario demonstrates using both conntag and connmark
together on the same traffic flow. This allows numeric
classification (connmark) alongside descriptive string
tagging (conntag) for comprehensive traffic identification.
Scenario
========
.. include:: conntag/testpolicysetconntagwithconnmark
.. raw:: html
********************************
Test Policy Set Conntag With VRF
********************************
Description
===========
This scenario demonstrates using conntag in combination
with VRF routing. Traffic is tagged with a conntag and
also assigned to a specific VRF for routing purposes.
Scenario
========
.. include:: conntag/testpolicysetconntagwithvrf
.. raw:: html
**************************
Test Policy Modify Conntag
**************************
Description
===========
This scenario demonstrates modifying the conntag value
on an existing traffic policy rule and verifying that
new connections use the updated tag value.
Scenario
========
.. include:: conntag/testpolicymodifyconntag
.. raw:: html
**************************
Test Policy Delete Conntag
**************************
Description
===========
This scenario tests removing a conntag configuration
from a traffic policy and verifying that new connections
no longer have the tag applied.
Scenario
========
.. include:: conntag/testpolicydeleteconntag
.. raw:: html