App-Dictionary
These scenarios check the application dictionary support provided by app-detect feature.
Local Storage Application Dictionary
Description
DUT0 configures HTTP and DNS detection. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. Traffic is first generated without a dictionary and connections are verified to be classified only by below-L7 detectors. Then a local dictionary file is loaded and statistics are checked to be empty. An HTTP download verifies FQDN match with local dictionary and performs IP-cache population. A second download verifies IP-cache match. An SSH connection verifies static IP address range match. Finally a DNS lookup and ping verify DNS-host detection with IP-cache lookup.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dns-host set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.529 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.529/0.529/0.529/0.000 ms
Step 5: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5618 0 --:--:-- --:--:-- --:--:-- 6166
Step 6: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.8.3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Feb 12 23:28:18 2026 from 192.168.100.2 admin@osdx$
Step 7: Ping IP address 10.215.168.64 from DUT1:
admin@DUT1$ ping 10.215.168.64 count 1 size 56 timeout 1Show output
PING 10.215.168.64 (10.215.168.64) 56(84) bytes of data. 64 bytes from 10.215.168.64: icmp_seq=1 ttl=64 time=0.237 ms --- 10.215.168.64 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.237/0.237/0.237/0.000 ms
Step 8: Run command system conntrack show at DUT0 and expect this output:
Show output
icmp 1 29 src=192.168.2.101 dst=10.215.168.1 type=8 code=0 id=746 packets=1 bytes=84 src=10.215.168.1 dst=10.215.168.64 type=0 code=0 id=746 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=48590 dport=22 packets=24 bytes=5032 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=48590 packets=21 bytes=4848 [ASSURED] mark=0 use=1 appdetect[L4:22] icmp 1 29 src=192.168.2.101 dst=10.215.168.64 type=8 code=0 id=747 packets=1 bytes=84 src=10.215.168.64 dst=192.168.2.101 type=0 code=0 id=747 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=35976 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35976 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 4 flow entries have been shown.
Step 9: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 16.2M 0 --:--:-- --:--:-- --:--:-- 21.6M
Note
The dictionary file contains the following test entries used in this scenario:
Show output
<app id="30" name="Teldat Test" version="1"> <fqdn_list> <fqdn>10.215.168.1</fqdn> </fqdn_list> </app> <app id="31" name="Teldat Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.64</net_address> <net_mask>255.255.255.192</net_mask> </range> </address_list> </app>
Step 10: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://user-data/test_dict.gz' set system conntrack app-detect enable_dict_match_priv_ip
Step 11: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 12: Run command system conntrack clear at DUT0.
Step 13: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 12559 0 --:--:-- --:--:-- --:--:-- 18500
Step 14: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U128:30\shttp-host:10.215.168.1\]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=35990 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35990 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 12619 0 --:--:-- --:--:-- --:--:-- 18500
Step 17: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 18: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.8.3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Feb 12 23:30:26 2026 from 10.215.168.64 admin@osdx$
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
src=10.215.168.64\sdst=10.215.168.66.*appdetect\[U128:31]Show output
tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=35990 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35990 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=48602 dport=22 packets=24 bytes=5032 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=48602 packets=21 bytes=4864 [ASSURED] mark=0 use=1 appdetect[U128:31] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=35992 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35992 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 1 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Ping IP address static.opentok.com from DUT1:
admin@DUT1$ ping static.opentok.com count 1 size 56 timeout 1Show output
PING static.opentok.com (192.168.2.100) 56(84) bytes of data. 64 bytes from static.opentok.com (192.168.2.100): icmp_seq=1 ttl=64 time=0.512 ms --- static.opentok.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.512/0.512/0.512/0.000 ms
Step 22: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=55512 dport=53 packets=1 bytes=72 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55512 packets=1 bytes=104 mark=0 use=1 appdetect[U128:31] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=35990 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35990 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] icmp 1 29 src=192.168.2.101 dst=192.168.2.100 type=8 code=0 id=748 packets=1 bytes=84 src=192.168.2.100 dst=192.168.2.101 type=0 code=0 id=748 packets=1 bytes=84 mark=0 use=1 appdetect[U128:12] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=48602 dport=22 packets=24 bytes=5032 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=48602 packets=21 bytes=4864 [ASSURED] mark=0 use=1 appdetect[U128:31] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=35992 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35992 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=48119 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48119 packets=1 bytes=64 mark=0 use=1 appdetect[U128:31] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=44510 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44510 packets=1 bytes=80 mark=0 use=1 appdetect[U128:31 dns-host:static.opentok.com] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 23: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 4 Matches in IP-cache 2 Modifications in IP-cache 2 Matches in dynamic dictionaries 3 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
CLI Custom Application Dictionary
Description
DUT0 configures HTTP detection with a custom dictionary defined via CLI. DUT1 acts as a client behind DUT0 and downloads a file via HTTP. The connection is verified to be classified with the custom App-ID on the first request through FQDN match, and on subsequent requests through IP-cache.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dictionary 1 custom app-id 42 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 1 custom app-id 42 name 'Teldat Test' set system conntrack app-detect dictionary 2 custom app-id 43 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 2 custom app-id 43 name 'Teldat Test' set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.656 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.656/0.656/0.656/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 7: Run command system conntrack clear at DUT0.
Step 8: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6155 0 --:--:-- --:--:-- --:--:-- 7400
Step 9: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U6:42\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=52199 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=52199 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=54068 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54068 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=44352 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44352 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U6:42 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 10: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 11: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6061 0 --:--:-- --:--:-- --:--:-- 6166
Step 12: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Remote Application Dictionary
Description
DUT0 configures HTTP detection with a remote application dictionary served by a categorization server. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. A traffic policy drops uncategorized traffic until the remote dictionary classifies it. Traffic belonging to the remote dictionary protocol is allowed.
Phase 1: HTTP-host detection triggers a remote dictionary lookup in override mode and the connection is classified with the remote App-ID.
Phase 2: DNS-host detection is added so classification happens at DNS resolution time and populates the IP-cache.
Phase 3: App-detect chained storage mode is enabled and the full App-ID chain is verified.
Phase 4: An alarm is configured to detect communication errors with the remote dictionary server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+RA9Sr7YbL61N0zf7jM1pufM9NnONUkRw= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+8Ah0iYzHS3XJsB3vPbH+UgXB8G8s7iUDtwhFv8tnmjgFJRFgjh8fL set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18cKnFDOEdYdQc51OgKHxmX0QfROr+LIC0= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX19VxT5nU7QBcbMy1Gtwh2wByLsGWsShKo65Cb+X3KX47PpepuLVrq9U set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.530 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.530/0.530/0.530/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Feb 12 23:31:56.334973 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.1M, max 17.2M, 15.1M free. Feb 12 23:31:56.337243 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:31:56.337297 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:31:56.344752 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:31:56.558664 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:31:56.768614 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:31:56.908629 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.2.100/24'. Feb 12 23:31:56.982495 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 12 23:31:57.084067 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic nat source rule 1 address masquerade'. Feb 12 23:31:57.155517 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out POL'. Feb 12 23:31:57.262461 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'. Feb 12 23:31:57.341465 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'. Feb 12 23:31:57.430449 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'. Feb 12 23:31:57.492658 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'. Feb 12 23:31:57.607298 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'. Feb 12 23:31:57.708264 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'. Feb 12 23:31:57.771413 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'. Feb 12 23:31:57.906973 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'. Feb 12 23:31:58.015273 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'. Feb 12 23:31:58.125536 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'. Feb 12 23:31:58.218155 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'. Feb 12 23:31:58.398077 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'. Feb 12 23:31:58.493582 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'. Feb 12 23:31:58.641472 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'. Feb 12 23:31:58.747424 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'. Feb 12 23:31:58.820224 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'. Feb 12 23:31:58.925892 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'. Feb 12 23:31:58.986833 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'. Feb 12 23:31:59.112633 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 12 23:31:59.190404 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'. Feb 12 23:31:59.299702 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Feb 12 23:31:59.358104 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'. Feb 12 23:31:59.507177 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:31:59.576811 osdx ubnt-cfgd[810587]: inactive Feb 12 23:31:59.647147 osdx INFO[810625]: FRR daemons did not change Feb 12 23:31:59.833245 osdx kernel: nfUDPlink: module init Feb 12 23:31:59.833307 osdx kernel: app-detect: module init Feb 12 23:31:59.833321 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 12 23:31:59.833331 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 12 23:31:59.833341 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 12 23:31:59.833352 osdx kernel: app-detect: expression init Feb 12 23:31:59.833367 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 12 23:31:59.833377 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 12 23:31:59.849245 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Feb 12 23:31:59.849314 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:31:59.849325 osdx kernel: app-detect: (empty, no dicts) Feb 12 23:31:59.849333 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:31:59.849342 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Feb 12 23:31:59.849349 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Feb 12 23:31:59.849358 osdx kernel: app-detect: set type of dict _remote_ to remote Feb 12 23:31:59.849370 osdx kernel: app-detect: user set num_hash_entries=40000 Feb 12 23:31:59.849379 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Feb 12 23:31:59.849387 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Feb 12 23:31:59.849395 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Feb 12 23:31:59.849403 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Feb 12 23:31:59.849411 osdx kernel: app-detect: enable remote dictionary _remote_ Feb 12 23:31:59.849418 osdx kernel: app-detect: dictionary _remote_ enabled Feb 12 23:31:59.849426 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:31:59.849433 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Feb 12 23:31:59.849441 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:31:59.849451 osdx kernel: app-detect: (empty, no dicts) Feb 12 23:31:59.849463 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Feb 12 23:31:59.849472 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:31:59.849482 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 12 23:31:59.849492 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:31:59.849501 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Feb 12 23:31:59.849508 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Feb 12 23:31:59.849516 osdx kernel: app-detect: set type of dict _remote_ to remote Feb 12 23:31:59.849527 osdx kernel: app-detect: user set num_hash_entries=40000 Feb 12 23:31:59.849536 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Feb 12 23:31:59.849544 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Feb 12 23:31:59.849551 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Feb 12 23:31:59.849561 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Feb 12 23:31:59.849570 osdx kernel: app-detect: enable remote dictionary _remote_ Feb 12 23:31:59.849577 osdx kernel: app-detect: dictionary _remote_ enabled Feb 12 23:31:59.849586 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:31:59.849600 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 12 23:31:59.849612 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Feb 12 23:31:59.849621 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:31:59.849628 osdx kernel: app-detect: (empty, no dicts) Feb 12 23:31:59.859036 osdx INFO[810662]: Updated /etc/default/osdx_tcatd.conf Feb 12 23:31:59.859078 osdx INFO[810662]: Restarting Traffic Categorization (TCATD) service ... Feb 12 23:31:59.889693 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Feb 12 23:32:00.209381 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Feb 12 23:32:00.210998 osdx osdx-tcatd[810666]: Dict_client. rdict_num 2 mark 5555 local-vrf Feb 12 23:32:00.211102 osdx osdx-tcatd[810666]: Dict_client. ERROR (dict 2) 7 (Couldn't connect to server): Unable to connect to server Feb 12 23:32:00.211193 osdx osdx-tcatd[810666]: Dict_client. rdict_num 1 mark 5555 local-vrf Feb 12 23:32:00.211234 osdx osdx-tcatd[810666]: Dict_client. ERROR (dict 1) 7 (Couldn't connect to server): Unable to connect to server Feb 12 23:32:00.245241 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 12 23:32:00.293702 osdx WARNING[810756]: No supported link modes on interface eth1 Feb 12 23:32:00.295207 osdx modulelauncher[810756]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Feb 12 23:32:00.295221 osdx modulelauncher[810756]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Feb 12 23:32:00.296371 osdx modulelauncher[810756]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:32:00.296380 osdx modulelauncher[810756]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:32:00.337264 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:32:00.387273 osdx WARNING[810836]: No supported link modes on interface eth0 Feb 12 23:32:00.389029 osdx modulelauncher[810836]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:32:00.389047 osdx modulelauncher[810836]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:32:00.390281 osdx modulelauncher[810836]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:32:00.390291 osdx modulelauncher[810836]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:32:00.611127 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:32:00.627116 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:32:00.656990 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:32:03.496282 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack clear'. Feb 12 23:32:03.665321 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:49000/10.215.168.1:80 Feb 12 23:32:03.665387 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:49000/10.215.168.1:80 Feb 12 23:32:03.665396 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 12 23:32:03.665405 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 12 23:32:03.665416 osdx kernel: app-detect: search in dict _remote_, prio 2 Feb 12 23:32:03.665359 osdx osdx-tcatd[810666]: UDP_Server. Read 27 bytes Feb 12 23:32:03.665364 osdx osdx-tcatd[810666]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Feb 12 23:32:03.665382 osdx osdx-tcatd[810666]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Feb 12 23:32:03.665391 osdx osdx-tcatd[810666]: UDP_Server. Read 27 bytes Feb 12 23:32:03.665393 osdx osdx-tcatd[810666]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Feb 12 23:32:03.665406 osdx osdx-tcatd[810666]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Feb 12 23:32:03.679712 osdx osdx-tcatd[810666]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Feb 12 23:32:03.679737 osdx osdx-tcatd[810666]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Feb 12 23:32:03.679830 osdx osdx-tcatd[810666]: UDP_Server. Sent 38 bytes Feb 12 23:32:03.680649 osdx osdx-tcatd[810666]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Feb 12 23:32:03.680660 osdx osdx-tcatd[810666]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Feb 12 23:32:03.680700 osdx osdx-tcatd[810666]: UDP_Server. Sent 38 bytes Feb 12 23:32:03.681238 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Feb 12 23:32:03.681264 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:32:03.681276 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Feb 12 23:32:03.681284 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Feb 12 23:32:03.681291 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:32:03.681301 osdx kernel: app-detect: (empty, no dicts) Feb 12 23:32:03.681310 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Feb 12 23:32:03.681318 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Feb 12 23:32:03.681326 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:32:03.681333 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 12 23:32:03.681341 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Feb 12 23:32:03.681349 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:32:03.681357 osdx kernel: app-detect: (empty, no dicts) Feb 12 23:32:03.681366 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Step 8: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443Show output
tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=41054 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=41054 packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=34476 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=34476 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=38887 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38887 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=49000 dport=80 packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49000 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=34756 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34756 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=41064 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=41064 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 9: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 22 38 3318 5887 ----------------------------------------------------- Total 22 38 3318 5887
Step 10: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dport=80.*packets=[1-9].*appdetect\[L4:80\shttp-host:enterprise.opentok.com\]Show output
tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=41054 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=41054 packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=34476 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=34476 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=38887 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38887 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=49000 dport=80 packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49000 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=34756 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34756 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=41064 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=41064 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 11: Run command system conntrack clear at DUT1.
Step 12: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6105 0 --:--:-- --:--:-- --:--:-- 6166 admin@osdx$
Step 13: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=41054 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=41054 packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=34476 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=34476 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=57061 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57061 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=38887 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38887 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 28 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=49000 dport=80 packets=9 bytes=2114 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49000 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=34756 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34756 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=52496 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=52496 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=41064 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=41064 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 14: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 4m57s940ms
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command system conntrack clear at DUT0.
Step 17: Run command system conntrack clear at DUT1.
Step 18: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 4864 0 --:--:-- --:--:-- --:--:-- 5285
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=52096 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=52096 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=52512 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=52512 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage override set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+RA9Sr7YbL61N0zf7jM1pufM9NnONUkRw= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+8Ah0iYzHS3XJsB3vPbH+UgXB8G8s7iUDtwhFv8tnmjgFJRFgjh8fL set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18cKnFDOEdYdQc51OgKHxmX0QfROr+LIC0= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX19VxT5nU7QBcbMy1Gtwh2wByLsGWsShKo65Cb+X3KX47PpepuLVrq9U set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 22: Run command system conntrack clear at DUT0.
Step 23: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 24: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 25: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 26: Run command system conntrack show at DUT0 and expect this output:
Show output
tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=41084 dport=443 packets=6 bytes=913 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=41084 packets=5 bytes=1315 [ASSURED] mark=0 use=1 appdetect[U130:7] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=55218 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55218 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=58317 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58317 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=127.0.0.1 dst=127.0.0.1 sport=34476 dport=49000 packets=4 bytes=222 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=34476 packets=4 bytes=266 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=55340 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55340 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=45088 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45088 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=46316 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=46316 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=34194 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34194 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] tcp 6 3599 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=41076 dport=443 packets=8 bytes=1017 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=41076 packets=5 bytes=1315 [ASSURED] mark=0 use=1 appdetect[U130:7] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 27: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 28: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 29: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 30: Run command system conntrack show at DUT0 and expect this output:
Show output
tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=41084 dport=443 packets=6 bytes=913 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=41084 packets=5 bytes=1315 [ASSURED] mark=0 use=1 appdetect[U130:7] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=55218 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55218 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=58317 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58317 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=34476 dport=49000 packets=4 bytes=222 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=34476 packets=4 bytes=266 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=58126 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58126 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=48564 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48564 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=55340 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55340 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=52172 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=52172 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=57763 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57763 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=45088 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45088 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=46316 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=46316 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=34194 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34194 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=35608 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35608 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=41076 dport=443 packets=8 bytes=1017 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=41076 packets=5 bytes=1315 [ASSURED] mark=0 use=1 appdetect[U130:7] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=36863 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36863 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] conntrack v1.4.7 (conntrack-tools): 15 flow entries have been shown.
Step 31: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Feb 12 23:32:00.656990 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:32:03.496282 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack clear'. Feb 12 23:32:03.665321 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:49000/10.215.168.1:80 Feb 12 23:32:03.665387 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:49000/10.215.168.1:80 Feb 12 23:32:03.665396 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 12 23:32:03.665405 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 12 23:32:03.665416 osdx kernel: app-detect: search in dict _remote_, prio 2 Feb 12 23:32:03.665359 osdx osdx-tcatd[810666]: UDP_Server. Read 27 bytes Feb 12 23:32:03.665364 osdx osdx-tcatd[810666]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Feb 12 23:32:03.665382 osdx osdx-tcatd[810666]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Feb 12 23:32:03.665391 osdx osdx-tcatd[810666]: UDP_Server. Read 27 bytes Feb 12 23:32:03.665393 osdx osdx-tcatd[810666]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Feb 12 23:32:03.665406 osdx osdx-tcatd[810666]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Feb 12 23:32:03.679712 osdx osdx-tcatd[810666]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Feb 12 23:32:03.679737 osdx osdx-tcatd[810666]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Feb 12 23:32:03.679830 osdx osdx-tcatd[810666]: UDP_Server. Sent 38 bytes Feb 12 23:32:03.680649 osdx osdx-tcatd[810666]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Feb 12 23:32:03.680660 osdx osdx-tcatd[810666]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Feb 12 23:32:03.680700 osdx osdx-tcatd[810666]: UDP_Server. Sent 38 bytes Feb 12 23:32:03.681238 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Feb 12 23:32:03.681264 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:32:03.681276 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Feb 12 23:32:03.681284 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Feb 12 23:32:03.681291 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:32:03.681301 osdx kernel: app-detect: (empty, no dicts) Feb 12 23:32:03.681310 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Feb 12 23:32:03.681318 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Feb 12 23:32:03.681326 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:32:03.681333 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 12 23:32:03.681341 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Feb 12 23:32:03.681349 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:32:03.681357 osdx kernel: app-detect: (empty, no dicts) Feb 12 23:32:03.681366 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Feb 12 23:32:05.746067 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal show | tail -n 200'. Feb 12 23:32:05.938317 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack show'. Feb 12 23:32:06.044396 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'traffic selector RDICT show'. Feb 12 23:32:06.120498 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack show'. Feb 12 23:32:06.434492 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:52496/10.215.168.1:80 Feb 12 23:32:06.434573 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:52496/10.215.168.1:80 Feb 12 23:32:06.434593 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 12 23:32:06.434608 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 12 23:32:06.434620 osdx kernel: app-detect: appid 82000007 found in hash dictionary Feb 12 23:32:08.423403 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack show'. Feb 12 23:32:08.497616 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack app-detect show ip-cache'. Feb 12 23:32:08.591237 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack app-detect show'. Feb 12 23:32:08.680943 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack clear'. Feb 12 23:32:08.994844 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:52512/10.215.168.1:80 Feb 12 23:32:08.994929 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:52512/10.215.168.1:80 Feb 12 23:32:08.994941 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 12 23:32:08.994951 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 12 23:32:08.994971 osdx kernel: app-detect: appid 82000007 found in hash dictionary Feb 12 23:32:09.093387 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack show'. Feb 12 23:32:09.214657 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack app-detect show'. Feb 12 23:32:09.406840 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:32:09.487223 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'delete system conntrack app-detect'. Feb 12 23:32:09.613868 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.2.100/24'. Feb 12 23:32:09.686470 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 12 23:32:09.807855 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic nat source rule 1 address masquerade'. Feb 12 23:32:09.921233 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out POL'. Feb 12 23:32:10.036568 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'. Feb 12 23:32:10.093746 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'. Feb 12 23:32:10.191171 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'. Feb 12 23:32:10.257730 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'. Feb 12 23:32:10.374223 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'. Feb 12 23:32:10.441517 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'. Feb 12 23:32:10.547920 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'. Feb 12 23:32:10.634547 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'. Feb 12 23:32:10.739183 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'. Feb 12 23:32:10.798165 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'. Feb 12 23:32:10.902272 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'. Feb 12 23:32:11.005614 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'. Feb 12 23:32:11.108845 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'. Feb 12 23:32:11.165426 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'. Feb 12 23:32:11.284409 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'. Feb 12 23:32:11.374980 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'. Feb 12 23:32:11.444564 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'. Feb 12 23:32:11.534339 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'. Feb 12 23:32:11.610626 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 12 23:32:11.723266 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'. Feb 12 23:32:11.776271 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Feb 12 23:32:11.884114 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'. Feb 12 23:32:11.948815 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dns'. Feb 12 23:32:12.052731 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dns-host'. Feb 12 23:32:12.115909 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect app-id-storage override'. Feb 12 23:32:12.285056 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:32:12.362402 osdx ubnt-cfgd[811043]: inactive Feb 12 23:32:12.391599 osdx INFO[811051]: FRR daemons did not change Feb 12 23:32:12.421245 osdx kernel: app-detect: expression destroy Feb 12 23:32:12.469250 osdx kernel: app-detect: expression init Feb 12 23:32:12.469300 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 12 23:32:12.469311 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 12 23:32:12.518502 osdx INFO[811076]: Updated /etc/default/osdx_tcatd.conf Feb 12 23:32:12.518570 osdx INFO[811076]: Restarting Traffic Categorization (TCATD) service ... Feb 12 23:32:12.528913 osdx osdx-tcatd[810666]: UDP_Server. Received STOP signal. Cleanup Feb 12 23:32:12.528977 osdx systemd[1]: Stopping osdx-tcatd.service - App-Detect Traffic Categorization daemon... Feb 12 23:32:12.528983 osdx osdx-tcatd[810666]: Dict_client. Cleanup Feb 12 23:32:12.531703 osdx systemd[1]: osdx-tcatd.service: Deactivated successfully. Feb 12 23:32:12.531869 osdx systemd[1]: Stopped osdx-tcatd.service - App-Detect Traffic Categorization daemon. Feb 12 23:32:12.561771 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Feb 12 23:32:12.902895 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Feb 12 23:32:12.904338 osdx osdx-tcatd[811080]: Dict_client. rdict_num 2 mark 5555 local-vrf Feb 12 23:32:12.914975 osdx osdx-tcatd[811080]: Dict_client. rdict_num 1 mark 5555 local-vrf Feb 12 23:32:13.122418 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:32:13.124725 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:32:13.151362 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:32:13.295990 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack clear'. Feb 12 23:32:15.369641 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:55340/10.215.168.66:53 Feb 12 23:32:15.373252 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:55340/10.215.168.66:53 Feb 12 23:32:15.373292 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 12 23:32:15.373302 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Feb 12 23:32:15.373310 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 12 23:32:15.373319 osdx kernel: app-detect: appid 82000007 found in hash dictionary Feb 12 23:32:15.373326 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache Feb 12 23:32:15.453407 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:34194/10.215.168.66:53 Feb 12 23:32:15.453678 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:34194/10.215.168.66:53 Feb 12 23:32:15.453756 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Feb 12 23:32:15.453772 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Feb 12 23:32:15.453783 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 12 23:32:15.453796 osdx kernel: app-detect: search in dict _remote_, prio 2 Feb 12 23:32:15.453789 osdx osdx-tcatd[811080]: UDP_Server. Read 27 bytes Feb 12 23:32:15.453794 osdx osdx-tcatd[811080]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.gamblingteldat.com Feb 12 23:32:15.453823 osdx osdx-tcatd[811080]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Feb 12 23:32:15.453837 osdx osdx-tcatd[811080]: UDP_Server. Read 27 bytes Feb 12 23:32:15.453839 osdx osdx-tcatd[811080]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.gamblingteldat.com Feb 12 23:32:15.453847 osdx osdx-tcatd[811080]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Feb 12 23:32:15.454857 osdx osdx-tcatd[811080]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Feb 12 23:32:15.454876 osdx osdx-tcatd[811080]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.gamblingteldat.com TTL 172800 AppID:8200000F Feb 12 23:32:15.454916 osdx osdx-tcatd[811080]: UDP_Server. Sent 38 bytes Feb 12 23:32:15.455069 osdx osdx-tcatd[811080]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Feb 12 23:32:15.455080 osdx osdx-tcatd[811080]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.gamblingteldat.com TTL 172800 AppID:83000019 Feb 12 23:32:15.455107 osdx osdx-tcatd[811080]: UDP_Server. Sent 38 bytes Feb 12 23:32:15.457240 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Feb 12 23:32:15.457268 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:32:15.457281 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Feb 12 23:32:15.457292 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Feb 12 23:32:15.457303 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:32:15.457315 osdx kernel: app-detect: (empty, no dicts) Feb 12 23:32:15.457327 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Feb 12 23:32:15.457339 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Feb 12 23:32:15.457351 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:32:15.457362 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 12 23:32:15.457374 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Feb 12 23:32:15.457385 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:32:15.457396 osdx kernel: app-detect: (empty, no dicts) Feb 12 23:32:15.457407 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Feb 12 23:32:15.549408 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:55218/10.215.168.66:53 Feb 12 23:32:15.549661 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:55218/10.215.168.66:53 Feb 12 23:32:15.549678 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Feb 12 23:32:15.549687 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Feb 12 23:32:15.549696 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 12 23:32:15.549705 osdx kernel: app-detect: search in dict _remote_, prio 2 Feb 12 23:32:15.549752 osdx osdx-tcatd[811080]: UDP_Server. Read 28 bytes Feb 12 23:32:15.549760 osdx osdx-tcatd[811080]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.newspaperteldat.com Feb 12 23:32:15.549777 osdx osdx-tcatd[811080]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Feb 12 23:32:15.549788 osdx osdx-tcatd[811080]: UDP_Server. Read 28 bytes Feb 12 23:32:15.549790 osdx osdx-tcatd[811080]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.newspaperteldat.com Feb 12 23:32:15.549796 osdx osdx-tcatd[811080]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Feb 12 23:32:15.550802 osdx osdx-tcatd[811080]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} Feb 12 23:32:15.550816 osdx osdx-tcatd[811080]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.newspaperteldat.com TTL 172800 AppID:8300005C Feb 12 23:32:15.550856 osdx osdx-tcatd[811080]: UDP_Server. Sent 39 bytes Feb 12 23:32:15.551091 osdx osdx-tcatd[811080]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} Feb 12 23:32:15.551104 osdx osdx-tcatd[811080]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.newspaperteldat.com TTL 172800 AppID:82000004 Feb 12 23:32:15.551144 osdx osdx-tcatd[811080]: UDP_Server. Sent 39 bytes Feb 12 23:32:15.553239 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Feb 12 23:32:15.553263 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:32:15.553276 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 12 23:32:15.553288 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Feb 12 23:32:15.553300 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:32:15.553314 osdx kernel: app-detect: (empty, no dicts) Feb 12 23:32:15.553326 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Feb 12 23:32:15.553339 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Feb 12 23:32:15.553351 osdx kernel: app-detect: linked list of enabled dicts: Feb 12 23:32:15.553362 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Feb 12 23:32:15.553373 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Feb 12 23:32:15.553384 osdx kernel: app-detect: linked list of disabled dicts: Feb 12 23:32:15.553395 osdx kernel: app-detect: (empty, no dicts) Feb 12 23:32:15.553406 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Feb 12 23:32:15.652827 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack show'. Feb 12 23:32:16.731810 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:57763/10.215.168.66:53 Feb 12 23:32:16.732079 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:57763/10.215.168.66:53 Feb 12 23:32:16.732094 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 12 23:32:16.732105 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Feb 12 23:32:16.732116 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 12 23:32:16.732126 osdx kernel: app-detect: appid 82000007 found in hash dictionary Feb 12 23:32:16.732134 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache Feb 12 23:32:16.831041 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:52172/10.215.168.66:53 Feb 12 23:32:16.831368 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:52172/10.215.168.66:53 Feb 12 23:32:16.831411 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Feb 12 23:32:16.831424 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Feb 12 23:32:16.831435 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 12 23:32:16.831446 osdx kernel: app-detect: appid 8200000f found in hash dictionary Feb 12 23:32:16.831467 osdx kernel: app-detect: add address 192.168.2.10, appids 8200000f to cache Feb 12 23:32:16.952702 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:36863/10.215.168.66:53 Feb 12 23:32:16.953039 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:36863/10.215.168.66:53 Feb 12 23:32:16.953087 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Feb 12 23:32:16.953100 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Feb 12 23:32:16.953108 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 12 23:32:16.953116 osdx kernel: app-detect: appid 82000004 found in hash dictionary Feb 12 23:32:16.953124 osdx kernel: app-detect: add address 192.168.2.20, appids 82000004 to cache Feb 12 23:32:17.053396 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system conntrack show'.
Step 32: Run command system conntrack app-detect show ip-cache at DUT0 and expect this output:
Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s64ms 192.168.2.10 U130:15 28s164ms 192.168.2.20 U130:4 28s284ms
Step 33: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s 192.168.2.10 U130:15 28s100ms 192.168.2.20 U130:4 28s220ms
Step 34: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*U130:15Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s900ms 192.168.2.10 U130:15 28s 192.168.2.20 U130:4 28s120ms
Step 35: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*U130:4Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s836ms 192.168.2.10 U130:15 27s936ms 192.168.2.20 U130:4 28s56ms
Step 36: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage chained set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+RA9Sr7YbL61N0zf7jM1pufM9NnONUkRw= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+8Ah0iYzHS3XJsB3vPbH+UgXB8G8s7iUDtwhFv8tnmjgFJRFgjh8fL set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18cKnFDOEdYdQc51OgKHxmX0QfROr+LIC0= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX19VxT5nU7QBcbMy1Gtwh2wByLsGWsShKo65Cb+X3KX47PpepuLVrq9U set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 37: Run command system conntrack clear at DUT0.
Step 38: Run command system conntrack clear at DUT0.
Step 39: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5245 0 --:--:-- --:--:-- --:--:-- 6166 admin@osdx$
Step 40: Run command system conntrack clear at DUT1.
Step 41: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6421 0 --:--:-- --:--:-- --:--:-- 7400
Step 42: Run command system conntrack clear at DUT1.
Step 43: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5575 0 --:--:-- --:--:-- --:--:-- 6166
Step 44: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[(U130:7;U131:88|U131:88;U130:7);L3:6;L4:80\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=36324 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36324 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=44656 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44656 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=44640 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44640 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=44644 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44644 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=36472 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36472 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=36797 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36797 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 45: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 46: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 47: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 48: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 49: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*(U130:7;U131:88|U131:88;U130:7)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m52s936ms 192.168.2.10 U130:15;U131:25 28s804ms 192.168.2.20 U130:4;U131:92 28s896ms
Step 50: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*(U130:15;U131:25|U131:25;U130:15)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m52s868ms 192.168.2.10 U130:15;U131:25 28s736ms 192.168.2.20 U130:4;U131:92 28s828ms
Step 51: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*(U130:4;U131:92|U131:92;U130:4)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m52s768ms 192.168.2.10 U130:15;U131:25 28s636ms 192.168.2.20 U130:4;U131:92 28s728ms
Step 52: Modify the following configuration lines in DUT0 :
set system alarm DICTERROR1 set system alarm DICTERROR2 set system conntrack app-detect dictionary 1 remote alarm connection-error DICTERROR1 set system conntrack app-detect dictionary 2 remote alarm connection-error DICTERROR2
Step 53: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR1\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 54: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR2\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 55: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+RA9Sr7YbL6wzRWyooPSJVY5DNqx5sY0g= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18cKnFDOEdYdebaGQUIxMSwV1kA0H9sWVI=
Step 56: Run command system conntrack clear at DUT0.
Step 57: Run command system conntrack clear at DUT1.
Step 58: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 59: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+trueShow output
--------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) --------------------------------------------------------------------------------------------- DICTERROR1 true 2026-02-12 23:32:32.836234+00:00 1 68.05 DICTERROR2 true 2026-02-12 23:32:32.836064+00:00 1 68.09
Step 60: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+RA9Sr7YbL61N0zf7jM1pufM9NnONUkRw= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18cKnFDOEdYdQc51OgKHxmX0QfROr+LIC0=
Step 61: Run command system conntrack clear at DUT0.
Step 62: Run command system conntrack clear at DUT1.
Step 63: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6552 0 --:--:-- --:--:-- --:--:-- 7400 admin@osdx$
Step 64: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+falseShow output
----------------------------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) ----------------------------------------------------------------------------------------------------------------- DICTERROR1 false 2026-02-12 23:32:39.335826+00:00 2026-02-12 23:32:32.836234+00:00 2 47.06 DICTERROR2 false 2026-02-12 23:32:39.335497+00:00 2026-02-12 23:32:32.836064+00:00 2 47.07
Remote Application Dictionary run in a VRF
Description
DUT0 configures HTTP detection with a remote application dictionary running in a separate VRF. DUT1 acts as a client behind DUT0. The test verifies that remote dictionary protocol traffic uses the VRF and HTTP connections are classified.
Phase 1: Using the local-vrf option to specify the VRF for the remote dictionary protocol.
Phase 2: Using the local-interface option with an interface assigned to the VRF.
Phase 3: Using the local-address option to source from an address on an interface in the VRF.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth0 vrf MYVRF set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set interfaces ethernet eth1 vrf MYVRF set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+vP1NUqTtCpmuGCNPP9dH0WORkzM7yYPg= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX192KDHniIt9A31tQ5S6N0pSswcrmjS7WGz6GkgOGFlyX8lDydPuJeh8 set system conntrack app-detect dictionary 1 remote local-vrf MYVRF set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 1 remote vrf-mark MYVRF set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX183hc3+9wXpsSavLCztDNgMDf9fDOzQy1c= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18FkRW/j+wscc3pHJSEFEBkfGgj1jaB6vmWKqg7DzRrsFunSpQbu3qw set system conntrack app-detect dictionary 2 remote local-vrf MYVRF set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote vrf-mark MYVRF set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf MYVRF set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 vrf-mark MYVRF set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.467 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.467/0.467/0.467/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=36847 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36847 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=53494 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53494 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=44202 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=44202 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=44210 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=44210 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=54731 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=54731 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=43726 dport=80 vrf=MYVRF packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=43726 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 8: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 22 40 3318 5979 ----------------------------------------------------- Total 22 40 3318 5979
Step 9: Run command system conntrack clear at DUT1.
Step 10: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7592 0 --:--:-- --:--:-- --:--:-- 9250 admin@osdx$
Step 11: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=36847 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36847 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=54753 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54753 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=53494 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53494 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=44202 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=44202 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=44210 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=44210 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=54731 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=54731 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 28 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=43726 dport=80 vrf=MYVRF packets=9 bytes=2114 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=43726 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=43740 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=43740 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 12: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-vrf delete system conntrack app-detect dictionary 2 remote local-vrf set system conntrack app-detect dictionary 1 remote local-interface eth1 set system conntrack app-detect dictionary 2 remote local-interface eth1
Step 13: Run command system conntrack clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 15: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=43752 dport=80 vrf=MYVRF packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=43752 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=54731 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=54731 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=46676 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=46676 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36616 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36616 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36618 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36618 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 5 flow entries have been shown.
Step 16: Run command system conntrack clear at DUT1.
Step 17: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6320 0 --:--:-- --:--:-- --:--:-- 7400 admin@osdx$
Step 18: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 29 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=43752 dport=80 vrf=MYVRF packets=9 bytes=2114 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=43752 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=54731 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=54731 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=46676 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=46676 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36616 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36616 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=44938 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44938 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36618 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36618 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=53842 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=53842 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 19: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-interface delete system conntrack app-detect dictionary 2 remote local-interface set system conntrack app-detect dictionary 1 remote local-address 10.215.168.64 set system conntrack app-detect dictionary 2 remote local-address 10.215.168.64
Step 20: Run command system conntrack clear at DUT0.
Step 21: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 22: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36632 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36632 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=53502 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53502 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=54731 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=54731 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36622 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36622 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=53844 dport=80 vrf=MYVRF packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=53844 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 5 flow entries have been shown.
Step 23: Run command system conntrack clear at DUT1.
Step 24: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5888 0 --:--:-- --:--:-- --:--:-- 6166 admin@osdx$
Step 25: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36632 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36632 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=53848 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=53848 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=53502 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53502 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=54731 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=54731 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=35146 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35146 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=36622 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=36622 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 29 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=53844 dport=80 vrf=MYVRF packets=9 bytes=2114 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=53844 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.