.. _example_system_conntrack_app-detect_app-dictionary:
##############
App-Dictionary
##############
.. sidebar:: Contents
.. contents::
:depth: 2
:local:
These scenarios check the application dictionary support
provided by app-detect feature.
************************************
Local Storage Application Dictionary
************************************
Description
===========
DUT0 configures HTTP and DNS detection. DUT1 acts
as a client behind DUT0 and DUT2 runs a DNS server.
Traffic is first generated without a dictionary and
connections are verified to be classified only by
below-L7 detectors. Then a local dictionary file is
loaded and statistics are checked to be empty. An
HTTP download verifies FQDN match with local dictionary
and performs IP-cache population. A second download
verifies IP-cache match. An SSH connection verifies
static IP address range match. Finally a DNS lookup
and ping verify DNS-host detection with IP-cache
lookup.
Scenario
========
.. include:: app-dictionary/localstorageapplicationdictionary
.. raw:: html
*********************************
CLI Custom Application Dictionary
*********************************
Description
===========
DUT0 configures HTTP detection with a custom
dictionary defined via CLI. DUT1 acts as a client
behind DUT0 and downloads a file via HTTP. The
connection is verified to be classified with the
custom App-ID on the first request through FQDN
match, and on subsequent requests through IP-cache.
Scenario
========
.. include:: app-dictionary/clicustomapplicationdictionary
.. raw:: html
*****************************
Remote Application Dictionary
*****************************
Description
===========
DUT0 configures HTTP detection with a remote
application dictionary served by a categorization
server. DUT1 acts as a client behind DUT0 and DUT2
runs a DNS server. A traffic policy drops
uncategorized traffic until the remote dictionary
classifies it. Traffic belonging to the remote
dictionary protocol is allowed.
Phase 1: HTTP-host detection triggers a remote
dictionary lookup in override mode and the
connection is classified with the remote App-ID.
Phase 2: DNS-host detection is added so
classification happens at DNS resolution time and
populates the IP-cache.
Phase 3: App-detect chained storage mode is enabled
and the full App-ID chain is verified.
Phase 4: An alarm is configured to detect
communication errors with the remote dictionary
server.
Scenario
========
.. include:: app-dictionary/remoteapplicationdictionary
.. raw:: html
******************************************
Remote Application Dictionary run in a VRF
******************************************
Description
===========
DUT0 configures HTTP detection with a remote
application dictionary running in a separate VRF.
DUT1 acts as a client behind DUT0. The test verifies
that remote dictionary protocol traffic uses the VRF
and HTTP connections are classified.
Phase 1: Using the local-vrf option to specify the
VRF for the remote dictionary protocol.
Phase 2: Using the local-interface option with an
interface assigned to the VRF.
Phase 3: Using the local-address option to source
from an address on an interface in the VRF.
Scenario
========
.. include:: app-dictionary/remoteapplicationdictionaryruninavrf
.. raw:: html