Netflow Misc

These scenarios are common Netflow configurations, so these tests are used to verify the Netflow functionality.

Test Netflow With APP-ID Chain Exportation

Description

DUT0 configures app-detect with chained storage mode and enables netflow with app-id exportation. DUT1 acts as a client behind DUT0 and opens a TCP connection. The exported netflow flows in DUT0 are then verified to contain the chained App-ID chain.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.0.0.2/24
set system conntrack app-detect app-id-storage chained
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic selector TCP_SEL rule 1 protocol tcp

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.0.0.1/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 10.0.0.1 from DUT0:

admin@DUT0$ ping 10.0.0.1 count 1 size 56 timeout 1

Show output

PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.359 ms

--- 10.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.359/0.359/0.359/0.000 ms

Step 4: Modify the following configuration lines in DUT0 :

set interfaces ethernet eth0 flow egress selector TCP_SEL
set interfaces ethernet eth0 flow ingress selector TCP_SEL
set system netflow app-id
set system netflow destination 10.0.0.1
set system netflow engine-id 1111

Step 5: Initiate a tcp connection from DUT0 to DUT1 and try to send some messages between both endpoints

admin@DUT1$ monitor test connection server 8080 tcp
admin@DUT0$ monitor test connection client 10.0.0.1 8080 tcp

Step 6: Run command system netflow show flows detailed at DUT0 and check if output matches the following regular expressions:

10.0.0.2:\d+\s+10.0.0.1:\d+\s*\d*\s*\d+[^\[]*\[L3:\d+;L4:8080\]

Show output

------------------------------------------------------------------------------------------
Field       Description
------------------------------------------------------------------------------------------
#           Numeric flow identifier
hash        Hash of the flow
a           Shows if the flow is pending of being exported
iif         Input interface
oif         Output interface
src         Source IP:PORT
dst         Destination IP:PORT
protocol    Protocol identifier
nexthop     Next-hop [Layer 4:Port]
tos         Type of service identificator
tcpflags    TCP flags
options     Optional IP options
tcpoptions  TCP Options (MSS, Window Scaling, Selective Acknowledgements, Timestamps, Nop)
pkts        Packets counter
bytes       Bytes counter
ts_first    Timestamp of fist packet that passed through the flow
ts_last     Timestamp of last packet that passed through the flow


---------------------------------------------------------------------------------------------------------------------------------------------------------
#  hash  a  iif  oif  src             dst             protocol  nexthop                tos  tcpflags  options  tcpoptions  pkts  bytes  ts_first  ts_last
---------------------------------------------------------------------------------------------------------------------------------------------------------
1  e24d  0  2    0    10.0.0.1:8080   10.0.0.2:49444  49444     0.0.0.0[L3:6;L4:8080]  0x0  0x1b      0x0      0xf1000000  11    680    387       29
2  5264  0  0    2    10.0.0.2:49444  10.0.0.1:8080   8080      0.0.0.0[L3:6;L4:8080]  0x0  0x1b      0x0      0xf1000000  12    732    387       29

---