App-Dictionary
These scenarios check the application dictionary support provided by app-detect feature.
Local Storage Application Dictionary
Description
DUT0 configures HTTP and DNS detection. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. Traffic is first generated without a dictionary and connections are verified to be classified only by below-L7 detectors. Then a local dictionary file is loaded and statistics are checked to be empty. An HTTP download verifies FQDN match with local dictionary and performs IP-cache population. A second download verifies IP-cache match. An SSH connection verifies static IP address range match. Finally a DNS lookup and ping verify DNS-host detection with IP-cache lookup.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dns-host set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.475 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.475/0.475/0.475/0.000 ms
Step 5: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 11479 0 --:--:-- --:--:-- --:--:-- 12333
Step 6: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.8.5 This system includes free software. Contact Teldat for licenses information and source code. Last login: Fri Mar 20 14:23:32 2026 from 10.0.0.2 admin@osdx$
Step 7: Ping IP address 10.215.168.64 from DUT1:
admin@DUT1$ ping 10.215.168.64 count 1 size 56 timeout 1Show output
PING 10.215.168.64 (10.215.168.64) 56(84) bytes of data. 64 bytes from 10.215.168.64: icmp_seq=1 ttl=64 time=0.569 ms --- 10.215.168.64 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.569/0.569/0.569/0.000 ms
Step 8: Run command system conntrack show at DUT0 and expect this output:
Show output
icmp 1 29 src=192.168.2.101 dst=10.215.168.64 type=8 code=0 id=739 packets=1 bytes=84 src=10.215.168.64 dst=192.168.2.101 type=0 code=0 id=739 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] icmp 1 29 src=192.168.2.101 dst=10.215.168.1 type=8 code=0 id=738 packets=1 bytes=84 src=10.215.168.1 dst=10.215.168.64 type=0 code=0 id=738 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=47052 dport=22 packets=25 bytes=5084 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=47052 packets=22 bytes=4944 [ASSURED] mark=0 use=1 appdetect[L4:22] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49154 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49154 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 4 flow entries have been shown.
Step 9: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 22.6M 0 --:--:-- --:--:-- --:--:-- 32.5M
Note
The dictionary file contains the following test entries used in this scenario:
Show output
<app id="30" name="Teldat Test" version="1"> <fqdn_list> <fqdn>10.215.168.1</fqdn> </fqdn_list> </app> <app id="31" name="Teldat Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.64</net_address> <net_mask>255.255.255.192</net_mask> </range> </address_list> </app>
Step 10: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://user-data/test_dict.gz' set system conntrack app-detect enable_dict_match_priv_ip
Step 11: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 12: Run command system conntrack clear at DUT0.
Step 13: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 24104 0 --:--:-- --:--:-- --:--:-- 37000
Step 14: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U128:30\shttp-host:10.215.168.1\]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49176 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49176 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 1398 0 --:--:-- --:--:-- --:--:-- 1423
Step 17: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 18: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.8.5 This system includes free software. Contact Teldat for licenses information and source code. Last login: Fri Mar 20 14:26:12 2026 from 10.215.168.64 admin@osdx$
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
src=10.215.168.64\sdst=10.215.168.66.*appdetect\[U128:31]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=47058 dport=22 packets=24 bytes=5032 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=47058 packets=22 bytes=4936 [ASSURED] mark=0 use=1 appdetect[U128:31] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49176 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49176 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49184 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49184 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 1 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Ping IP address static.opentok.com from DUT1:
admin@DUT1$ ping static.opentok.com count 1 size 56 timeout 1Show output
PING static.opentok.com (192.168.2.100) 56(84) bytes of data. 64 bytes from static.opentok.com (192.168.2.100): icmp_seq=1 ttl=64 time=0.483 ms --- static.opentok.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.483/0.483/0.483/0.000 ms
Step 22: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=49382 dport=53 packets=1 bytes=72 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=49382 packets=1 bytes=104 mark=0 use=1 appdetect[U128:31] icmp 1 29 src=192.168.2.101 dst=192.168.2.100 type=8 code=0 id=740 packets=1 bytes=84 src=192.168.2.100 dst=192.168.2.101 type=0 code=0 id=740 packets=1 bytes=84 mark=0 use=1 appdetect[U128:12] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=47768 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47768 packets=1 bytes=64 mark=0 use=1 appdetect[U128:31] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=47058 dport=22 packets=24 bytes=5032 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=47058 packets=22 bytes=4936 [ASSURED] mark=0 use=1 appdetect[U128:31] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49176 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49176 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49184 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49184 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=48074 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48074 packets=1 bytes=80 mark=0 use=1 appdetect[U128:31 dns-host:static.opentok.com] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 23: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 4 Matches in IP-cache 2 Modifications in IP-cache 2 Matches in dynamic dictionaries 3 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
CLI Custom Application Dictionary
Description
DUT0 configures HTTP detection with a custom dictionary defined via CLI. DUT1 acts as a client behind DUT0 and downloads a file via HTTP. The connection is verified to be classified with the custom App-ID on the first request through FQDN match, and on subsequent requests through IP-cache.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dictionary 1 custom app-id 42 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 1 custom app-id 42 name 'Teldat Test' set system conntrack app-detect dictionary 2 custom app-id 43 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 2 custom app-id 43 name 'Teldat Test' set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.401 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.401/0.401/0.401/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 7: Run command system conntrack clear at DUT0.
Step 8: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7497 0 --:--:-- --:--:-- --:--:-- 9250
Step 9: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U6:42\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=44668 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44668 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=41036 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=41036 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U6:42 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=41835 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41835 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 10: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 11: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5514 0 --:--:-- --:--:-- --:--:-- 6166
Step 12: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Remote Application Dictionary
Description
DUT0 configures HTTP detection with a remote application dictionary served by a categorization server. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. A traffic policy drops uncategorized traffic until the remote dictionary classifies it. Traffic belonging to the remote dictionary protocol is allowed.
Phase 1: HTTP-host detection triggers a remote dictionary lookup in override mode and the connection is classified with the remote App-ID.
Phase 2: DNS-host detection is added so classification happens at DNS resolution time and populates the IP-cache.
Phase 3: App-detect chained storage mode is enabled and the full App-ID chain is verified.
Phase 4: An alarm is configured to detect communication errors with the remote dictionary server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/SIJQ0AFp8A9Bz4Lco8+oAAwc9M3dbLG8= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+BxmQ/o8wX8Q29VivzNUoZypPqoZ9cgfbaEU4p5lE0f7jlbQx/JbSP set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+Fjavt2UIMFyVpXj0NfnjvkedZaGOHgPE= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/3tNg6YOyam/DOt2r63DgFY90Xz3PqVSqzCIxXL3EtQGIGKkdAA2JZ set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=1.01 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.011/1.011/1.011/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Mar 20 14:27:42.000075 osdx systemd[1]: Started systemd-timedated.service - Time & Date Service. Mar 20 14:27:42.000319 osdx systemd-timedated[741732]: Changed local time to Fri 2026-03-20 14:27:42 UTC Mar 20 14:27:42.002302 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'set date 2026-03-20 14:27:42'. Mar 20 14:27:42.002835 osdx systemd-journald[685976]: Time jumped backwards, rotating. Mar 20 14:27:42.337485 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.8M free. Mar 20 14:27:42.338835 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:27:42.338925 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:27:42.352084 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:27:42.657152 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:27:42.980575 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:27:43.063384 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.2.100/24'. Mar 20 14:27:43.190718 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 20 14:27:43.254878 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic nat source rule 1 address masquerade'. Mar 20 14:27:43.368369 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out POL'. Mar 20 14:27:43.444106 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'. Mar 20 14:27:43.566941 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'. Mar 20 14:27:43.635762 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'. Mar 20 14:27:43.743203 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'. Mar 20 14:27:43.826539 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'. Mar 20 14:27:43.935358 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'. Mar 20 14:27:43.994925 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'. Mar 20 14:27:44.115591 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'. Mar 20 14:27:44.190795 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'. Mar 20 14:27:44.306617 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'. Mar 20 14:27:44.380216 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'. Mar 20 14:27:44.499010 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'. Mar 20 14:27:44.567076 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'. Mar 20 14:27:44.665140 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'. Mar 20 14:27:44.734436 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'. Mar 20 14:27:44.842774 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'. Mar 20 14:27:44.918525 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'. Mar 20 14:27:45.008736 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'. Mar 20 14:27:45.061090 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 20 14:27:45.191709 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'. Mar 20 14:27:45.245618 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Mar 20 14:27:45.356633 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'. Mar 20 14:27:45.457699 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:27:45.563423 osdx ubnt-cfgd[741793]: inactive Mar 20 14:27:45.635064 osdx INFO[741831]: FRR daemons did not change Mar 20 14:27:45.806841 osdx kernel: nfUDPlink: module init Mar 20 14:27:45.806911 osdx kernel: app-detect: module init Mar 20 14:27:45.806921 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 20 14:27:45.806930 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 20 14:27:45.806938 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 20 14:27:45.806954 osdx kernel: app-detect: expression init Mar 20 14:27:45.806968 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 20 14:27:45.806976 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 20 14:27:45.822853 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Mar 20 14:27:45.822936 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:45.823070 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:27:45.823093 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:45.823110 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Mar 20 14:27:45.823128 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Mar 20 14:27:45.823147 osdx kernel: app-detect: set type of dict _remote_ to remote Mar 20 14:27:45.823175 osdx kernel: app-detect: user set num_hash_entries=40000 Mar 20 14:27:45.823188 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Mar 20 14:27:45.823206 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Mar 20 14:27:45.823224 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Mar 20 14:27:45.823242 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Mar 20 14:27:45.823259 osdx kernel: app-detect: enable remote dictionary _remote_ Mar 20 14:27:45.823277 osdx kernel: app-detect: dictionary _remote_ enabled Mar 20 14:27:45.823293 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:45.823303 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 20 14:27:45.823314 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:45.823323 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:27:45.823335 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Mar 20 14:27:45.823349 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:45.823359 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 20 14:27:45.823371 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:45.823381 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Mar 20 14:27:45.823392 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Mar 20 14:27:45.823402 osdx kernel: app-detect: set type of dict _remote_ to remote Mar 20 14:27:45.823411 osdx kernel: app-detect: user set num_hash_entries=40000 Mar 20 14:27:45.823422 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Mar 20 14:27:45.823431 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Mar 20 14:27:45.823438 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Mar 20 14:27:45.823446 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Mar 20 14:27:45.823454 osdx kernel: app-detect: enable remote dictionary _remote_ Mar 20 14:27:45.823461 osdx kernel: app-detect: dictionary _remote_ enabled Mar 20 14:27:45.823471 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:45.823478 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 20 14:27:45.823486 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 20 14:27:45.823494 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:45.823501 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:27:45.834556 osdx INFO[741868]: Updated /etc/default/osdx_tcatd.conf Mar 20 14:27:45.834593 osdx INFO[741868]: Restarting Traffic Categorization (TCATD) service ... Mar 20 14:27:45.855281 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Mar 20 14:27:46.188057 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Mar 20 14:27:46.189809 osdx osdx-tcatd[741872]: Dict_client. rdict_num 2 mark 5555 local-vrf Mar 20 14:27:46.189926 osdx osdx-tcatd[741872]: Dict_client. ERROR (dict 2) 7 (Couldn't connect to server): Unable to connect to server Mar 20 14:27:46.190031 osdx osdx-tcatd[741872]: Dict_client. rdict_num 1 mark 5555 local-vrf Mar 20 14:27:46.190083 osdx osdx-tcatd[741872]: Dict_client. ERROR (dict 1) 7 (Couldn't connect to server): Unable to connect to server Mar 20 14:27:46.222854 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 20 14:27:46.265597 osdx WARNING[741962]: No supported link modes on interface eth1 Mar 20 14:27:46.266960 osdx modulelauncher[741962]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Mar 20 14:27:46.266975 osdx modulelauncher[741962]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Mar 20 14:27:46.268067 osdx modulelauncher[741962]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:27:46.268076 osdx modulelauncher[741962]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:27:46.302846 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:27:46.342725 osdx WARNING[742042]: No supported link modes on interface eth0 Mar 20 14:27:46.344130 osdx modulelauncher[742042]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:27:46.344140 osdx modulelauncher[742042]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:27:46.345319 osdx modulelauncher[742042]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:27:46.345329 osdx modulelauncher[742042]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:27:46.570463 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:27:46.581718 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:27:46.633022 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:27:49.367290 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system conntrack clear'. Mar 20 14:27:49.554972 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:33996/10.215.168.1:80 Mar 20 14:27:49.555042 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:33996/10.215.168.1:80 Mar 20 14:27:49.555061 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Mar 20 14:27:49.555079 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 20 14:27:49.555090 osdx kernel: app-detect: search in dict _remote_, prio 2 Mar 20 14:27:49.555008 osdx osdx-tcatd[741872]: UDP_Server. Read 27 bytes Mar 20 14:27:49.555012 osdx osdx-tcatd[741872]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Mar 20 14:27:49.555031 osdx osdx-tcatd[741872]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Mar 20 14:27:49.555042 osdx osdx-tcatd[741872]: UDP_Server. Read 27 bytes Mar 20 14:27:49.555044 osdx osdx-tcatd[741872]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Mar 20 14:27:49.555057 osdx osdx-tcatd[741872]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Mar 20 14:27:49.592233 osdx osdx-tcatd[741872]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Mar 20 14:27:49.592258 osdx osdx-tcatd[741872]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Mar 20 14:27:49.592352 osdx osdx-tcatd[741872]: UDP_Server. Sent 38 bytes Mar 20 14:27:49.593024 osdx osdx-tcatd[741872]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Mar 20 14:27:49.593034 osdx osdx-tcatd[741872]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Mar 20 14:27:49.593102 osdx osdx-tcatd[741872]: UDP_Server. Sent 38 bytes Mar 20 14:27:49.594851 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Mar 20 14:27:49.594882 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:49.594895 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 20 14:27:49.594907 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Mar 20 14:27:49.594919 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:49.594931 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:27:49.594949 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Mar 20 14:27:49.594962 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Mar 20 14:27:49.594974 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:49.594986 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 20 14:27:49.594998 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 20 14:27:49.595009 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:49.595021 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:27:49.595032 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Step 8: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443Show output
udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=59885 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=59885 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49856 dport=443 packets=12 bytes=1723 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49856 packets=10 bytes=3531 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=33996 dport=80 packets=9 bytes=1841 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=33996 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=54167 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54167 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49858 dport=443 packets=12 bytes=1723 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49858 packets=10 bytes=4271 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=33657 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=33657 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 9: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 24 42 3446 6139 ----------------------------------------------------- Total 24 42 3446 6139
Step 10: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dport=80.*packets=[1-9].*appdetect\[L4:80\shttp-host:enterprise.opentok.com\]Show output
udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=59885 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=59885 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49856 dport=443 packets=12 bytes=1723 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49856 packets=10 bytes=3531 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=33996 dport=80 packets=9 bytes=1841 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=33996 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=54167 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54167 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49858 dport=443 packets=12 bytes=1723 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49858 packets=10 bytes=4271 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=33657 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=33657 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 11: Run command system conntrack clear at DUT1.
Step 12: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6309 0 --:--:-- --:--:-- --:--:-- 7400 admin@osdx$
Step 13: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=59885 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=59885 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49856 dport=443 packets=12 bytes=1723 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49856 packets=10 bytes=3531 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 28 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=33996 dport=80 packets=11 bytes=2218 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=33996 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=54167 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54167 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49858 dport=443 packets=12 bytes=1723 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49858 packets=10 bytes=4271 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=34441 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34441 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=34012 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=34012 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=33657 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=33657 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 14: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 4m57s892ms
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command system conntrack clear at DUT0.
Step 17: Run command system conntrack clear at DUT1.
Step 18: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7062 0 --:--:-- --:--:-- --:--:-- 7400
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=57426 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57426 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=34022 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=34022 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage override set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1808gH0WBWoLQQwlK0ScxcPKL2mJko1/lA= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18vK6vb2CST9ECqD5RLpH6WsDyFvkDl5EBeLtzmoMTcIkqnSXRkafaN set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+UG1gkJLERRcxrd7eAPNGSimEXUGvIHFs= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/18bnvMkGOHeqic6SwKSgSW5ro8hisyAIWN0MeKeBg0lkEcPnHXQIj set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 22: Run command system conntrack clear at DUT0.
Step 23: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 24: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 25: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 26: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=127.0.0.1 dst=127.0.0.1 sport=59885 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=59885 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=45849 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45849 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=52549 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=52549 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=35736 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35736 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=40214 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40214 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=35060 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35060 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=52678 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=52678 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=38349 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38349 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=35748 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35748 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 27: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 28: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 29: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 30: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=46920 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=46920 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=59885 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=59885 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=47531 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47531 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=45849 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45849 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=52549 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=52549 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=35736 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35736 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=36947 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36947 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=55606 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55606 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=40214 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40214 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=35060 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35060 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=52678 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=52678 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=57197 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57197 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=44609 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44609 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=38349 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38349 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=35748 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35748 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 15 flow entries have been shown.
Step 31: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Mar 20 14:27:58.142968 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Mar 20 14:27:58.142976 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:58.142983 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 20 14:27:58.142991 osdx kernel: app-detect: freed hash table Mar 20 14:27:58.142999 osdx kernel: app-detect: freed memory for hashes+appids Mar 20 14:27:58.143008 osdx kernel: app-detect: dictionary _remote_ deleted Mar 20 14:27:58.143015 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:58.143022 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Mar 20 14:27:58.143030 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:58.143037 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:27:58.143045 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Mar 20 14:27:58.143055 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:58.143063 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Mar 20 14:27:58.143071 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:58.143078 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Mar 20 14:27:58.143086 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Mar 20 14:27:58.143093 osdx kernel: app-detect: set type of dict _remote_ to remote Mar 20 14:27:58.143101 osdx kernel: app-detect: user set num_hash_entries=40000 Mar 20 14:27:58.143110 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Mar 20 14:27:58.143118 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Mar 20 14:27:58.143126 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Mar 20 14:27:58.143133 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Mar 20 14:27:58.143141 osdx kernel: app-detect: enable remote dictionary _remote_ Mar 20 14:27:58.143148 osdx kernel: app-detect: dictionary _remote_ enabled Mar 20 14:27:58.143156 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:58.143163 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 20 14:27:58.143173 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Mar 20 14:27:58.143183 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:58.143190 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:27:58.166878 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Mar 20 14:27:58.166934 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:58.166952 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 20 14:27:58.166963 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 20 14:27:58.166973 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:58.166981 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:27:58.166997 osdx kernel: app-detect: dictionary _remote_ disabled Mar 20 14:27:58.167005 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:58.167013 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 20 14:27:58.167020 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:58.167032 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote (target_dict) Mar 20 14:27:58.167041 osdx kernel: app-detect: freed hash table Mar 20 14:27:58.167051 osdx kernel: app-detect: freed memory for hashes+appids Mar 20 14:27:58.167059 osdx kernel: app-detect: dictionary _remote_ deleted Mar 20 14:27:58.167068 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:58.167076 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 20 14:27:58.167084 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:58.167091 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:27:58.167098 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Mar 20 14:27:58.167106 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:58.167113 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 20 14:27:58.167121 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:58.167128 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Mar 20 14:27:58.167136 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Mar 20 14:27:58.167143 osdx kernel: app-detect: set type of dict _remote_ to remote Mar 20 14:27:58.167151 osdx kernel: app-detect: user set num_hash_entries=40000 Mar 20 14:27:58.167159 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Mar 20 14:27:58.167167 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Mar 20 14:27:58.167183 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Mar 20 14:27:58.167192 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Mar 20 14:27:58.167200 osdx kernel: app-detect: enable remote dictionary _remote_ Mar 20 14:27:58.167208 osdx kernel: app-detect: dictionary _remote_ enabled Mar 20 14:27:58.167216 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:27:58.167223 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 20 14:27:58.167230 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 20 14:27:58.167237 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:27:58.167247 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:27:58.217128 osdx INFO[742291]: Updated /etc/default/osdx_tcatd.conf Mar 20 14:27:58.217175 osdx INFO[742291]: Restarting Traffic Categorization (TCATD) service ... Mar 20 14:27:58.225611 osdx osdx-tcatd[741872]: UDP_Server. Received STOP signal. Cleanup Mar 20 14:27:58.225656 osdx osdx-tcatd[741872]: Dict_client. Cleanup Mar 20 14:27:58.225644 osdx systemd[1]: Stopping osdx-tcatd.service - App-Detect Traffic Categorization daemon... Mar 20 14:27:58.228249 osdx systemd[1]: osdx-tcatd.service: Deactivated successfully. Mar 20 14:27:58.228533 osdx systemd[1]: Stopped osdx-tcatd.service - App-Detect Traffic Categorization daemon. Mar 20 14:27:58.239404 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Mar 20 14:27:58.566981 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Mar 20 14:27:58.568309 osdx osdx-tcatd[742295]: Dict_client. rdict_num 2 mark 5555 local-vrf Mar 20 14:27:58.577566 osdx osdx-tcatd[742295]: Dict_client. rdict_num 1 mark 5555 local-vrf Mar 20 14:27:58.771949 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:27:58.774056 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:27:58.804055 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:27:58.945218 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system conntrack clear'. Mar 20 14:28:01.017935 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:52678/10.215.168.66:53 Mar 20 14:28:01.018170 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:52678/10.215.168.66:53 Mar 20 14:28:01.018191 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Mar 20 14:28:01.018202 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Mar 20 14:28:01.018213 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 20 14:28:01.018223 osdx kernel: app-detect: search in dict _remote_, prio 2 Mar 20 14:28:01.018271 osdx osdx-tcatd[742295]: UDP_Server. Read 27 bytes Mar 20 14:28:01.018281 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Mar 20 14:28:01.018304 osdx osdx-tcatd[742295]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Mar 20 14:28:01.018314 osdx osdx-tcatd[742295]: UDP_Server. Read 27 bytes Mar 20 14:28:01.018316 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Mar 20 14:28:01.018322 osdx osdx-tcatd[742295]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Mar 20 14:28:01.019281 osdx osdx-tcatd[742295]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Mar 20 14:28:01.019300 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Mar 20 14:28:01.019340 osdx osdx-tcatd[742295]: UDP_Server. Sent 38 bytes Mar 20 14:28:01.019553 osdx osdx-tcatd[742295]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Mar 20 14:28:01.019564 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Mar 20 14:28:01.019595 osdx osdx-tcatd[742295]: UDP_Server. Sent 38 bytes Mar 20 14:28:01.022832 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Mar 20 14:28:01.022866 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:28:01.022875 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 20 14:28:01.022883 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Mar 20 14:28:01.022895 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:28:01.022903 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:28:01.022910 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Mar 20 14:28:01.022919 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Mar 20 14:28:01.022926 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:28:01.022934 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 20 14:28:01.022947 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 20 14:28:01.022955 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:28:01.022962 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:28:01.022969 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Mar 20 14:28:01.114361 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:40214/10.215.168.66:53 Mar 20 14:28:01.114723 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:40214/10.215.168.66:53 Mar 20 14:28:01.114771 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Mar 20 14:28:01.114787 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Mar 20 14:28:01.114799 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 20 14:28:01.114816 osdx kernel: app-detect: search in dict _remote_, prio 2 Mar 20 14:28:01.114728 osdx osdx-tcatd[742295]: UDP_Server. Read 27 bytes Mar 20 14:28:01.114733 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.gamblingteldat.com Mar 20 14:28:01.114754 osdx osdx-tcatd[742295]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Mar 20 14:28:01.114767 osdx osdx-tcatd[742295]: UDP_Server. Read 27 bytes Mar 20 14:28:01.114769 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.gamblingteldat.com Mar 20 14:28:01.114777 osdx osdx-tcatd[742295]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Mar 20 14:28:01.116068 osdx osdx-tcatd[742295]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Mar 20 14:28:01.116084 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.gamblingteldat.com TTL 172800 AppID:8200000F Mar 20 14:28:01.116379 osdx osdx-tcatd[742295]: UDP_Server. Sent 38 bytes Mar 20 14:28:01.116786 osdx osdx-tcatd[742295]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Mar 20 14:28:01.116799 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.gamblingteldat.com TTL 172800 AppID:83000019 Mar 20 14:28:01.116973 osdx osdx-tcatd[742295]: UDP_Server. Sent 38 bytes Mar 20 14:28:01.118844 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Mar 20 14:28:01.118878 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:28:01.118897 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 20 14:28:01.118908 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Mar 20 14:28:01.118920 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:28:01.118932 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:28:01.118952 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Mar 20 14:28:01.118966 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Mar 20 14:28:01.118978 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:28:01.118989 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 20 14:28:01.119000 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 20 14:28:01.119012 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:28:01.119024 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:28:01.119035 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Mar 20 14:28:01.229856 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:35060/10.215.168.66:53 Mar 20 14:28:01.230155 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:35060/10.215.168.66:53 Mar 20 14:28:01.230173 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Mar 20 14:28:01.230197 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Mar 20 14:28:01.230208 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 20 14:28:01.230219 osdx kernel: app-detect: search in dict _remote_, prio 2 Mar 20 14:28:01.230237 osdx osdx-tcatd[742295]: UDP_Server. Read 28 bytes Mar 20 14:28:01.230243 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.newspaperteldat.com Mar 20 14:28:01.230270 osdx osdx-tcatd[742295]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Mar 20 14:28:01.230297 osdx osdx-tcatd[742295]: UDP_Server. Read 28 bytes Mar 20 14:28:01.230300 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.newspaperteldat.com Mar 20 14:28:01.230309 osdx osdx-tcatd[742295]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Mar 20 14:28:01.231285 osdx osdx-tcatd[742295]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} Mar 20 14:28:01.231298 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.newspaperteldat.com TTL 172800 AppID:82000004 Mar 20 14:28:01.231346 osdx osdx-tcatd[742295]: UDP_Server. Sent 39 bytes Mar 20 14:28:01.231501 osdx osdx-tcatd[742295]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} Mar 20 14:28:01.231511 osdx osdx-tcatd[742295]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.newspaperteldat.com TTL 172800 AppID:8300005C Mar 20 14:28:01.231570 osdx osdx-tcatd[742295]: UDP_Server. Sent 39 bytes Mar 20 14:28:01.234868 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Mar 20 14:28:01.234916 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:28:01.234933 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 20 14:28:01.234942 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Mar 20 14:28:01.234960 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:28:01.234970 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:28:01.234977 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Mar 20 14:28:01.234988 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Mar 20 14:28:01.234999 osdx kernel: app-detect: linked list of enabled dicts: Mar 20 14:28:01.235007 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 20 14:28:01.235015 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 20 14:28:01.235023 osdx kernel: app-detect: linked list of disabled dicts: Mar 20 14:28:01.235030 osdx kernel: app-detect: (empty, no dicts) Mar 20 14:28:01.235037 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Mar 20 14:28:01.341988 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system conntrack show'. Mar 20 14:28:02.425515 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:44609/10.215.168.66:53 Mar 20 14:28:02.425803 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:44609/10.215.168.66:53 Mar 20 14:28:02.425847 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Mar 20 14:28:02.425862 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Mar 20 14:28:02.425873 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 20 14:28:02.425884 osdx kernel: app-detect: appid 82000007 found in hash dictionary Mar 20 14:28:02.425894 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache Mar 20 14:28:02.531026 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:57197/10.215.168.66:53 Mar 20 14:28:02.531308 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:57197/10.215.168.66:53 Mar 20 14:28:02.531350 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Mar 20 14:28:02.531364 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Mar 20 14:28:02.531376 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 20 14:28:02.531387 osdx kernel: app-detect: appid 8200000f found in hash dictionary Mar 20 14:28:02.531399 osdx kernel: app-detect: add address 192.168.2.10, appids 8200000f to cache Mar 20 14:28:02.628130 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:36947/10.215.168.66:53 Mar 20 14:28:02.628460 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:36947/10.215.168.66:53 Mar 20 14:28:02.628490 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Mar 20 14:28:02.628503 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Mar 20 14:28:02.628515 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 20 14:28:02.628527 osdx kernel: app-detect: appid 82000004 found in hash dictionary Mar 20 14:28:02.628549 osdx kernel: app-detect: add address 192.168.2.20, appids 82000004 to cache Mar 20 14:28:02.767018 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system conntrack show'.
Step 32: Run command system conntrack app-detect show ip-cache at DUT0 and expect this output:
Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s156ms 192.168.2.10 U130:15 28s264ms 192.168.2.20 U130:4 28s360ms
Step 33: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s92ms 192.168.2.10 U130:15 28s200ms 192.168.2.20 U130:4 28s296ms
Step 34: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*U130:15Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s976ms 192.168.2.10 U130:15 28s84ms 192.168.2.20 U130:4 28s180ms
Step 35: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*U130:4Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s880ms 192.168.2.10 U130:15 27s988ms 192.168.2.20 U130:4 28s84ms
Step 36: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage chained set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/sPl3cOqHii+l0mbEWKbUWElBwJf3/TJk= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18d9FVVcJbYwkXV/6B3D4K41csfMYXWOvhEnmqGtRzvCPUlX5V0A9ZO set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/UMCMl5ksEyNgNQCiRLXsj5zVk6hwFXTc= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+kf9tbkjlaLZ00+i6vDrJAXXWBWu8Z3xc22fjfcL8mWuzGAWZcyx32 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 37: Run command system conntrack clear at DUT0.
Step 38: Run command system conntrack clear at DUT0.
Step 39: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 40: Run command system conntrack clear at DUT1.
Step 41: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7156 0 --:--:-- --:--:-- --:--:-- 7400
Step 42: Run command system conntrack clear at DUT1.
Step 43: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 4981 0 --:--:-- --:--:-- --:--:-- 5285
Step 44: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[(U130:7;U131:88|U131:88;U130:7);L3:6;L4:80\shttp-host:enterprise.opentok.com\]Show output
udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=59885 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=59885 packets=2 bytes=132 mark=0 use=1 appdetect[L3:17;L4:49000] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=44074 dport=80 packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44074 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:80 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59255 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59255 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=38518 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38518 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45760 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45760 packets=2 bytes=623 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45752 dport=443 packets=3 bytes=480 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45752 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=44092 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44092 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=44076 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44076 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=43671 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=43671 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 45: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 46: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 47: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 48: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 49: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*(U130:7;U131:88|U131:88;U130:7)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m55s72ms 192.168.2.10 U130:15;U131:25 28s816ms 192.168.2.20 U130:4;U131:92 28s912ms
Step 50: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*(U130:15;U131:25|U131:25;U130:15)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m54s980ms 192.168.2.10 U130:15;U131:25 28s724ms 192.168.2.20 U130:4;U131:92 28s820ms
Step 51: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*(U130:4;U131:92|U131:92;U130:4)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m54s888ms 192.168.2.10 U130:15;U131:25 28s632ms 192.168.2.20 U130:4;U131:92 28s728ms
Step 52: Modify the following configuration lines in DUT0 :
set system alarm DICTERROR1 set system alarm DICTERROR2 set system conntrack app-detect dictionary 1 remote alarm connection-error DICTERROR1 set system conntrack app-detect dictionary 2 remote alarm connection-error DICTERROR2
Step 53: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR1\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 54: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR2\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 55: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/D2KGInMuDIvgfiZ8LaIWBAsoU5v0XSLE= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/rPu0Ghd8ZIvF7hA6PNmtezk2fwJmWMZY=
Step 56: Run command system conntrack clear at DUT0.
Step 57: Run command system conntrack clear at DUT1.
Step 58: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 59: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+trueShow output
--------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) --------------------------------------------------------------------------------------------- DICTERROR1 true 2026-03-20 14:28:19.295465+00:00 1 68.42 DICTERROR2 true 2026-03-20 14:28:19.295568+00:00 1 68.46
Step 60: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX192PL0YrCl9fMMqjO99OfRGmMZ4XwkAaYg= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/IX0Gp72r0ZBwHa2ojO8yQxZRHKq8ot/E=
Step 61: Run command system conntrack clear at DUT0.
Step 62: Run command system conntrack clear at DUT1.
Step 63: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 64: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+falseShow output
----------------------------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) ----------------------------------------------------------------------------------------------------------------- DICTERROR1 false 2026-03-20 14:28:25.827739+00:00 2026-03-20 14:28:19.295465+00:00 2 47.06 DICTERROR2 false 2026-03-20 14:28:25.827613+00:00 2026-03-20 14:28:19.295568+00:00 2 47.07
Remote Application Dictionary run in a VRF
Description
DUT0 configures HTTP detection with a remote application dictionary running in a separate VRF. DUT1 acts as a client behind DUT0. The test verifies that remote dictionary protocol traffic uses the VRF and HTTP connections are classified.
Phase 1: Using the local-vrf option to specify the VRF for the remote dictionary protocol.
Phase 2: Using the local-interface option with an interface assigned to the VRF.
Phase 3: Using the local-address option to source from an address on an interface in the VRF.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth0 vrf MYVRF set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set interfaces ethernet eth1 vrf MYVRF set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19ZFo69FsyN86ri6CQCktYIUOWWCHu/O9g= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+jM795g7tSTLfv7uCYttyk6m9z849UrQ7JIQU0pS0NgytcMO3518BZ set system conntrack app-detect dictionary 1 remote local-vrf MYVRF set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 1 remote vrf-mark MYVRF set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19AWJNJAu0OJ46Aq99ExHaAss/eQquHQPA= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/pDh+8G8+Fa7WWU5xZjPtDtPOfq0MNGc2zurtsYDiFjXHR+vq5FTor set system conntrack app-detect dictionary 2 remote local-vrf MYVRF set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote vrf-mark MYVRF set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf MYVRF set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 vrf-mark MYVRF set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.585 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.585/0.585/0.585/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=37922 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=37922 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=44302 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44302 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=40842 dport=80 vrf=MYVRF packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40842 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=37434 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37434 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=37938 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=37938 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=58396 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=58396 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 8: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 22 39 3318 5939 ----------------------------------------------------- Total 22 39 3318 5939
Step 9: Run command system conntrack clear at DUT1.
Step 10: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5464 0 --:--:-- --:--:-- --:--:-- 6166 admin@osdx$
Step 11: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=37922 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=37922 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=44302 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44302 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 28 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=40842 dport=80 vrf=MYVRF packets=9 bytes=2114 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40842 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=37434 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37434 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=35240 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35240 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=37938 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=37938 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=58396 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=58396 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=40852 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40852 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 12: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-vrf delete system conntrack app-detect dictionary 2 remote local-vrf set system conntrack app-detect dictionary 1 remote local-interface eth1 set system conntrack app-detect dictionary 2 remote local-interface eth1
Step 13: Run command system conntrack clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 15: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=51906 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51906 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=42124 dport=443 vrf=MYVRF packets=3 bytes=480 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=42124 vrf=MYVRF packets=2 bytes=623 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=42116 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=42116 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=56588 dport=80 vrf=MYVRF packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=56588 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=58396 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=58396 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] conntrack v1.4.7 (conntrack-tools): 5 flow entries have been shown.
Step 16: Run command system conntrack clear at DUT1.
Step 17: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 8352 0 --:--:-- --:--:-- --:--:-- 9250 admin@osdx$
Step 18: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=51906 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51906 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=42124 dport=443 vrf=MYVRF packets=3 bytes=480 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=42124 vrf=MYVRF packets=2 bytes=623 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=36965 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36965 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=56602 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=56602 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=42116 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=42116 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 29 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=56588 dport=80 vrf=MYVRF packets=9 bytes=2114 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=56588 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=58396 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=58396 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 19: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-interface delete system conntrack app-detect dictionary 2 remote local-interface set system conntrack app-detect dictionary 1 remote local-address 10.215.168.64 set system conntrack app-detect dictionary 2 remote local-address 10.215.168.64
Step 20: Run command system conntrack clear at DUT0.
Step 21: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 22: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=42144 dport=443 vrf=MYVRF packets=3 bytes=480 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=42144 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=56612 dport=80 vrf=MYVRF packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=56612 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=47371 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47371 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=58396 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=58396 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=42138 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=42138 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 5 flow entries have been shown.
Step 23: Run command system conntrack clear at DUT1.
Step 24: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 8751 0 --:--:-- --:--:-- --:--:-- 9250 admin@osdx$
Step 25: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=42144 dport=443 vrf=MYVRF packets=3 bytes=480 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=42144 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 29 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=56612 dport=80 vrf=MYVRF packets=9 bytes=2114 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=56612 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=37915 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37915 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=56614 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=56614 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=47371 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47371 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=58396 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=58396 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=42138 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=42138 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.