Check Link Hook
This example demonstrates how to process outgoing NHRP traffic in a scenario using one Tunnel with GRE encapsulation.
Test Marks In NHRP Traffic
Description
In this scenario, a traffic policy was configured
to log outgoing NHRP traffic, which is non-IP Layer
3 protocol. The special hook link-out can be
used to process these outgoing frames.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.10/24 set interfaces tunnel tun0 address 10.0.0.1/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.10 set interfaces tunnel tun0 nhrp set interfaces tunnel tun0 traffic policy link-in LOG_NHRP set interfaces tunnel tun0 traffic policy link-out LOG_NHRP set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy LOG_NHRP rule 1 log prefix NHRP__ set traffic policy LOG_NHRP rule 1 selector NHRP_SEL set traffic selector NHRP_SEL rule 1 ether-type 8193
Note
NHRP packets use ethertype 8193 (0x2001).
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.20/24 set interfaces tunnel tun0 address 10.0.0.2/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.20 set interfaces tunnel tun0 nhrp holdtime 5 set interfaces tunnel tun0 nhrp nhs 10.0.0.1 nbma 192.168.100.10 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command protocols ip show nhrp at DUT0 and check if output matches the following regular expressions:
tun0\s+dynamic\s+10\.0\.0\.2Show output
Iface Type Protocol NBMA Claimed NBMA Expires(s) Flags Identity tun0 local 10.0.0.1 192.168.100.10 192.168.100.10 - - tun0 dynamic 10.0.0.2 192.168.100.20 192.168.100.20 5 UT
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
\[NHRP__-1\] ACCEPT IN=tun0 OUT=\w+ \[NHRP__-1\] ACCEPT IN= OUT=tun0Show output
Mar 23 15:26:28.173020 osdx systemd[1]: Started systemd-timedated.service - Time & Date Service. Mar 23 15:26:28.000205 osdx systemd-timedated[872490]: Changed local time to Mon 2026-03-23 15:26:28 UTC Mar 23 15:26:28.002084 osdx OSDxCLI[824268]: User 'admin' executed a new command: 'set date 2026-03-23 15:26:28'. Mar 23 15:26:28.003523 osdx systemd-journald[2086]: Time jumped backwards, rotating. Mar 23 15:26:28.346417 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.9M, max 13.8M, 11.8M free. Mar 23 15:26:28.347525 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 15:26:28.347576 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 15:26:28.356963 osdx OSDxCLI[824268]: User 'admin' executed a new command: 'system journal clear'. Mar 23 15:26:28.610919 osdx OSDxCLI[824268]: User 'admin' executed a new command: 'system coredump delete all'. Mar 23 15:26:28.858859 osdx OSDxCLI[824268]: User 'admin' entered the configuration menu. Mar 23 15:26:28.948665 osdx OSDxCLI[824268]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.10/24'. Mar 23 15:26:29.040391 osdx OSDxCLI[824268]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 traffic policy link-out LOG_NHRP'. Mar 23 15:26:29.136935 osdx OSDxCLI[824268]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 traffic policy link-in LOG_NHRP'. Mar 23 15:26:29.228936 osdx OSDxCLI[824268]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 address 10.0.0.1/32'. Mar 23 15:26:29.280499 osdx OSDxCLI[824268]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 encapsulation gre'. Mar 23 15:26:29.374915 osdx OSDxCLI[824268]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 local-address 192.168.100.10'. Mar 23 15:26:29.427530 osdx OSDxCLI[824268]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 nhrp'. Mar 23 15:26:29.526067 osdx OSDxCLI[824268]: User 'admin' added a new cfg line: 'set traffic policy LOG_NHRP rule 1 log prefix NHRP__'. Mar 23 15:26:29.578789 osdx OSDxCLI[824268]: User 'admin' added a new cfg line: 'set traffic policy LOG_NHRP rule 1 selector NHRP_SEL'. Mar 23 15:26:29.664893 osdx OSDxCLI[824268]: User 'admin' added a new cfg line: 'set traffic selector NHRP_SEL rule 1 ether-type 8193'. Mar 23 15:26:29.734464 osdx OSDxCLI[824268]: User 'admin' added a new cfg line: 'show working'. Mar 23 15:26:29.821590 osdx ubnt-cfgd[872527]: inactive Mar 23 15:26:29.899861 osdx systemd[1]: Reloading frr.service - FRRouting... Mar 23 15:26:29.914365 osdx watchfrr[872331]: [NG1AJ-FP2TQ] Terminating on signal Mar 23 15:26:30.015321 osdx frrinit.sh[872557]: Stopped watchfrr. Mar 23 15:26:30.016300 osdx frrinit.sh[872557]: Starting watchfrr with command: ' /usr/lib/frr/watchfrr -d --min-restart-interval 1 --max-restart-interval 600 --timeout 600 --restart-timeout 600 zebra mgmtd nhrpd staticd'. Mar 23 15:26:30.022296 osdx watchfrr[872575]: [T83RR-8SM5G] watchfrr 10.4.1 starting: vty@0 Mar 23 15:26:30.022341 osdx watchfrr[872575]: [QDG3Y-BY5TN] zebra state -> up : connect succeeded Mar 23 15:26:30.022362 osdx watchfrr[872575]: [QDG3Y-BY5TN] mgmtd state -> up : connect succeeded Mar 23 15:26:30.022396 osdx watchfrr[872575]: [ZCJ3S-SPH5S] nhrpd state -> down : initial connection attempt failed Mar 23 15:26:30.022399 osdx watchfrr[872575]: [QDG3Y-BY5TN] staticd state -> up : connect succeeded Mar 23 15:26:30.022563 osdx watchfrr[872575]: [YFT0P-5Q5YX] Forked background command [pid 872576]: /usr/lib/frr/watchfrr.sh restart nhrpd Mar 23 15:26:30.026202 osdx frrinit.sh[872576]: Cannot stop nhrpd: pid file not found Mar 23 15:26:30.027125 osdx watchfrr.sh[872581]: Cannot stop nhrpd: pid file not found Mar 23 15:26:30.036755 osdx zebra[733918]: [V98V0-MTWPF] client 36 says hello and bids fair to announce only nhrp routes vrf=0 Mar 23 15:26:30.045983 osdx frrinit.sh[872586]: sh: line 1: ipsec: command not found Mar 23 15:26:30.046984 osdx watchfrr[872575]: [QDG3Y-BY5TN] nhrpd state -> up : connect succeeded Mar 23 15:26:30.046992 osdx watchfrr[872575]: [KWE5Q-QNGFC] all daemons up, doing startup-complete notify Mar 23 15:26:30.047409 osdx frrinit.sh[872557]: Started watchfrr. Mar 23 15:26:30.159480 osdx systemd[1]: Reloaded frr.service - FRRouting. Mar 23 15:26:30.195536 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 15:26:30.243756 osdx WARNING[872679]: No supported link modes on interface eth0 Mar 23 15:26:30.245193 osdx modulelauncher[872679]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 15:26:30.245207 osdx modulelauncher[872679]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 15:26:30.246791 osdx modulelauncher[872679]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 15:26:30.246801 osdx modulelauncher[872679]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 15:26:30.271637 osdx (udev-worker)[872707]: Network interface NamePolicy= disabled on kernel command line. Mar 23 15:26:30.503941 osdx cfgd[1828]: [824268]Completed change to active configuration Mar 23 15:26:30.515943 osdx OSDxCLI[824268]: User 'admin' committed the configuration. Mar 23 15:26:30.543996 osdx OSDxCLI[824268]: User 'admin' left the configuration menu. Mar 23 15:26:32.167606 osdx OSDxCLI[824268]: User 'admin' executed a new command: 'protocols ip show nhrp'. Mar 23 15:26:33.036423 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT= MAC=45:00:00:74:a4:8b:40:00:40:2f:4c:60:c0:a8:64:14:c0:a8:64:0a:00:00:20:01 Mar 23 15:26:33.039537 osdx kernel: [NHRP__-1] ACCEPT IN= OUT=tun0 MAC=45:01:00:00:00:00:40:00:40:2f:00:00:c0:a8:64:0a:c0:a8:64:14:00:00:20:01 Mar 23 15:26:33.039572 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT=eth0 MAC=00:01:08:00:00:00:00:00:00:40:00:70:2b:43:00:34:01:04:04:00:04:04:00:02 Mar 23 15:26:34.036900 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT= MAC=45:00:00:74:a4:a2:40:00:40:2f:4c:49:c0:a8:64:14:c0:a8:64:0a:00:00:20:01 Mar 23 15:26:34.039527 osdx kernel: [NHRP__-1] ACCEPT IN= OUT=tun0 MAC=45:01:00:00:00:00:40:00:40:2f:00:00:c0:a8:64:0a:c0:a8:64:14:00:00:20:01 Mar 23 15:26:34.039549 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT=eth0 MAC=00:01:08:00:00:00:00:00:00:40:00:70:2b:42:00:34:01:04:04:00:04:04:00:02 Mar 23 15:26:34.243810 osdx OSDxCLI[824268]: User 'admin' executed a new command: 'protocols ip show nhrp'.
Step 5: Run command traffic policy show at DUT0 and check if output matches the following regular expressions:
1\s+NHRP_SEL\s+\b[^0]\d*Show output
Policy LOG_NHRP -- ifc tun0 -- hook link-in prio very-high --------------------------------------------------------------- rule selector pkts match pkts eval bytes match bytes eval --------------------------------------------------------------- 1 NHRP_SEL 4 4 456 456 --------------------------------------------------------------- Total 4 4 456 456 Policy LOG_NHRP -- ifc tun0 -- hook link-out prio very-high --------------------------------------------------------------- rule selector pkts match pkts eval bytes match bytes eval --------------------------------------------------------------- 1 NHRP_SEL 2 2 272 272 --------------------------------------------------------------- Total 2 2 272 272